From aca25db85da76eb7edec95eb9660a467a6fc49a9 Mon Sep 17 00:00:00 2001
From: Michael <mgukov@inbox.ru>
Date: Tue, 11 Dec 2018 12:38:41 +0500
Subject: [PATCH 01/92] Python 3

---
 .gitignore            |  2 ++
 gitosis/access.py     |  2 +-
 gitosis/app.py        | 14 +++++++-------
 gitosis/gitdaemon.py  |  6 +++---
 gitosis/gitweb.py     |  6 +++---
 gitosis/group.py      |  2 +-
 gitosis/init.py       | 12 ++++++------
 gitosis/repository.py |  4 ++--
 gitosis/run_hook.py   |  4 ++--
 gitosis/serve.py      |  6 +++---
 gitosis/ssh.py        |  8 ++++----
 gitosis/util.py       |  4 ++--
 12 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/.gitignore b/.gitignore
index dc2c237..9593815 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,5 @@
 /apidocs
 /gitosis/test/tmp
 /.coverage
+.idea
+venv
\ No newline at end of file
diff --git a/gitosis/access.py b/gitosis/access.py
index c95c842..f7153b2 100644
--- a/gitosis/access.py
+++ b/gitosis/access.py
@@ -1,5 +1,5 @@
 import os, logging
-from ConfigParser import NoSectionError, NoOptionError
+from configparser import NoSectionError, NoOptionError
 
 from gitosis import group
 
diff --git a/gitosis/app.py b/gitosis/app.py
index fa9772b..88106c9 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -3,7 +3,7 @@
 import logging
 import optparse
 import errno
-import ConfigParser
+import configparser
 
 log = logging.getLogger('gitosis.app')
 
@@ -31,7 +31,7 @@ def main(self):
         cfg = self.create_config(options)
         try:
             self.read_config(options, cfg)
-        except CannotReadConfigError, e:
+        except CannotReadConfigError as e:
             log.error(str(e))
             sys.exit(1)
         self.setup_logging(cfg)
@@ -53,13 +53,13 @@ def create_parser(self):
         return parser
 
     def create_config(self, options):
-        cfg = ConfigParser.RawConfigParser()
+        cfg = configparser.RawConfigParser()
         return cfg
 
     def read_config(self, options, cfg):
         try:
-            conffile = file(options.config)
-        except (IOError, OSError), e:
+            conffile = open(options.config)
+        except (IOError, OSError) as e:
             if e.errno == errno.ENOENT:
                 # special case this because gitosis-init wants to
                 # ignore this particular error case
@@ -74,8 +74,8 @@ def read_config(self, options, cfg):
     def setup_logging(self, cfg):
         try:
             loglevel = cfg.get('gitosis', 'loglevel')
-        except (ConfigParser.NoSectionError,
-                ConfigParser.NoOptionError):
+        except (configparser.NoSectionError,
+                configparser.NoOptionError):
             pass
         else:
             try:
diff --git a/gitosis/gitdaemon.py b/gitosis/gitdaemon.py
index 78ca9ea..f2b55c5 100644
--- a/gitosis/gitdaemon.py
+++ b/gitosis/gitdaemon.py
@@ -2,7 +2,7 @@
 import logging
 import os
 
-from ConfigParser import NoSectionError, NoOptionError
+from configparser import NoSectionError, NoOptionError
 
 log = logging.getLogger('gitosis.gitdaemon')
 
@@ -14,13 +14,13 @@ def export_ok_path(repopath):
 
 def allow_export(repopath):
     p = export_ok_path(repopath)
-    file(p, 'a').close()
+    open(p, 'a').close()
 
 def deny_export(repopath):
     p = export_ok_path(repopath)
     try:
         os.unlink(p)
-    except OSError, e:
+    except OSError as e:
         if e.errno == errno.ENOENT:
             pass
         else:
diff --git a/gitosis/gitweb.py b/gitosis/gitweb.py
index b4b538b..6d1cc67 100644
--- a/gitosis/gitweb.py
+++ b/gitosis/gitweb.py
@@ -27,7 +27,7 @@
 
 import os, urllib, logging
 
-from ConfigParser import NoSectionError, NoOptionError
+from configparser import NoSectionError, NoOptionError
 
 from gitosis import util
 
@@ -106,7 +106,7 @@ def generate_project_list(config, path):
     """
     tmp = '%s.%d.tmp' % (path, os.getpid())
 
-    f = file(tmp, 'w')
+    f = open(tmp, 'w')
     try:
         generate_project_list_fp(config=config, fp=f)
     finally:
@@ -157,7 +157,7 @@ def set_descriptions(config):
             'description',
             )
         tmp = '%s.%d.tmp' % (path, os.getpid())
-        f = file(tmp, 'w')
+        f = open(tmp, 'w')
         try:
             print >>f, description
         finally:
diff --git a/gitosis/group.py b/gitosis/group.py
index a18a731..0a2b010 100644
--- a/gitosis/group.py
+++ b/gitosis/group.py
@@ -1,5 +1,5 @@
 import logging
-from ConfigParser import NoSectionError, NoOptionError
+from configparser import NoSectionError, NoOptionError
 
 def _getMembership(config, user, seen):
     log = logging.getLogger('gitosis.group.getMembership')
diff --git a/gitosis/init.py b/gitosis/init.py
index 28e7871..214b35c 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -8,8 +8,8 @@
 import sys
 
 from pkg_resources import resource_filename
-from cStringIO import StringIO
-from ConfigParser import RawConfigParser
+from io import StringIO
+from configparser import RawConfigParser
 
 from gitosis import repository
 from gitosis import run_hook
@@ -54,7 +54,7 @@ def symlink_config(git_dir):
     tmp = '%s.%d.tmp' % (dst, os.getpid())
     try:
         os.unlink(tmp)
-    except OSError, e:
+    except OSError as e:
         if e.errno == errno.ENOENT:
             pass
         else:
@@ -80,7 +80,7 @@ def init_admin_repository(
 
     # can't rely on setuptools and all kinds of distro packaging to
     # have kept our templates executable, it seems
-    os.chmod(os.path.join(git_dir, 'hooks', 'post-update'), 0755)
+    os.chmod(os.path.join(git_dir, 'hooks', 'post-update'), 0o755)
 
     if not repository.has_initial_commit(git_dir):
         log.info('Making initial commit...')
@@ -119,7 +119,7 @@ def read_config(self, *a, **kw):
     def handle_args(self, parser, cfg, options, args):
         super(Main, self).handle_args(parser, cfg, options, args)
 
-        os.umask(0022)
+        os.umask(0o022)
 
         log.info('Reading SSH public key...')
         pubkey = read_ssh_pubkey()
@@ -141,7 +141,7 @@ def handle_args(self, parser, cfg, options, args):
             user=user,
             )
         log.info('Running post-update hook...')
-        util.mkdir(os.path.expanduser('~/.ssh'), 0700)
+        util.mkdir(os.path.expanduser('~/.ssh'), 0o700)
         run_hook.post_update(cfg=cfg, git_dir=admin_repository)
         log.info('Symlinking ~/.gitosis.conf to repository...')
         symlink_config(git_dir=admin_repository)
diff --git a/gitosis/repository.py b/gitosis/repository.py
index 9dd0291..8617afe 100644
--- a/gitosis/repository.py
+++ b/gitosis/repository.py
@@ -36,7 +36,7 @@ def init(
     if _git is None:
         _git = 'git'
 
-    util.mkdir(path, 0750)
+    util.mkdir(path, 0o750)
     args = [
         _git,
         '--git-dir=.',
@@ -131,7 +131,7 @@ class GitCheckoutIndexError(GitExportError):
 def export(git_dir, path):
     try:
         os.mkdir(path)
-    except OSError, e:
+    except OSError as e:
         if e.errno == errno.EEXIST:
             pass
         else:
diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index e535e6a..ca35801 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -19,7 +19,7 @@ def post_update(cfg, git_dir):
     export = os.path.join(git_dir, 'gitosis-export')
     try:
         shutil.rmtree(export)
-    except OSError, e:
+    except OSError as e:
         if e.errno == errno.ENOENT:
             pass
         else:
@@ -63,7 +63,7 @@ def handle_args(self, parser, cfg, options, args):
             parser.error('Missing argument HOOK.')
 
         log = logging.getLogger('gitosis.run_hook')
-        os.umask(0022)
+        os.umask(0o022)
 
         git_dir = os.environ.get('GIT_DIR')
         if git_dir is None:
diff --git a/gitosis/serve.py b/gitosis/serve.py
index fdfea53..3b69f7a 100644
--- a/gitosis/serve.py
+++ b/gitosis/serve.py
@@ -141,7 +141,7 @@ def serve(
         p = topdir
         for segment in repopath.split(os.sep)[:-1]:
             p = os.path.join(p, segment)
-            util.mkdir(p, 0750)
+            util.mkdir(p, 0o750)
 
         repository.init(path=fullpath)
         gitweb.set_descriptions(
@@ -178,7 +178,7 @@ def handle_args(self, parser, cfg, options, args):
             parser.error('Missing argument USER.')
 
         main_log = logging.getLogger('gitosis.serve.main')
-        os.umask(0022)
+        os.umask(0o022)
 
         cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None)
         if cmd is None:
@@ -197,7 +197,7 @@ def handle_args(self, parser, cfg, options, args):
                 user=user,
                 command=cmd,
                 )
-        except ServingError, e:
+        except ServingError as e:
             main_log.error('%s', e)
             sys.exit(1)
 
diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index a315a5c..37c9fec 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -25,7 +25,7 @@ def readKeys(keydir):
             continue
 
         path = os.path.join(keydir, filename)
-        f = file(path)
+        f = open(path)
         for line in f:
             line = line.rstrip('\n')
             yield (basename, line)
@@ -63,15 +63,15 @@ def filterAuthorizedKeys(fp):
 def writeAuthorizedKeys(path, keydir):
     tmp = '%s.%d.tmp' % (path, os.getpid())
     try:
-        in_ = file(path)
-    except IOError, e:
+        in_ = open(path)
+    except IOError as e:
         if e.errno == errno.ENOENT:
             in_ = None
         else:
             raise
 
     try:
-        out = file(tmp, 'w')
+        out = open(tmp, 'w')
         try:
             if in_ is not None:
                 for line in filterAuthorizedKeys(in_):
diff --git a/gitosis/util.py b/gitosis/util.py
index 479b2e9..f4bf05f 100644
--- a/gitosis/util.py
+++ b/gitosis/util.py
@@ -1,11 +1,11 @@
 import errno
 import os
-from ConfigParser import NoSectionError, NoOptionError
+from configparser import NoSectionError, NoOptionError
 
 def mkdir(*a, **kw):
     try:
         os.mkdir(*a, **kw)
-    except OSError, e:
+    except OSError as e:
         if e.errno == errno.EEXIST:
             pass
         else:

From 35a9a8a8babe5a9f395ad3003cf0dcab5ed1e80c Mon Sep 17 00:00:00 2001
From: Michael <mgukov@inbox.ru>
Date: Mon, 17 Dec 2018 00:38:12 +0500
Subject: [PATCH 02/92] Python3

---
 gitosis/test/test_access.py     |  2 +-
 gitosis/test/test_gitdaemon.py  |  2 +-
 gitosis/test/test_gitweb.py     |  4 ++--
 gitosis/test/test_group.py      |  2 +-
 gitosis/test/test_init.py       |  4 ++--
 gitosis/test/test_repository.py | 22 +++++++++++-----------
 gitosis/test/test_run_hook.py   |  4 ++--
 gitosis/test/test_serve.py      | 10 +++++-----
 gitosis/test/test_ssh.py        |  4 ++--
 gitosis/test/util.py            | 10 +++++-----
 10 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/gitosis/test/test_access.py b/gitosis/test/test_access.py
index f39444c..a65742b 100644
--- a/gitosis/test/test_access.py
+++ b/gitosis/test/test_access.py
@@ -1,7 +1,7 @@
 from nose.tools import eq_ as eq
 
 import logging
-from ConfigParser import RawConfigParser
+from configparser import RawConfigParser
 
 from gitosis import access
 
diff --git a/gitosis/test/test_gitdaemon.py b/gitosis/test/test_gitdaemon.py
index 94475ac..d9547a6 100644
--- a/gitosis/test/test_gitdaemon.py
+++ b/gitosis/test/test_gitdaemon.py
@@ -1,7 +1,7 @@
 from nose.tools import eq_ as eq
 
 import os
-from ConfigParser import RawConfigParser
+from configparser import RawConfigParser
 
 from gitosis import gitdaemon
 from gitosis.test.util import maketemp, writeFile
diff --git a/gitosis/test/test_gitweb.py b/gitosis/test/test_gitweb.py
index e38b881..4b35962 100644
--- a/gitosis/test/test_gitweb.py
+++ b/gitosis/test/test_gitweb.py
@@ -1,8 +1,8 @@
 from nose.tools import eq_ as eq
 
 import os
-from ConfigParser import RawConfigParser
-from cStringIO import StringIO
+from configparser import RawConfigParser
+from io import StringIO
 
 from gitosis import gitweb
 from gitosis.test.util import mkdir, maketemp, readFile, writeFile
diff --git a/gitosis/test/test_group.py b/gitosis/test/test_group.py
index 9ea035a..4d878a8 100644
--- a/gitosis/test/test_group.py
+++ b/gitosis/test/test_group.py
@@ -1,6 +1,6 @@
 from nose.tools import eq_ as eq, assert_raises
 
-from ConfigParser import RawConfigParser
+from configparser import RawConfigParser
 
 from gitosis import group
 
diff --git a/gitosis/test/test_init.py b/gitosis/test/test_init.py
index fb6b286..dcef74c 100644
--- a/gitosis/test/test_init.py
+++ b/gitosis/test/test_init.py
@@ -2,7 +2,7 @@
 from gitosis.test.util import assert_raises, maketemp
 
 import os
-from ConfigParser import RawConfigParser
+from configparser import RawConfigParser
 
 from gitosis import init
 from gitosis import repository
@@ -113,7 +113,7 @@ def test_init_admin_repository():
         'hooks',
         'post-update',
         )
-    util.check_mode(hook, 0755, is_file=True)
+    util.check_mode(hook, 0o755, is_file=True)
     got = util.readFile(hook).splitlines()
     assert 'gitosis-run-hook post-update' in got
     export_dir = os.path.join(tmp, 'export')
diff --git a/gitosis/test/test_repository.py b/gitosis/test/test_repository.py
index 1646e6c..9e5c7cf 100644
--- a/gitosis/test/test_repository.py
+++ b/gitosis/test/test_repository.py
@@ -23,17 +23,17 @@ def test_init_simple():
     tmp = maketemp()
     path = os.path.join(tmp, 'repo.git')
     repository.init(path)
-    check_mode(path, 0750, is_dir=True)
+    check_mode(path, 0o750, is_dir=True)
     check_bare(path)
 
 def test_init_exist_dir():
     tmp = maketemp()
     path = os.path.join(tmp, 'repo.git')
-    mkdir(path, 0710)
-    check_mode(path, 0710, is_dir=True)
+    mkdir(path, 0o710)
+    check_mode(path, 0o710, is_dir=True)
     repository.init(path)
     # my weird access mode is preserved
-    check_mode(path, 0710, is_dir=True)
+    check_mode(path, 0o710, is_dir=True)
     check_bare(path)
 
 def test_init_exist_git():
@@ -41,7 +41,7 @@ def test_init_exist_git():
     path = os.path.join(tmp, 'repo.git')
     repository.init(path)
     repository.init(path)
-    check_mode(path, 0750, is_dir=True)
+    check_mode(path, 0o750, is_dir=True)
     check_bare(path)
 
 def test_init_templates():
@@ -53,7 +53,7 @@ def test_init_templates():
         )
 
     # for reproducibility
-    os.umask(0022)
+    os.umask(0o022)
 
     repository.init(path, template=templatedir)
     repository.init(path)
@@ -61,7 +61,7 @@ def test_init_templates():
     eq(got, 'i should show up\n')
     check_mode(
         os.path.join(path, 'hooks', 'post-update'),
-        0755,
+        0o755,
         is_file=True,
         )
     got = readFile(os.path.join(path, 'hooks', 'post-update'))
@@ -91,7 +91,7 @@ def test_init_environment():
 
 exec git "$@"
 ''')
-    os.chmod(mockgit, 0755)
+    os.chmod(mockgit, 0o755)
     magic_cookie = '%d' % random.randint(1, 100000)
     good_path = os.environ['PATH']
     try:
@@ -130,7 +130,7 @@ def test_fast_import_environment():
 
 exec git "$@"
 ''')
-    os.chmod(mockgit, 0755)
+    os.chmod(mockgit, 0o755)
     magic_cookie = '%d' % random.randint(1, 100000)
     good_path = os.environ['PATH']
     try:
@@ -226,7 +226,7 @@ def test_export_environment():
 
 exec git "$@"
 ''')
-    os.chmod(mockgit, 0755)
+    os.chmod(mockgit, 0o755)
     repository.init(path=git_dir)
     repository.fast_import(
         git_dir=git_dir,
@@ -301,7 +301,7 @@ def test_has_initial_commit_environment():
 
 exec git "$@"
 ''')
-    os.chmod(mockgit, 0755)
+    os.chmod(mockgit, 0o755)
     repository.init(path=tmp)
     repository.fast_import(
         git_dir=tmp,
diff --git a/gitosis/test/test_run_hook.py b/gitosis/test/test_run_hook.py
index db01e0c..ae674cc 100644
--- a/gitosis/test/test_run_hook.py
+++ b/gitosis/test/test_run_hook.py
@@ -1,8 +1,8 @@
 from nose.tools import eq_ as eq
 
 import os
-from ConfigParser import RawConfigParser
-from cStringIO import StringIO
+from configparser import RawConfigParser
+from io import StringIO
 
 from gitosis import init, repository, run_hook
 from gitosis.test.util import maketemp, readFile
diff --git a/gitosis/test/test_serve.py b/gitosis/test/test_serve.py
index 88ce474..9d126c1 100644
--- a/gitosis/test/test_serve.py
+++ b/gitosis/test/test_serve.py
@@ -3,8 +3,8 @@
 
 import logging
 import os
-from cStringIO import StringIO
-from ConfigParser import RawConfigParser
+from io import StringIO
+from configparser import RawConfigParser
 
 from gitosis import serve
 from gitosis import repository
@@ -354,7 +354,7 @@ def test_push_inits_subdir_parent_missing():
         )
     eq(os.listdir(repositories), ['foo'])
     foo = os.path.join(repositories, 'foo')
-    util.check_mode(foo, 0750, is_dir=True)
+    util.check_mode(foo, 0o750, is_dir=True)
     eq(os.listdir(foo), ['bar.git'])
     assert os.path.isfile(os.path.join(repositories, 'foo', 'bar.git', 'HEAD'))
 
@@ -366,7 +366,7 @@ def test_push_inits_subdir_parent_exists():
     os.mkdir(repositories)
     foo = os.path.join(repositories, 'foo')
     # silly mode on purpose; not to be touched
-    os.mkdir(foo, 0751)
+    os.mkdir(foo, 0o751)
     cfg.set('gitosis', 'repositories', repositories)
     generated = os.path.join(tmp, 'generated')
     os.mkdir(generated)
@@ -380,7 +380,7 @@ def test_push_inits_subdir_parent_exists():
         command="git-receive-pack 'foo/bar.git'",
         )
     eq(os.listdir(repositories), ['foo'])
-    util.check_mode(foo, 0751, is_dir=True)
+    util.check_mode(foo, 0o751, is_dir=True)
     eq(os.listdir(foo), ['bar.git'])
     assert os.path.isfile(os.path.join(repositories, 'foo', 'bar.git', 'HEAD'))
 
diff --git a/gitosis/test/test_ssh.py b/gitosis/test/test_ssh.py
index fc6ecbc..8714684 100644
--- a/gitosis/test/test_ssh.py
+++ b/gitosis/test/test_ssh.py
@@ -1,7 +1,7 @@
 from nose.tools import eq_ as eq, assert_raises
 
 import os
-from cStringIO import StringIO
+from io import StringIO
 
 from gitosis import ssh
 from gitosis.test.util import mkdir, maketemp, writeFile, readFile
@@ -171,7 +171,7 @@ class WriteAuthorizedKeys_Test(object):
     def test_simple(self):
         tmp = maketemp()
         path = os.path.join(tmp, 'authorized_keys')
-        f = file(path, 'w')
+        f = open(path, 'w')
         try:
             f.write('''\
 # foo
diff --git a/gitosis/test/util.py b/gitosis/test/util.py
index 592b766..6b04c9a 100644
--- a/gitosis/test/util.py
+++ b/gitosis/test/util.py
@@ -9,7 +9,7 @@
 def mkdir(*a, **kw):
     try:
         os.mkdir(*a, **kw)
-    except OSError, e:
+    except OSError as e:
         if e.errno == errno.EEXIST:
             pass
         else:
@@ -27,7 +27,7 @@ def maketemp():
     tmp = os.path.join(tmp, name)
     try:
         shutil.rmtree(tmp)
-    except OSError, e:
+    except OSError as e:
         if e.errno == errno.ENOENT:
             pass
         else:
@@ -37,7 +37,7 @@ def maketemp():
 
 def writeFile(path, content):
     tmp = '%s.tmp' % path
-    f = file(tmp, 'w')
+    f = open(tmp, 'w')
     try:
         f.write(content)
     finally:
@@ -45,7 +45,7 @@ def writeFile(path, content):
     os.rename(tmp, path)
 
 def readFile(path):
-    f = file(path)
+    f = open(path)
     try:
         data = f.read()
     finally:
@@ -58,7 +58,7 @@ def assert_raises(excClass, callableObj, *args, **kwargs):
     """
     try:
         callableObj(*args, **kwargs)
-    except excClass, e:
+    except excClass as e:
         return e
     else:
         if hasattr(excClass,'__name__'): excName = excClass.__name__

From a5c8c2022b79f406fc4ce30d78c0ad16d2619f97 Mon Sep 17 00:00:00 2001
From: Michael Gukov <mgookov@gmail.com>
Date: Mon, 17 Dec 2018 01:47:01 +0500
Subject: [PATCH 03/92] Python3

---
 gitosis/init.py       | 7 +++++--
 gitosis/repository.py | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/gitosis/init.py b/gitosis/init.py
index 214b35c..d81ceed 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -87,8 +87,11 @@ def init_admin_repository(
         # ConfigParser does not guarantee order, so jump through hoops
         # to make sure [gitosis] is first
         cfg_file = StringIO()
-        print >>cfg_file, '[gitosis]'
-        print >>cfg_file
+        print('[gitosis]', file=cfg_file)
+        #print('', end="", file=cfg_file)
+
+        #print >>cfg_file, '[gitosis]'
+        #print >>cfg_file
         cfg = RawConfigParser()
         cfg.add_section('group gitosis-admin')
         cfg.set('group gitosis-admin', 'members', user)
diff --git a/gitosis/repository.py b/gitosis/repository.py
index 8617afe..884549b 100644
--- a/gitosis/repository.py
+++ b/gitosis/repository.py
@@ -185,7 +185,7 @@ def has_initial_commit(git_dir):
         stdout=subprocess.PIPE,
         close_fds=True,
         )
-    got = child.stdout.read()
+    got = child.stdout.read().decode('utf-8')
     returncode = child.wait()
     if returncode != 0:
         raise GitRevParseError('exit status %d' % returncode)

From a6c329e7be4da7b75787d1e95d7b5079c302484e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 09:46:03 +0200
Subject: [PATCH 04/92] added ssh-principals

---
 gitosis/run_hook.py       |  6 +++
 gitosis/ssh_principals.py | 81 +++++++++++++++++++++++++++++++++++++++
 gitosis/util.py           |  7 ++++
 3 files changed, 94 insertions(+)
 create mode 100644 gitosis/ssh_principals.py

diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index e535e6a..a1e1d21 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -10,6 +10,7 @@
 
 from gitosis import repository
 from gitosis import ssh
+from gitosis import ssh_principals
 from gitosis import gitweb
 from gitosis import gitdaemon
 from gitosis import app
@@ -47,6 +48,11 @@ def post_update(cfg, git_dir):
         path=authorized_keys,
         keydir=os.path.join(export, 'keydir'),
         )
+    principals = util.getSSHPrincipalsPath(config=cfg)
+    ssh.writePrincipals(
+        path=principals,
+        principals=os.path.join(export, 'principals'),
+        )
 
 class Main(app.App):
     def create_parser(self):
diff --git a/gitosis/ssh_principals.py b/gitosis/ssh_principals.py
new file mode 100644
index 0000000..448ee8b
--- /dev/null
+++ b/gitosis/ssh_principals.py
@@ -0,0 +1,81 @@
+import os, errno, re
+import logging
+
+log = logging.getLogger('gitosis.ssh')
+
+_ACCEPTABLE_USER_RE = re.compile(r'^[a-zA-Z][a-zA-Z0-9_.-]*(@[a-zA-Z][a-zA-Z0-9.-]*)?$')
+
+def isSafeUsername(user):
+    match = _ACCEPTABLE_USER_RE.match(user)
+    return (match is not None)
+
+def readPrincipals(principals):
+    """
+    Read SSH principals from ``principals``
+    """
+    f = file(principals)
+    for line in f:
+        if not isSafeUsername(line):
+            log.warn('Unsafe SSH username in principalfile: %r', line)
+            continue
+        line = line.rstrip('\n')
+        yield (line)
+    f.close()
+
+COMMENT = '### autogenerated by gitosis, DO NOT EDIT'
+
+def generatePrincipals(keys):
+    TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
+              +'no-X11-forwarding,no-agent-forwarding,no-pty %(user)s')
+
+    yield COMMENT
+    for (user) in keys:
+        yield TEMPLATE % dict(user=user)
+
+_COMMAND_RE = re.compile('^command="(/[^ "]+/)?gitosis-serve [^"]+",no-port-forw'
+                         +'arding,no-X11-forwarding,no-agent-forwardi'
+                         +'ng,no-pty .*')
+
+def filterPrincipals(fp):
+    """
+    Read lines from ``fp``, filter out autogenerated ones.
+
+    Note removes newlines.
+    """
+
+    for line in fp:
+        line = line.rstrip('\n')
+        if line == COMMENT:
+            continue
+        if _COMMAND_RE.match(line):
+            continue
+        yield line
+
+def writePrincipals(path, principals):
+    tmp = '%s.%d.tmp' % (path, os.getpid())
+    try:
+        in_ = file(path)
+    except IOError, e:
+        if e.errno == errno.ENOENT:
+            in_ = None
+        else:
+            raise
+
+    try:
+        out = file(tmp, 'w')
+        try:
+            if in_ is not None:
+                for line in filterPrincipals(in_):
+                    print >>out, line
+
+            keygen = readPrincipals(principals)
+            for line in generatePrincipals(keygen):
+                print >>out, line
+
+            os.fsync(out)
+        finally:
+            out.close()
+    finally:
+        if in_ is not None:
+            in_.close()
+    os.rename(tmp, path)
diff --git a/gitosis/util.py b/gitosis/util.py
index 479b2e9..4ec6bde 100644
--- a/gitosis/util.py
+++ b/gitosis/util.py
@@ -34,3 +34,10 @@ def getSSHAuthorizedKeysPath(config):
     except (NoSectionError, NoOptionError):
         path = os.path.expanduser('~/.ssh/authorized_keys')
     return path
+
+def getSSHPrincipalsPath(config):
+    try:
+        path = config.get('gitosis', 'ssh-principals-path')
+    except (NoSectionError, NoOptionError):
+        path = os.path.expanduser('~/.ssh/principals')
+    return path

From 72b551f6b0c6f0ccddbe288e4e02262d5670c08e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 11:58:39 +0200
Subject: [PATCH 05/92] if only a username is given on init, it is used as
 principal. no pubkey-handling

---
 gitosis/init.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/gitosis/init.py b/gitosis/init.py
index 28e7871..ec7fa58 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -6,6 +6,7 @@
 import logging
 import os
 import sys
+import re
 
 from pkg_resources import resource_filename
 from cStringIO import StringIO
@@ -32,19 +33,28 @@ def __str__(self):
         return '%s: %s' % (self.__doc__, ': '.join(self.args))
 
 def ssh_extract_user(pubkey):
-    _, user = pubkey.rsplit(None, 1)
+    if re.search(r"\s", pubkey)
+        _, user = pubkey.rsplit(None, 1)
+    else:
+        user = pubkey
     if ssh.isSafeUsername(user):
         return user
     else:
         raise InsecureSSHKeyUsername(repr(user))
 
 def initial_commit(git_dir, cfg, pubkey, user):
+    if pubkey is None:
+        keyfile = 'keydir/principals'
+        content = user
+    else:
+        keyfile = 'keydir/%s.pub' % user
+        content = pubkey
     repository.fast_import(
         git_dir=git_dir,
         commit_msg='Automatic creation of gitosis repository.',
         committer='Gitosis Admin <%s>' % user,
         files=[
-            ('keydir/%s.pub' % user, pubkey),
+            (keyfile, content),
             ('gitosis.conf', cfg),
             ],
         )
@@ -124,6 +134,8 @@ def handle_args(self, parser, cfg, options, args):
         log.info('Reading SSH public key...')
         pubkey = read_ssh_pubkey()
         user = ssh_extract_user(pubkey)
+        if not re.search(r"\s", pubkey)
+            pubkey = None
         if user is None:
             log.error('Cannot parse user from SSH public key.')
             sys.exit(1)

From 0b35036df6e3b97ff6772b77803d29b9ef8df959 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 12:42:09 +0200
Subject: [PATCH 06/92] fixed missing colon in if statement

---
 gitosis/init.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gitosis/init.py b/gitosis/init.py
index ec7fa58..77cc267 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -33,7 +33,7 @@ def __str__(self):
         return '%s: %s' % (self.__doc__, ': '.join(self.args))
 
 def ssh_extract_user(pubkey):
-    if re.search(r"\s", pubkey)
+    if re.search(r"\s", pubkey):
         _, user = pubkey.rsplit(None, 1)
     else:
         user = pubkey
@@ -134,7 +134,7 @@ def handle_args(self, parser, cfg, options, args):
         log.info('Reading SSH public key...')
         pubkey = read_ssh_pubkey()
         user = ssh_extract_user(pubkey)
-        if not re.search(r"\s", pubkey)
+        if not re.search(r"\s", pubkey):
             pubkey = None
         if user is None:
             log.error('Cannot parse user from SSH public key.')

From 5264a15b257a53dc9d3edc4ae46b58139fbceb52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 12:49:07 +0200
Subject: [PATCH 07/92] pubkey handling

---
 gitosis/init.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/init.py b/gitosis/init.py
index 77cc267..ec59f61 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -33,7 +33,7 @@ def __str__(self):
         return '%s: %s' % (self.__doc__, ': '.join(self.args))
 
 def ssh_extract_user(pubkey):
-    if re.search(r"\s", pubkey):
+    if not re.search(r"\s", pubkey):
         _, user = pubkey.rsplit(None, 1)
     else:
         user = pubkey

From 954588c5ede1eebb009f8d887e87b2a6a89e026d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 12:53:22 +0200
Subject: [PATCH 08/92] debug

---
 gitosis/init.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gitosis/init.py b/gitosis/init.py
index ec59f61..645fd0c 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -43,6 +43,7 @@ def ssh_extract_user(pubkey):
         raise InsecureSSHKeyUsername(repr(user))
 
 def initial_commit(git_dir, cfg, pubkey, user):
+    print user pubkey
     if pubkey is None:
         keyfile = 'keydir/principals'
         content = user

From e9fd563ccffa186a33af888c295b399f9a148e28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 12:55:19 +0200
Subject: [PATCH 09/92] debug

---
 gitosis/init.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/init.py b/gitosis/init.py
index 645fd0c..c176b73 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -43,7 +43,7 @@ def ssh_extract_user(pubkey):
         raise InsecureSSHKeyUsername(repr(user))
 
 def initial_commit(git_dir, cfg, pubkey, user):
-    print user pubkey
+    log.info('User:', user)
     if pubkey is None:
         keyfile = 'keydir/principals'
         content = user

From e49279d6897b5375d130e7cbd24b9b5ed353aabe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 16:18:48 +0200
Subject: [PATCH 10/92] filehandle for logger added

---
 gitosis/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/app.py b/gitosis/app.py
index fa9772b..d0ffdd5 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -38,7 +38,7 @@ def main(self):
         self.handle_args(parser, cfg, options, args)
 
     def setup_basic_logging(self):
-        logging.basicConfig()
+        logging.basicConfig(filename=gitosis.log)
 
     def create_parser(self):
         parser = optparse.OptionParser()

From 00e9d7db661a3ab5f7e6d0b7777f13489212449d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 16:19:55 +0200
Subject: [PATCH 11/92] =?UTF-8?q?=C2=B4filename=20in=20quotes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 gitosis/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/app.py b/gitosis/app.py
index d0ffdd5..511e191 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -38,7 +38,7 @@ def main(self):
         self.handle_args(parser, cfg, options, args)
 
     def setup_basic_logging(self):
-        logging.basicConfig(filename=gitosis.log)
+        logging.basicConfig(filename='gitosis.log')
 
     def create_parser(self):
         parser = optparse.OptionParser()

From af521f67a0cace12888346803863599f93d09835 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 16:21:51 +0200
Subject: [PATCH 12/92] loglevel debug added

---
 gitosis/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/app.py b/gitosis/app.py
index 511e191..eea0d72 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -38,7 +38,7 @@ def main(self):
         self.handle_args(parser, cfg, options, args)
 
     def setup_basic_logging(self):
-        logging.basicConfig(filename='gitosis.log')
+        logging.basicConfig(filename='gitosis.log', level=DEBUG)
 
     def create_parser(self):
         parser = optparse.OptionParser()

From 078686cd1793b35e7ba6cfc498f3f9f7968163b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 17:01:16 +0200
Subject: [PATCH 13/92] DEBUG -> "DEBUG"

---
 gitosis/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/app.py b/gitosis/app.py
index eea0d72..9135446 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -38,7 +38,7 @@ def main(self):
         self.handle_args(parser, cfg, options, args)
 
     def setup_basic_logging(self):
-        logging.basicConfig(filename='gitosis.log', level=DEBUG)
+        logging.basicConfig(filename='gitosis.log', level="DEBUG")
 
     def create_parser(self):
         parser = optparse.OptionParser()

From d1e27e536efdac7cffc78e8061aa834f74f91ae3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 17:07:50 +0200
Subject: [PATCH 14/92] debug

---
 gitosis/app.py  | 2 +-
 gitosis/init.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gitosis/app.py b/gitosis/app.py
index 9135446..a999f18 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -38,7 +38,7 @@ def main(self):
         self.handle_args(parser, cfg, options, args)
 
     def setup_basic_logging(self):
-        logging.basicConfig(filename='gitosis.log', level="DEBUG")
+        logging.basicConfig(filename='gitosis.log', level=10)
 
     def create_parser(self):
         parser = optparse.OptionParser()
diff --git a/gitosis/init.py b/gitosis/init.py
index c176b73..28dbcd2 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -36,7 +36,7 @@ def ssh_extract_user(pubkey):
     if not re.search(r"\s", pubkey):
         _, user = pubkey.rsplit(None, 1)
     else:
-        user = pubkey
+        user = pubkey.strip()
     if ssh.isSafeUsername(user):
         return user
     else:

From a3a565ed27f92dab07508efab6c4a6fe80c80f2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 17:09:56 +0200
Subject: [PATCH 15/92] ssh -> ssh_principals

---
 gitosis/run_hook.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index a1e1d21..e077387 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -49,7 +49,7 @@ def post_update(cfg, git_dir):
         keydir=os.path.join(export, 'keydir'),
         )
     principals = util.getSSHPrincipalsPath(config=cfg)
-    ssh.writePrincipals(
+    ssh_principals.writePrincipals(
         path=principals,
         principals=os.path.join(export, 'principals'),
         )

From d98c6cc9745a0b649b02e4888eec93bb8c9ec761 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 17:54:55 +0200
Subject: [PATCH 16/92] logging added

---
 gitosis/ssh_principals.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gitosis/ssh_principals.py b/gitosis/ssh_principals.py
index 448ee8b..1fdf071 100644
--- a/gitosis/ssh_principals.py
+++ b/gitosis/ssh_principals.py
@@ -30,6 +30,7 @@ def generatePrincipals(keys):
 
     yield COMMENT
     for (user) in keys:
+        log.debug(TEMPLATE % dict(user=user))
         yield TEMPLATE % dict(user=user)
 
 _COMMAND_RE = re.compile('^command="(/[^ "]+/)?gitosis-serve [^"]+",no-port-forw'

From 4dcd1f3d8c689b511b5cf5d9353050bd704bca33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 18:02:01 +0200
Subject: [PATCH 17/92] Debug added

---
 gitosis/init.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gitosis/init.py b/gitosis/init.py
index 28dbcd2..b7f5df0 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -137,6 +137,7 @@ def handle_args(self, parser, cfg, options, args):
         user = ssh_extract_user(pubkey)
         if not re.search(r"\s", pubkey):
             pubkey = None
+        logger.debug("pubkey: %s", pubkey)
         if user is None:
             log.error('Cannot parse user from SSH public key.')
             sys.exit(1)

From 5fe6c8b0d4c29dbc54eeb02f8238f2235c935106 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 18:03:01 +0200
Subject: [PATCH 18/92] logger->logging

---
 gitosis/init.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/init.py b/gitosis/init.py
index b7f5df0..c756a6d 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -137,7 +137,7 @@ def handle_args(self, parser, cfg, options, args):
         user = ssh_extract_user(pubkey)
         if not re.search(r"\s", pubkey):
             pubkey = None
-        logger.debug("pubkey: %s", pubkey)
+        logging.debug("pubkey: %s", pubkey)
         if user is None:
             log.error('Cannot parse user from SSH public key.')
             sys.exit(1)

From ac1b52852f1e74895e422871134d59fa16b45679 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 18:08:25 +0200
Subject: [PATCH 19/92] bool

---
 gitosis/init.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gitosis/init.py b/gitosis/init.py
index c756a6d..636900a 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -33,7 +33,7 @@ def __str__(self):
         return '%s: %s' % (self.__doc__, ': '.join(self.args))
 
 def ssh_extract_user(pubkey):
-    if not re.search(r"\s", pubkey):
+    if not bool(re.search(r"\s", pubkey)):
         _, user = pubkey.rsplit(None, 1)
     else:
         user = pubkey.strip()
@@ -135,9 +135,9 @@ def handle_args(self, parser, cfg, options, args):
         log.info('Reading SSH public key...')
         pubkey = read_ssh_pubkey()
         user = ssh_extract_user(pubkey)
-        if not re.search(r"\s", pubkey):
+        if not bool(re.search(r"\s", pubkey)):
             pubkey = None
-        logging.debug("pubkey: %s", pubkey)
+        log.debug("pubkey: %s", pubkey)
         if user is None:
             log.error('Cannot parse user from SSH public key.')
             sys.exit(1)

From 161308d25dc9125cf50206827286dc7e8d6b9cfc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 18:11:32 +0200
Subject: [PATCH 20/92] check auf leerzeichen im pubkey

---
 gitosis/init.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/init.py b/gitosis/init.py
index 636900a..6dcc186 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -135,7 +135,7 @@ def handle_args(self, parser, cfg, options, args):
         log.info('Reading SSH public key...')
         pubkey = read_ssh_pubkey()
         user = ssh_extract_user(pubkey)
-        if not bool(re.search(r"\s", pubkey)):
+        if not " " in pubkey:
             pubkey = None
         log.debug("pubkey: %s", pubkey)
         if user is None:

From 106522cee34cf03be3e82164002994051100ed81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 18:15:19 +0200
Subject: [PATCH 21/92] debug added

---
 gitosis/init.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gitosis/init.py b/gitosis/init.py
index 6dcc186..01cd630 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -43,13 +43,17 @@ def ssh_extract_user(pubkey):
         raise InsecureSSHKeyUsername(repr(user))
 
 def initial_commit(git_dir, cfg, pubkey, user):
+    log.debug('create initial commit')
     log.info('User:', user)
+    log.debug('pubkey', pubkey)
     if pubkey is None:
         keyfile = 'keydir/principals'
         content = user
     else:
         keyfile = 'keydir/%s.pub' % user
         content = pubkey
+    log.debug('keyfile', keyfile)
+    log.debug('content', content)
     repository.fast_import(
         git_dir=git_dir,
         commit_msg='Automatic creation of gitosis repository.',

From b3f7f15d182ab4c58262a5772eea412eb0952301 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 18:18:27 +0200
Subject: [PATCH 22/92] logging debug

---
 gitosis/init.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gitosis/init.py b/gitosis/init.py
index 01cd630..d766349 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -44,16 +44,16 @@ def ssh_extract_user(pubkey):
 
 def initial_commit(git_dir, cfg, pubkey, user):
     log.debug('create initial commit')
-    log.info('User:', user)
-    log.debug('pubkey', pubkey)
+    log.info('User: ' + user)
+    log.debug('pubkey: ' + pubkey)
     if pubkey is None:
         keyfile = 'keydir/principals'
         content = user
     else:
         keyfile = 'keydir/%s.pub' % user
         content = pubkey
-    log.debug('keyfile', keyfile)
-    log.debug('content', content)
+    log.debug('keyfile' + keyfile)
+    log.debug('content' + content)
     repository.fast_import(
         git_dir=git_dir,
         commit_msg='Automatic creation of gitosis repository.',

From c82e894f7ebb302416d1288e19b5d6f723b5cd50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 18:20:02 +0200
Subject: [PATCH 23/92] None logging fixed

---
 gitosis/init.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/gitosis/init.py b/gitosis/init.py
index d766349..141118d 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -45,7 +45,6 @@ def ssh_extract_user(pubkey):
 def initial_commit(git_dir, cfg, pubkey, user):
     log.debug('create initial commit')
     log.info('User: ' + user)
-    log.debug('pubkey: ' + pubkey)
     if pubkey is None:
         keyfile = 'keydir/principals'
         content = user

From 7b97347875cea2133a0211ebcdb55040e4649a60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Wed, 31 Jul 2019 18:24:41 +0200
Subject: [PATCH 24/92] principals in keydir/principals

---
 gitosis/run_hook.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index e077387..0c72e93 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -51,7 +51,7 @@ def post_update(cfg, git_dir):
     principals = util.getSSHPrincipalsPath(config=cfg)
     ssh_principals.writePrincipals(
         path=principals,
-        principals=os.path.join(export, 'principals'),
+        principals=os.path.join(export, 'keydir/principals'),
         )
 
 class Main(app.App):

From bd57935d6e2a4299ec9dc26c8b7e6221cdf0db09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 17:50:55 +0200
Subject: [PATCH 25/92] First step AuthorizedPrincipalCommand added

---
 gitosis/app.py        |  2 +-
 gitosis/principals.py | 93 +++++++++++++++++++++++++++++++++++++++++++
 setup.py              |  1 +
 3 files changed, 95 insertions(+), 1 deletion(-)
 create mode 100644 gitosis/principals.py

diff --git a/gitosis/app.py b/gitosis/app.py
index a999f18..fa9772b 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -38,7 +38,7 @@ def main(self):
         self.handle_args(parser, cfg, options, args)
 
     def setup_basic_logging(self):
-        logging.basicConfig(filename='gitosis.log', level=10)
+        logging.basicConfig()
 
     def create_parser(self):
         parser = optparse.OptionParser()
diff --git a/gitosis/principals.py b/gitosis/principals.py
new file mode 100644
index 0000000..37e8b25
--- /dev/null
+++ b/gitosis/principals.py
@@ -0,0 +1,93 @@
+"""
+Perform gitosis actions for a git hook.
+"""
+
+import errno
+import logging
+import os
+import sys
+import shutil
+
+from gitosis import repository
+from gitosis import ssh
+from gitosis import ssh_principals
+from gitosis import gitweb
+from gitosis import gitdaemon
+from gitosis import app
+from gitosis import util
+
+def serve_principal(sshUser, principal):
+    print "Do nothing"
+
+def post_update(cfg, git_dir):
+    export = os.path.join(git_dir, 'gitosis-export')
+    try:
+        shutil.rmtree(export)
+    except OSError, e:
+        if e.errno == errno.ENOENT:
+            pass
+        else:
+            raise
+    repository.export(git_dir=git_dir, path=export)
+    os.rename(
+        os.path.join(export, 'gitosis.conf'),
+        os.path.join(export, '..', 'gitosis.conf'),
+        )
+    # re-read config to get up-to-date settings
+    cfg.read(os.path.join(export, '..', 'gitosis.conf'))
+    gitweb.set_descriptions(
+        config=cfg,
+        )
+    generated = util.getGeneratedFilesDir(config=cfg)
+    gitweb.generate_project_list(
+        config=cfg,
+        path=os.path.join(generated, 'projects.list'),
+        )
+    gitdaemon.set_export_ok(
+        config=cfg,
+        )
+    authorized_keys = util.getSSHAuthorizedKeysPath(config=cfg)
+    ssh.writeAuthorizedKeys(
+        path=authorized_keys,
+        keydir=os.path.join(export, 'keydir'),
+        )
+    principals = util.getSSHPrincipalsPath(config=cfg)
+    ssh_principals.writePrincipals(
+        path=principals,
+        principals=os.path.join(export, 'keydir/principals'),
+        )
+
+class Main(app.App):
+    def create_parser(self):
+        parser = super(Main, self).create_parser()
+        parser.set_usage('%prog [OPTS] sshUser principal principal ...')
+        parser.set_description(
+            'Serves principals as AuthorizedPrincipalsCommand ')
+        return parser
+
+    def handle_args(self, parser, cfg, options, args):
+        try:
+            (sshUser, principals) = args
+        except ValueError:
+            parser.error('Missing argument sshUsers and/or principals.')
+
+        log = logging.getLogger('gitosis.principals')
+        os.umask(0022)
+
+        git_dir = os.environ.get('GIT_DIR')
+
+        if sshUser != "":
+            log.info('Running serve_principal for user %s', sshUser)
+            serve_printipal(sshUser, principal)
+            log.info('Done.')
+
+#        if git_dir is None:
+#            log.error('Must have GIT_DIR set in enviroment')
+#            sys.exit(1)
+#
+#        if hook == 'post-update':
+#            log.info('Running hook %s', hook)
+#            post_update(cfg, git_dir)
+#            log.info('Done.')
+#        else:
+#            log.warning('Ignoring unknown hook: %r', hook)
diff --git a/setup.py b/setup.py
index 30eb9a5..4635d87 100755
--- a/setup.py
+++ b/setup.py
@@ -45,6 +45,7 @@ def subdir_contents(path):
             'gitosis-serve = gitosis.serve:Main.run',
             'gitosis-run-hook = gitosis.run_hook:Main.run',
             'gitosis-init = gitosis.init:Main.run',
+            'gitosis-authorized-principals = gitosis.principals:Main.run',
             ],
         },
 

From 2b9038c797a1d824848738e80249059b804febd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 20:58:05 +0200
Subject: [PATCH 26/92] typo fixed

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 37e8b25..1c96acc 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -78,7 +78,7 @@ def handle_args(self, parser, cfg, options, args):
 
         if sshUser != "":
             log.info('Running serve_principal for user %s', sshUser)
-            serve_printipal(sshUser, principal)
+            serve_principal(sshUser, principal)
             log.info('Done.')
 
 #        if git_dir is None:

From 60cf43a0db390fb9d0f3173a6cdc86b708ea261c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 20:59:17 +0200
Subject: [PATCH 27/92] typo fixed

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 1c96acc..89d8e59 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -78,7 +78,7 @@ def handle_args(self, parser, cfg, options, args):
 
         if sshUser != "":
             log.info('Running serve_principal for user %s', sshUser)
-            serve_principal(sshUser, principal)
+            serve_principal(sshUser, principals)
             log.info('Done.')
 
 #        if git_dir is None:

From 7d993c0b10ebed3b64c6b4682401d1810c4ccf90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 22:27:28 +0200
Subject: [PATCH 28/92] debug

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 89d8e59..c733b13 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -67,7 +67,7 @@ def create_parser(self):
 
     def handle_args(self, parser, cfg, options, args):
         try:
-            (sshUser, principals) = args
+            (sshUser,) = args
         except ValueError:
             parser.error('Missing argument sshUsers and/or principals.')
 

From 9b3b7ae6c28ae35a791c6d2dd81e5bdb356dbbd1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 22:29:29 +0200
Subject: [PATCH 29/92] debug

---
 gitosis/principals.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index c733b13..0ef53a7 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -66,6 +66,7 @@ def create_parser(self):
         return parser
 
     def handle_args(self, parser, cfg, options, args):
+        parser.error(args)
         try:
             (sshUser,) = args
         except ValueError:

From b88948bb2ca0b9dd97fdf27e0b52e5ba88afda71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 22:34:11 +0200
Subject: [PATCH 30/92] debug

---
 gitosis/principals.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 0ef53a7..ab955a5 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -66,9 +66,10 @@ def create_parser(self):
         return parser
 
     def handle_args(self, parser, cfg, options, args):
-        parser.error(args)
         try:
-            (sshUser,) = args
+            sshUser = args.pop(0)
+            principals = ' '.join(args)
+            parser.error(principals)
         except ValueError:
             parser.error('Missing argument sshUsers and/or principals.')
 

From 0d631132e0588c97e1f1efa4250a59f391d751d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 22:41:53 +0200
Subject: [PATCH 31/92] debug

---
 gitosis/principals.py | 51 +++++++------------------------------------
 1 file changed, 8 insertions(+), 43 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index ab955a5..078165f 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -16,46 +16,15 @@
 from gitosis import app
 from gitosis import util
 
-def serve_principal(sshUser, principal):
-    print "Do nothing"
 
-def post_update(cfg, git_dir):
-    export = os.path.join(git_dir, 'gitosis-export')
-    try:
-        shutil.rmtree(export)
-    except OSError, e:
-        if e.errno == errno.ENOENT:
-            pass
-        else:
-            raise
-    repository.export(git_dir=git_dir, path=export)
-    os.rename(
-        os.path.join(export, 'gitosis.conf'),
-        os.path.join(export, '..', 'gitosis.conf'),
-        )
-    # re-read config to get up-to-date settings
-    cfg.read(os.path.join(export, '..', 'gitosis.conf'))
-    gitweb.set_descriptions(
-        config=cfg,
-        )
-    generated = util.getGeneratedFilesDir(config=cfg)
-    gitweb.generate_project_list(
-        config=cfg,
-        path=os.path.join(generated, 'projects.list'),
-        )
-    gitdaemon.set_export_ok(
-        config=cfg,
-        )
-    authorized_keys = util.getSSHAuthorizedKeysPath(config=cfg)
-    ssh.writeAuthorizedKeys(
-        path=authorized_keys,
-        keydir=os.path.join(export, 'keydir'),
-        )
-    principals = util.getSSHPrincipalsPath(config=cfg)
-    ssh_principals.writePrincipals(
-        path=principals,
-        principals=os.path.join(export, 'keydir/principals'),
-        )
+def serve_principal(sshUser, principals):
+    TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
+              +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
+
+    for (sshUser, principals) in keys:
+        log.debug(TEMPLATE % dict(user=user))
+        yield TEMPLATE % dict(user=user, principals=principals)
+
 
 class Main(app.App):
     def create_parser(self):
@@ -69,14 +38,10 @@ def handle_args(self, parser, cfg, options, args):
         try:
             sshUser = args.pop(0)
             principals = ' '.join(args)
-            parser.error(principals)
         except ValueError:
             parser.error('Missing argument sshUsers and/or principals.')
 
         log = logging.getLogger('gitosis.principals')
-        os.umask(0022)
-
-        git_dir = os.environ.get('GIT_DIR')
 
         if sshUser != "":
             log.info('Running serve_principal for user %s', sshUser)

From ba197a1ea73a6142dbfc73880572c36c16eea90e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 22:43:25 +0200
Subject: [PATCH 32/92] print line

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 078165f..4629271 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -23,7 +23,7 @@ def serve_principal(sshUser, principals):
 
     for (sshUser, principals) in keys:
         log.debug(TEMPLATE % dict(user=user))
-        yield TEMPLATE % dict(user=user, principals=principals)
+        print TEMPLATE % dict(user=user, principals=principals)
 
 
 class Main(app.App):

From efdab87466cd323abaea4dbd84625e3853a7fd4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 22:44:42 +0200
Subject: [PATCH 33/92] loop removed

---
 gitosis/principals.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 4629271..ac879ee 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -21,9 +21,8 @@ def serve_principal(sshUser, principals):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
-    for (sshUser, principals) in keys:
-        log.debug(TEMPLATE % dict(user=user))
-        print TEMPLATE % dict(user=user, principals=principals)
+    log.debug(TEMPLATE % dict(user=user))
+    print TEMPLATE % dict(user=user, principals=principals)
 
 
 class Main(app.App):

From e2302c25bf1e23fc53724e5e72044f65f3235fc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 22:45:22 +0200
Subject: [PATCH 34/92] log removed

---
 gitosis/principals.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index ac879ee..7c39e99 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -21,7 +21,6 @@ def serve_principal(sshUser, principals):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
-    log.debug(TEMPLATE % dict(user=user))
     print TEMPLATE % dict(user=user, principals=principals)
 
 

From 544a26c54ae4198b165934aa9cbce489af31b791 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 22:46:05 +0200
Subject: [PATCH 35/92] user->sshUser

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 7c39e99..2334cdc 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -21,7 +21,7 @@ def serve_principal(sshUser, principals):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
-    print TEMPLATE % dict(user=user, principals=principals)
+    print TEMPLATE % dict(user=sshUser, principals=principals)
 
 
 class Main(app.App):

From 3d479977f08054b7a9fafcb7f96fff11b96f693c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 22:52:35 +0200
Subject: [PATCH 36/92] sshUser mit und ohne @

---
 gitosis/principals.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 2334cdc..41afc7c 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -21,7 +21,11 @@ def serve_principal(sshUser, principals):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
-    print TEMPLATE % dict(user=sshUser, principals=principals)
+    if '@' in sshUser:
+        for user in [ sshUser, sshUser.split('@')[0] ]
+            print TEMPLATE % dict(user=user, principals=principals)
+    else:
+        print TEMPLATE % dict(user=sshUser, principals=principals)
 
 
 class Main(app.App):

From de05ba9144ea849080df0ebda254c520cd7ff5b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 22:54:42 +0200
Subject: [PATCH 37/92] loop fixed

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 41afc7c..68cb8ce 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -22,7 +22,7 @@ def serve_principal(sshUser, principals):
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
     if '@' in sshUser:
-        for user in [ sshUser, sshUser.split('@')[0] ]
+        for user in [ sshUser, sshUser.split('@')[0] ]:
             print TEMPLATE % dict(user=user, principals=principals)
     else:
         print TEMPLATE % dict(user=sshUser, principals=principals)

From 7438aedf64b827865c6331820f839e68b11b6726 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 23:08:54 +0200
Subject: [PATCH 38/92] added logfile

---
 gitosis/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/app.py b/gitosis/app.py
index fa9772b..1cefdd7 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -38,7 +38,7 @@ def main(self):
         self.handle_args(parser, cfg, options, args)
 
     def setup_basic_logging(self):
-        logging.basicConfig()
+        logging.basicConfig(filename='/var/log/gitosis.log')
 
     def create_parser(self):
         parser = optparse.OptionParser()

From 1fc6d57c0d42b25f3cd9f1d975dcc79194de400b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Thu, 1 Aug 2019 23:10:32 +0200
Subject: [PATCH 39/92] log to logifile

---
 gitosis/principals.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 68cb8ce..3e633a4 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -23,8 +23,10 @@ def serve_principal(sshUser, principals):
 
     if '@' in sshUser:
         for user in [ sshUser, sshUser.split('@')[0] ]:
+            log.debug(TEMPLATE % dict(user=user, principals=principals))
             print TEMPLATE % dict(user=user, principals=principals)
     else:
+        log.debug(TEMPLATE % dict(user=user, principals=principals))
         print TEMPLATE % dict(user=sshUser, principals=principals)
 
 

From 5796ba441d6da2a852720141a8dd033cfe9aadf3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 00:01:04 +0200
Subject: [PATCH 40/92] logfile in ~

---
 gitosis/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/app.py b/gitosis/app.py
index 1cefdd7..23d96e4 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -38,7 +38,7 @@ def main(self):
         self.handle_args(parser, cfg, options, args)
 
     def setup_basic_logging(self):
-        logging.basicConfig(filename='/var/log/gitosis.log')
+        logging.basicConfig(filename='~/gitosis.log')
 
     def create_parser(self):
         parser = optparse.OptionParser()

From 6487465d74a9f1cc9cd29dbefa44c979523ce0ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 00:02:16 +0200
Subject: [PATCH 41/92] logging entfernt

---
 gitosis/principals.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 3e633a4..68cb8ce 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -23,10 +23,8 @@ def serve_principal(sshUser, principals):
 
     if '@' in sshUser:
         for user in [ sshUser, sshUser.split('@')[0] ]:
-            log.debug(TEMPLATE % dict(user=user, principals=principals))
             print TEMPLATE % dict(user=user, principals=principals)
     else:
-        log.debug(TEMPLATE % dict(user=user, principals=principals))
         print TEMPLATE % dict(user=sshUser, principals=principals)
 
 

From 3442e2ef3b5015bb5597be829acabe41126713bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 00:03:22 +0200
Subject: [PATCH 42/92] logfile in home fixed

---
 gitosis/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/app.py b/gitosis/app.py
index 23d96e4..511e191 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -38,7 +38,7 @@ def main(self):
         self.handle_args(parser, cfg, options, args)
 
     def setup_basic_logging(self):
-        logging.basicConfig(filename='~/gitosis.log')
+        logging.basicConfig(filename='gitosis.log')
 
     def create_parser(self):
         parser = optparse.OptionParser()

From 46278d689f04b84bf210b9dde704174859a196f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 00:12:22 +0200
Subject: [PATCH 43/92] logfile

---
 gitosis/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/app.py b/gitosis/app.py
index 511e191..083dc6b 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -38,7 +38,7 @@ def main(self):
         self.handle_args(parser, cfg, options, args)
 
     def setup_basic_logging(self):
-        logging.basicConfig(filename='gitosis.log')
+        logging.basicConfig(filename='/home/git/gitosis.log')
 
     def create_parser(self):
         parser = optparse.OptionParser()

From 4497a2b71e3d4fb9bbe759fa604c18ff49097099 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 00:58:21 +0200
Subject: [PATCH 44/92] getAllowedSSHPrincipals from config

---
 gitosis/principals.py | 6 ++++--
 gitosis/util.py       | 7 +++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 68cb8ce..223ba00 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -23,9 +23,11 @@ def serve_principal(sshUser, principals):
 
     if '@' in sshUser:
         for user in [ sshUser, sshUser.split('@')[0] ]:
-            print TEMPLATE % dict(user=user, principals=principals)
+            print TEMPLATE % dict(user=user,
+                                  principals=getAllowedSSHPrincipals(cfg))
     else:
-        print TEMPLATE % dict(user=sshUser, principals=principals)
+        print TEMPLATE % dict(user=sshUser,
+                              principals=util.getAllowedSSHPrincipals(cfg))
 
 
 class Main(app.App):
diff --git a/gitosis/util.py b/gitosis/util.py
index 4ec6bde..f0cd622 100644
--- a/gitosis/util.py
+++ b/gitosis/util.py
@@ -41,3 +41,10 @@ def getSSHPrincipalsPath(config):
     except (NoSectionError, NoOptionError):
         path = os.path.expanduser('~/.ssh/principals')
     return path
+
+def getAllowedSSHPrincipals(config):
+    try:
+        principals = config.get('gitosis', 'allowedPrincipals')
+    except (NoSectionError, NoOptionError):
+        principals = "git"
+    return path

From 9d50d269123fb7399362f7198dff16d973b47c1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 01:01:23 +0200
Subject: [PATCH 45/92] fixed

---
 gitosis/principals.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 223ba00..390d568 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -24,10 +24,10 @@ def serve_principal(sshUser, principals):
     if '@' in sshUser:
         for user in [ sshUser, sshUser.split('@')[0] ]:
             print TEMPLATE % dict(user=user,
-                                  principals=getAllowedSSHPrincipals(cfg))
+                                  principals=getAllowedSSHPrincipals(config=cfg))
     else:
         print TEMPLATE % dict(user=sshUser,
-                              principals=util.getAllowedSSHPrincipals(cfg))
+                              principals=util.getAllowedSSHPrincipals(config=cfg))
 
 
 class Main(app.App):

From 42c53524069e4abb864a1ac38e44066b5bb3ba27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 01:02:21 +0200
Subject: [PATCH 46/92] util fixed

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 390d568..33bf3b0 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -24,7 +24,7 @@ def serve_principal(sshUser, principals):
     if '@' in sshUser:
         for user in [ sshUser, sshUser.split('@')[0] ]:
             print TEMPLATE % dict(user=user,
-                                  principals=getAllowedSSHPrincipals(config=cfg))
+                                  principals=util.getAllowedSSHPrincipals(config=cfg))
     else:
         print TEMPLATE % dict(user=sshUser,
                               principals=util.getAllowedSSHPrincipals(config=cfg))

From 490c089f1e747bdb720c22e140f2e7e3240dad89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 01:06:19 +0200
Subject: [PATCH 47/92] missing code added

---
 gitosis/principals.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 33bf3b0..32a9242 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -17,7 +17,11 @@
 from gitosis import util
 
 
-def serve_principal(sshUser, principals):
+def serve_principal(cfg, git_dir, sshUser, principals):
+    export = os.path.join(git_dir, 'gitosis-export')
+    # re-read config to get up-to-date settings
+    cfg.read(os.path.join(export, '..', 'gitosis.conf'))
+
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
@@ -47,14 +51,15 @@ def handle_args(self, parser, cfg, options, args):
 
         log = logging.getLogger('gitosis.principals')
 
+        git_dir = os.environ.get('GIT_DIR')
+        if git_dir is None:
+            log.error('Must have GIT_DIR set in enviroment')
+            sys.exit(1)
+
         if sshUser != "":
             log.info('Running serve_principal for user %s', sshUser)
-            serve_principal(sshUser, principals)
+            serve_principal(cfg, git_dir, sshUser, principals)
             log.info('Done.')
-
-#        if git_dir is None:
-#            log.error('Must have GIT_DIR set in enviroment')
-#            sys.exit(1)
 #
 #        if hook == 'post-update':
 #            log.info('Running hook %s', hook)

From ca4479cdc01dad2bede79625f9cb28980e931200 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 01:36:36 +0200
Subject: [PATCH 48/92] Where comes GIT_DIR from?

---
 gitosis/.init.py.swp | Bin 0 -> 4096 bytes
 gitosis/run_hook.py  |   1 +
 2 files changed, 1 insertion(+)
 create mode 100644 gitosis/.init.py.swp

diff --git a/gitosis/.init.py.swp b/gitosis/.init.py.swp
new file mode 100644
index 0000000000000000000000000000000000000000..973607a75c66bb88a73c017a7c4ea672c808273d
GIT binary patch
literal 4096
zcmYc?2=nw+u+TGP00IF9hV}a$V~;(RXV9`^V8}|$&QB^W)+<iVC`~P@0;#|XN)pp`
zjg7%3V3mgn)}a}wpPpF)!uiFS#c(<^FSA6ipc1BMlpYO%(GZ|Q2$Ytj>00nI7#kTH
vfJ{?XQdAHY3Z;U<qehH|z-S1JhQMeDjE2By2#kinXb6mkz-R~zl@I^`O%5ZP

literal 0
HcmV?d00001

diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index 0c72e93..8b8b442 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -72,6 +72,7 @@ def handle_args(self, parser, cfg, options, args):
         os.umask(0022)
 
         git_dir = os.environ.get('GIT_DIR')
+        log.debug("GIT_DIR", git_dir)
         if git_dir is None:
             log.error('Must have GIT_DIR set in enviroment')
             sys.exit(1)

From e6691d2c493028b5bd49aee78fdae65ca1dd3902 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 01:47:53 +0200
Subject: [PATCH 49/92] git_dir removed

---
 gitosis/.init.py.swp  | Bin 4096 -> 0 bytes
 gitosis/principals.py |   8 ++------
 2 files changed, 2 insertions(+), 6 deletions(-)
 delete mode 100644 gitosis/.init.py.swp

diff --git a/gitosis/.init.py.swp b/gitosis/.init.py.swp
deleted file mode 100644
index 973607a75c66bb88a73c017a7c4ea672c808273d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4096
zcmYc?2=nw+u+TGP00IF9hV}a$V~;(RXV9`^V8}|$&QB^W)+<iVC`~P@0;#|XN)pp`
zjg7%3V3mgn)}a}wpPpF)!uiFS#c(<^FSA6ipc1BMlpYO%(GZ|Q2$Ytj>00nI7#kTH
vfJ{?XQdAHY3Z;U<qehH|z-S1JhQMeDjE2By2#kinXb6mkz-R~zl@I^`O%5ZP

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 32a9242..e095726 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -17,10 +17,7 @@
 from gitosis import util
 
 
-def serve_principal(cfg, git_dir, sshUser, principals):
-    export = os.path.join(git_dir, 'gitosis-export')
-    # re-read config to get up-to-date settings
-    cfg.read(os.path.join(export, '..', 'gitosis.conf'))
+def serve_principal(cfg, sshUser, principals):
 
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
@@ -51,14 +48,13 @@ def handle_args(self, parser, cfg, options, args):
 
         log = logging.getLogger('gitosis.principals')
 
-        git_dir = os.environ.get('GIT_DIR')
         if git_dir is None:
             log.error('Must have GIT_DIR set in enviroment')
             sys.exit(1)
 
         if sshUser != "":
             log.info('Running serve_principal for user %s', sshUser)
-            serve_principal(cfg, git_dir, sshUser, principals)
+            serve_principal(cfg, sshUser, principals)
             log.info('Done.')
 #
 #        if hook == 'post-update':

From a96ad0df9d4cef3b71235558cb32683fffee26f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 01:49:16 +0200
Subject: [PATCH 50/92] git_dir check removed

---
 gitosis/principals.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index e095726..a13ed7a 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -48,10 +48,6 @@ def handle_args(self, parser, cfg, options, args):
 
         log = logging.getLogger('gitosis.principals')
 
-        if git_dir is None:
-            log.error('Must have GIT_DIR set in enviroment')
-            sys.exit(1)
-
         if sshUser != "":
             log.info('Running serve_principal for user %s', sshUser)
             serve_principal(cfg, sshUser, principals)

From 648319b63433526b0e72b127538d02e89ed19b09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 01:50:54 +0200
Subject: [PATCH 51/92] path durch principals ersetzt

---
 gitosis/util.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/util.py b/gitosis/util.py
index f0cd622..54f9afc 100644
--- a/gitosis/util.py
+++ b/gitosis/util.py
@@ -47,4 +47,4 @@ def getAllowedSSHPrincipals(config):
         principals = config.get('gitosis', 'allowedPrincipals')
     except (NoSectionError, NoOptionError):
         principals = "git"
-    return path
+    return principals

From 3f9ba857d3b11fea69d8afe1cef89f6fe566982c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 02:07:30 +0200
Subject: [PATCH 52/92] long username removed

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index a13ed7a..33e478b 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -23,7 +23,7 @@ def serve_principal(cfg, sshUser, principals):
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
     if '@' in sshUser:
-        for user in [ sshUser, sshUser.split('@')[0] ]:
+        for user in [ sshUser.split('@')[0] ]:
             print TEMPLATE % dict(user=user,
                                   principals=util.getAllowedSSHPrincipals(config=cfg))
     else:

From acc17bccc8fda8c37d71e42e94d7c97643434f01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 03:02:25 +0200
Subject: [PATCH 53/92] Use of principals added to README

---
 README.rst | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/README.rst b/README.rst
index 65d58f8..0f8494a 100644
--- a/README.rst
+++ b/README.rst
@@ -190,6 +190,62 @@ Note that this short snippet is not a substitute for reading and
 understanding the relevant documentation.
 
 
+Using ssh-certificates and principals
+=====================================
+
+``ssh certificates`` are a new feature of openssh, where you setup your own ssh-CA
+and you sign all you host- and user-pubkeys. 
+
+If you want to use certificates ans principals, please visit THIS_ and THIS_ website.
+To find out more about the AuthorizedPrincipalCommand in sshd_config, please consult GITLABS_ 
+documentation for it.
+
+.. _THIS: https://ef.gy/hardening-ssh
+.. _THIS: https://framkant.org/2017/07/scalable-access-control-using-openssh-certificates/
+.. _GITLABS: https://docs.gitlab.com/ee/administration/operations/ssh_certificates.html
+
+To use principals and ssh-certificates with this fork of gitosis, please add this snippet to your sshd_config on your git-server
+
+    Match User git
+        AuthorizedPrincipalsCommandUser git
+        AuthorizedPrincipalsCommand    /usr/local/bin/gitosis-authorized-principals %i 
+
+This will run the command as user "git", which will you have installed, when you serve your gitrepos with gitosis. 
+%i is the key-identity of your certificate, which will you give on your sign-process to the user-certificate.
+
+Then you need an additional line in your gitosis.conf in the [gitosis]-section
+
+    [gitosis]
+    ...
+    allowedPrincipals = git gitosis-admin
+
+In the members-line of your gitosis.conf, you have to write down the key-identity (which is passed as %i in you sshd_config). If you are not sure,
+what the identity is, try
+
+    ssh-keygen -L -f ~/.ssh/id_rsa-cert.pub
+
+    /home/myusername/.ssh/id_rsa-cert.pub:
+        Type: ssh-rsa-cert-v01@openssh.com user certificate
+        Public key: RSA-CERT SHA256:cjLH4l45G32zOaJBjv8Udnr7bkwHRNB3nAz0a6SCOl0
+        Signing CA: ED25519 SHA256:9bMENs+blen§naslr§BJEN421I5ckbu4mvpnktiHdUs (using ssh-ed25519)
+        Key ID: "myusername"
+        Serial: 4
+        Valid: from 2019-08-02T02:29:00 to 2020-08-01T02:30:20
+        Principals: 
+                myusername
+                principal2
+                git
+                gitosis-admin
+        Critical Options: (none)
+        Extensions: 
+                permit-X11-forwarding
+                permit-agent-forwarding
+                permit-port-forwarding
+                permit-pty
+                permit-user-rc
+
+from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos.
+Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo
 
 Contact
 =======

From 6f5727f25b28219372b5a9b71c46c97255f1eba1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 03:07:49 +0200
Subject: [PATCH 54/92] formatierung changed

---
 README.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.rst b/README.rst
index 0f8494a..7991e6d 100644
--- a/README.rst
+++ b/README.rst
@@ -204,7 +204,7 @@ documentation for it.
 .. _THIS: https://framkant.org/2017/07/scalable-access-control-using-openssh-certificates/
 .. _GITLABS: https://docs.gitlab.com/ee/administration/operations/ssh_certificates.html
 
-To use principals and ssh-certificates with this fork of gitosis, please add this snippet to your sshd_config on your git-server
+To use principals and ssh-certificates with this fork of gitosis, please add this snippet to your sshd_config on your git-server::
 
     Match User git
         AuthorizedPrincipalsCommandUser git
@@ -213,14 +213,14 @@ To use principals and ssh-certificates with this fork of gitosis, please add thi
 This will run the command as user "git", which will you have installed, when you serve your gitrepos with gitosis. 
 %i is the key-identity of your certificate, which will you give on your sign-process to the user-certificate.
 
-Then you need an additional line in your gitosis.conf in the [gitosis]-section
+Then you need an additional line in your gitosis.conf in the [gitosis]-section::
 
     [gitosis]
     ...
     allowedPrincipals = git gitosis-admin
 
 In the members-line of your gitosis.conf, you have to write down the key-identity (which is passed as %i in you sshd_config). If you are not sure,
-what the identity is, try
+what the identity is, try::
 
     ssh-keygen -L -f ~/.ssh/id_rsa-cert.pub
 

From b8fee87586295a413fef04be4a5515900ec22875 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 03:09:47 +0200
Subject: [PATCH 55/92] contact added

---
 README.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.rst b/README.rst
index 7991e6d..b6dc4a4 100644
--- a/README.rst
+++ b/README.rst
@@ -253,5 +253,7 @@ Contact
 You can email the author at ``tv@eagain.net``, or hop on
 ``irc.freenode.net`` channel ``#git`` and hope for the best.
 
+For ssh-certificates and principals, please contact wertstoffe@xundeenergie.at
+
 There will be more, keep an eye on http://eagain.net/ and/or the git
 mailing list.

From fb9da76837c796a4b0b4869ed44610e4c4320d63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 03:17:32 +0200
Subject: [PATCH 56/92] only key ID from ssh-certificate is used

---
 gitosis/principals.py | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 33e478b..6001b67 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -22,13 +22,8 @@ def serve_principal(cfg, sshUser, principals):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
-    if '@' in sshUser:
-        for user in [ sshUser.split('@')[0] ]:
-            print TEMPLATE % dict(user=user,
-                                  principals=util.getAllowedSSHPrincipals(config=cfg))
-    else:
-        print TEMPLATE % dict(user=sshUser,
-                              principals=util.getAllowedSSHPrincipals(config=cfg))
+    print TEMPLATE % dict(user=sshUser,
+                          principals=util.getAllowedSSHPrincipals(config=cfg))
 
 
 class Main(app.App):

From 2a528be734434c0c12264fd574b452b81d532260 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 03:26:48 +0200
Subject: [PATCH 57/92] readme static principal-files added

---
 README.rst | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/README.rst b/README.rst
index b6dc4a4..8a20bbd 100644
--- a/README.rst
+++ b/README.rst
@@ -247,6 +247,28 @@ what the identity is, try::
 from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos.
 Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo
 
+### parallel use of principals/certificates an pubkeys
+
+It is possible, to use pubkeys in parallel to these principals from certificates. Just as described above. If you have a user, which has no certificate from your ssh-CA, just add his
+public-sshkey in the keydir.
+
+### static principal-files
+If you don't want to use the AuthorizedPrincipalCommand, you get a statically generated principal-file on each commit of your gitosis-admin repo. 
+Just add::
+    
+    AuthorizedPrincipalsFile /etc/ssh/userprincipals/%u
+
+to your sshd_config instead of the  "Match User git"-section from above, before all of your matching-sections. This file MUST point (use symlinks) to::
+
+    /home/git/.ssh/principals
+
+Or if you want all of your principal-files in your users homedirectories, you can use::
+
+    AuthorizedPrincipalsFile %h/.ssh/principals
+
+It belongs to your setup.
+
+
 Contact
 =======
 

From de80f5c9e9611372777c0f64d28f6e63f6333cb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 03:43:25 +0200
Subject: [PATCH 58/92] users in static principal-files

---
 gitosis/run_hook.py       |  3 ++-
 gitosis/ssh_principals.py | 22 ++++++++++++----------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index 8b8b442..f126328 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -50,8 +50,9 @@ def post_update(cfg, git_dir):
         )
     principals = util.getSSHPrincipalsPath(config=cfg)
     ssh_principals.writePrincipals(
+        cfg=cfg,
         path=principals,
-        principals=os.path.join(export, 'keydir/principals'),
+        users=os.path.join(export, 'keydir/users'),
         )
 
 class Main(app.App):
diff --git a/gitosis/ssh_principals.py b/gitosis/ssh_principals.py
index 1fdf071..a2209c1 100644
--- a/gitosis/ssh_principals.py
+++ b/gitosis/ssh_principals.py
@@ -9,11 +9,11 @@ def isSafeUsername(user):
     match = _ACCEPTABLE_USER_RE.match(user)
     return (match is not None)
 
-def readPrincipals(principals):
+def readUsernames(userfile):
     """
-    Read SSH principals from ``principals``
+    Read SSH users from ``userfile``
     """
-    f = file(principals)
+    f = file(userfile)
     for line in f:
         if not isSafeUsername(line):
             log.warn('Unsafe SSH username in principalfile: %r', line)
@@ -24,14 +24,16 @@ def readPrincipals(principals):
 
 COMMENT = '### autogenerated by gitosis, DO NOT EDIT'
 
-def generatePrincipals(keys):
+def generatePrincipals(cfg, keys):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
-              +'no-X11-forwarding,no-agent-forwarding,no-pty %(user)s')
+              +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
+
+    principals=util.getAllowedSSHPrincipals(config=cfg)
 
     yield COMMENT
     for (user) in keys:
-        log.debug(TEMPLATE % dict(user=user))
-        yield TEMPLATE % dict(user=user)
+        log.debug(TEMPLATE % dict(user=user, principals=principals))
+        yield TEMPLATE % dict(user=user, principals=principals)
 
 _COMMAND_RE = re.compile('^command="(/[^ "]+/)?gitosis-serve [^"]+",no-port-forw'
                          +'arding,no-X11-forwarding,no-agent-forwardi'
@@ -52,7 +54,7 @@ def filterPrincipals(fp):
             continue
         yield line
 
-def writePrincipals(path, principals):
+def writePrincipals(cfg, path, users):
     tmp = '%s.%d.tmp' % (path, os.getpid())
     try:
         in_ = file(path)
@@ -69,8 +71,8 @@ def writePrincipals(path, principals):
                 for line in filterPrincipals(in_):
                     print >>out, line
 
-            keygen = readPrincipals(principals)
-            for line in generatePrincipals(keygen):
+            user = readUsernames(users)
+            for line in generatePrincipals(cfg, user):
                 print >>out, line
 
             os.fsync(out)

From 96c6226f7ec123b827ef1e5c3739bd548afd91ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 03:45:51 +0200
Subject: [PATCH 59/92] dependency added

---
 gitosis/ssh_principals.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gitosis/ssh_principals.py b/gitosis/ssh_principals.py
index a2209c1..6a4b416 100644
--- a/gitosis/ssh_principals.py
+++ b/gitosis/ssh_principals.py
@@ -1,6 +1,8 @@
 import os, errno, re
 import logging
 
+from gitosis import util
+
 log = logging.getLogger('gitosis.ssh')
 
 _ACCEPTABLE_USER_RE = re.compile(r'^[a-zA-Z][a-zA-Z0-9_.-]*(@[a-zA-Z][a-zA-Z0-9.-]*)?$')

From cc9f200554a2defc241f791b6c673e2314a9dcc9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 03:54:56 +0200
Subject: [PATCH 60/92] =?UTF-8?q?Readme=20erg=C3=A4nzt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.rst b/README.rst
index 8a20bbd..22bec00 100644
--- a/README.rst
+++ b/README.rst
@@ -253,6 +253,11 @@ It is possible, to use pubkeys in parallel to these principals from certificates
 public-sshkey in the keydir.
 
 ### static principal-files
+Static principal-files have a big drawback in this usecase. Always the first found match is taken. Every user has the same alloewd principals (allowedPrincipals from config). I don't know, how to
+get a match from the current user to the right principal-line... The first one is taken, which matches, so every time, the first line is taken... 
+
+If you know, how to solve that, let me know. So i use only the dynamic AuthorizedPrincipalCommand
+
 If you don't want to use the AuthorizedPrincipalCommand, you get a statically generated principal-file on each commit of your gitosis-admin repo. 
 Just add::
     

From a0e4459423ad6e4aacc2c4da5d1763c13e06b4c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 09:38:28 +0200
Subject: [PATCH 61/92] static principal-files removed, also from README

---
 README.rst                | 23 +----------
 gitosis/principals.py     |  1 -
 gitosis/run_hook.py       |  7 ----
 gitosis/ssh_principals.py | 86 ---------------------------------------
 4 files changed, 1 insertion(+), 116 deletions(-)
 delete mode 100644 gitosis/ssh_principals.py

diff --git a/README.rst b/README.rst
index 22bec00..2016821 100644
--- a/README.rst
+++ b/README.rst
@@ -250,28 +250,7 @@ Access is only given, if you have one of the allowed principals in your certific
 ### parallel use of principals/certificates an pubkeys
 
 It is possible, to use pubkeys in parallel to these principals from certificates. Just as described above. If you have a user, which has no certificate from your ssh-CA, just add his
-public-sshkey in the keydir.
-
-### static principal-files
-Static principal-files have a big drawback in this usecase. Always the first found match is taken. Every user has the same alloewd principals (allowedPrincipals from config). I don't know, how to
-get a match from the current user to the right principal-line... The first one is taken, which matches, so every time, the first line is taken... 
-
-If you know, how to solve that, let me know. So i use only the dynamic AuthorizedPrincipalCommand
-
-If you don't want to use the AuthorizedPrincipalCommand, you get a statically generated principal-file on each commit of your gitosis-admin repo. 
-Just add::
-    
-    AuthorizedPrincipalsFile /etc/ssh/userprincipals/%u
-
-to your sshd_config instead of the  "Match User git"-section from above, before all of your matching-sections. This file MUST point (use symlinks) to::
-
-    /home/git/.ssh/principals
-
-Or if you want all of your principal-files in your users homedirectories, you can use::
-
-    AuthorizedPrincipalsFile %h/.ssh/principals
-
-It belongs to your setup.
+public-sshkey in the keydir. (not tested now)
 
 
 Contact
diff --git a/gitosis/principals.py b/gitosis/principals.py
index 6001b67..22574e7 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -10,7 +10,6 @@
 
 from gitosis import repository
 from gitosis import ssh
-from gitosis import ssh_principals
 from gitosis import gitweb
 from gitosis import gitdaemon
 from gitosis import app
diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index f126328..02fc055 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -10,7 +10,6 @@
 
 from gitosis import repository
 from gitosis import ssh
-from gitosis import ssh_principals
 from gitosis import gitweb
 from gitosis import gitdaemon
 from gitosis import app
@@ -48,12 +47,6 @@ def post_update(cfg, git_dir):
         path=authorized_keys,
         keydir=os.path.join(export, 'keydir'),
         )
-    principals = util.getSSHPrincipalsPath(config=cfg)
-    ssh_principals.writePrincipals(
-        cfg=cfg,
-        path=principals,
-        users=os.path.join(export, 'keydir/users'),
-        )
 
 class Main(app.App):
     def create_parser(self):
diff --git a/gitosis/ssh_principals.py b/gitosis/ssh_principals.py
deleted file mode 100644
index 6a4b416..0000000
--- a/gitosis/ssh_principals.py
+++ /dev/null
@@ -1,86 +0,0 @@
-import os, errno, re
-import logging
-
-from gitosis import util
-
-log = logging.getLogger('gitosis.ssh')
-
-_ACCEPTABLE_USER_RE = re.compile(r'^[a-zA-Z][a-zA-Z0-9_.-]*(@[a-zA-Z][a-zA-Z0-9.-]*)?$')
-
-def isSafeUsername(user):
-    match = _ACCEPTABLE_USER_RE.match(user)
-    return (match is not None)
-
-def readUsernames(userfile):
-    """
-    Read SSH users from ``userfile``
-    """
-    f = file(userfile)
-    for line in f:
-        if not isSafeUsername(line):
-            log.warn('Unsafe SSH username in principalfile: %r', line)
-            continue
-        line = line.rstrip('\n')
-        yield (line)
-    f.close()
-
-COMMENT = '### autogenerated by gitosis, DO NOT EDIT'
-
-def generatePrincipals(cfg, keys):
-    TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
-              +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
-
-    principals=util.getAllowedSSHPrincipals(config=cfg)
-
-    yield COMMENT
-    for (user) in keys:
-        log.debug(TEMPLATE % dict(user=user, principals=principals))
-        yield TEMPLATE % dict(user=user, principals=principals)
-
-_COMMAND_RE = re.compile('^command="(/[^ "]+/)?gitosis-serve [^"]+",no-port-forw'
-                         +'arding,no-X11-forwarding,no-agent-forwardi'
-                         +'ng,no-pty .*')
-
-def filterPrincipals(fp):
-    """
-    Read lines from ``fp``, filter out autogenerated ones.
-
-    Note removes newlines.
-    """
-
-    for line in fp:
-        line = line.rstrip('\n')
-        if line == COMMENT:
-            continue
-        if _COMMAND_RE.match(line):
-            continue
-        yield line
-
-def writePrincipals(cfg, path, users):
-    tmp = '%s.%d.tmp' % (path, os.getpid())
-    try:
-        in_ = file(path)
-    except IOError, e:
-        if e.errno == errno.ENOENT:
-            in_ = None
-        else:
-            raise
-
-    try:
-        out = file(tmp, 'w')
-        try:
-            if in_ is not None:
-                for line in filterPrincipals(in_):
-                    print >>out, line
-
-            user = readUsernames(users)
-            for line in generatePrincipals(cfg, user):
-                print >>out, line
-
-            os.fsync(out)
-        finally:
-            out.close()
-    finally:
-        if in_ is not None:
-            in_.close()
-    os.rename(tmp, path)

From bad18e8fc4809726093c85ac67684cc49cb0a4dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 09:52:57 +0200
Subject: [PATCH 62/92] Formatting h3 tryout

---
 README.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 2016821..992aede 100644
--- a/README.rst
+++ b/README.rst
@@ -247,7 +247,7 @@ what the identity is, try::
 from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos.
 Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo
 
-### parallel use of principals/certificates an pubkeys
+## parallel use of principals/certificates an pubkeys
 
 It is possible, to use pubkeys in parallel to these principals from certificates. Just as described above. If you have a user, which has no certificate from your ssh-CA, just add his
 public-sshkey in the keydir. (not tested now)

From be752d3808273a4422ddc9b59255d79f4d5c3f16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 09:54:21 +0200
Subject: [PATCH 63/92] Formatting fixed (h2 instead of h3)

---
 README.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 992aede..ff9aabb 100644
--- a/README.rst
+++ b/README.rst
@@ -247,7 +247,8 @@ what the identity is, try::
 from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos.
 Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo
 
-## parallel use of principals/certificates an pubkeys
+Parallel use of principals/certificates an pubkeys
+--------------------------------------------------
 
 It is possible, to use pubkeys in parallel to these principals from certificates. Just as described above. If you have a user, which has no certificate from your ssh-CA, just add his
 public-sshkey in the keydir. (not tested now)

From fb0fdf2111f0898378f637e79a083c100bf43b52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 10:00:32 +0200
Subject: [PATCH 64/92] Initialisation with principals added

---
 README.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.rst b/README.rst
index ff9aabb..452c085 100644
--- a/README.rst
+++ b/README.rst
@@ -75,6 +75,12 @@ it to running ``gitosis-serve``. Run::
 	sudo -H -u git gitosis-init <FILENAME.pub
 	# (or just copy-paste the public key when prompted)
 
+If you want to use ssh-certificates with principals, you need a file with
+your admin-user in it. Name it adminuser.txt, only one line with your admins
+username in it and run::
+
+        sudo -H -u git gitosis-init <adminuser.txt
+
 then just ``git clone git@SERVER:gitosis-admin.git``, and you get a
 repository with SSH keys as ``keys/USER.pub`` and a ``gitosis.conf``
 where you can configure who has access to what.

From 732f818f8b841f4648d1a32b18aa02f3df17a47e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 10:05:24 +0200
Subject: [PATCH 65/92] principals added to example.conf

---
 example.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/example.conf b/example.conf
index 96400a9..595b488 100644
--- a/example.conf
+++ b/example.conf
@@ -18,6 +18,12 @@ daemon = no
 ## Logging level, one of DEBUG, INFO, WARNING, ERROR, CRITICAL
 loglevel = DEBUG
 
+## If you use ssh-certificates with principals, you need this option
+## If commented, allowedPrincipals defaults to "git". At least, your certificates of the users
+## which want to use this repos, must have at least "git" as principal in their
+## certificates
+allowedPrincipals = git
+
 [group quux]
 members = jdoe wsmith @anothergroup
 writable = foo bar baz/thud

From 87ece5e9e67281936bac1550613a1fc92c27d9c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Fri, 2 Aug 2019 16:40:56 +0200
Subject: [PATCH 66/92] principals added

---
 gitosis/principals.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 22574e7..7b14fbd 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -25,6 +25,7 @@ def serve_principal(cfg, sshUser, principals):
                           principals=util.getAllowedSSHPrincipals(config=cfg))
 
 
+
 class Main(app.App):
     def create_parser(self):
         parser = super(Main, self).create_parser()

From 4d1775f258c461f844343e8be6d63817d51777d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sat, 3 Aug 2019 15:09:35 +0200
Subject: [PATCH 67/92] debuglog

---
 gitosis/principals.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 7b14fbd..81ddbbd 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -45,6 +45,7 @@ def handle_args(self, parser, cfg, options, args):
 
         if sshUser != "":
             log.info('Running serve_principal for user %s', sshUser)
+            log.debug('serve_principal: %s', serve_principal(cfg, sshUser, principals))
             serve_principal(cfg, sshUser, principals)
             log.info('Done.')
 #

From 55b54aed64cf977fd56f033f8df832bbd590f1a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sat, 3 Aug 2019 15:15:39 +0200
Subject: [PATCH 68/92] return added

---
 gitosis/principals.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 81ddbbd..4c8947d 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -24,6 +24,8 @@ def serve_principal(cfg, sshUser, principals):
     print TEMPLATE % dict(user=sshUser,
                           principals=util.getAllowedSSHPrincipals(config=cfg))
 
+    return TEMPLATE % dict(user=sshUser,
+                          principals=util.getAllowedSSHPrincipals(config=cfg))
 
 
 class Main(app.App):

From 64b33914986ec5c20ee666b8bab23f70bc0cc8bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sat, 3 Aug 2019 15:21:13 +0200
Subject: [PATCH 69/92] a line for each principal

---
 gitosis/principals.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 4c8947d..b69ec41 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -21,11 +21,12 @@ def serve_principal(cfg, sshUser, principals):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
-    print TEMPLATE % dict(user=sshUser,
-                          principals=util.getAllowedSSHPrincipals(config=cfg))
+    for principal in util.getAllowedSSHPrincipals(config=cfg):
+        print TEMPLATE % dict(user=sshUser,
+                              principals=principal)
 
-    return TEMPLATE % dict(user=sshUser,
-                          principals=util.getAllowedSSHPrincipals(config=cfg))
+        return TEMPLATE % dict(user=sshUser,
+                              principals=util.principal)
 
 
 class Main(app.App):

From 458e7e2a0948d7fbb0ceeb5bf4df75d62865a444 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sat, 3 Aug 2019 15:22:32 +0200
Subject: [PATCH 70/92] variable renamed

---
 gitosis/principals.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index b69ec41..3da06e3 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -21,12 +21,10 @@ def serve_principal(cfg, sshUser, principals):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
-    for principal in util.getAllowedSSHPrincipals(config=cfg):
-        print TEMPLATE % dict(user=sshUser,
-                              principals=principal)
+    for p in util.getAllowedSSHPrincipals(config=cfg):
+        print TEMPLATE % dict(user=sshUser, principals=p)
 
-        return TEMPLATE % dict(user=sshUser,
-                              principals=util.principal)
+        return TEMPLATE % dict(user=sshUser, principals=util.p)
 
 
 class Main(app.App):

From 174de200c5164cc10b85ee7d0645bb118a4f50a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sat, 3 Aug 2019 15:23:41 +0200
Subject: [PATCH 71/92] debugging

---
 gitosis/principals.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 3da06e3..4efdf65 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -21,10 +21,10 @@ def serve_principal(cfg, sshUser, principals):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
-    for p in util.getAllowedSSHPrincipals(config=cfg):
+    for p in  util.getAllowedSSHPrincipals(config=cfg):
         print TEMPLATE % dict(user=sshUser, principals=p)
 
-        return TEMPLATE % dict(user=sshUser, principals=util.p)
+        return TEMPLATE % dict(user=sshUser, principals=p)
 
 
 class Main(app.App):

From 6c2c4ecd6dcb8f4ba1e408344e8d4a7368d30920 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sat, 3 Aug 2019 15:24:37 +0200
Subject: [PATCH 72/92] list as input for loop

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 4efdf65..32e5476 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -21,7 +21,7 @@ def serve_principal(cfg, sshUser, principals):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
-    for p in  util.getAllowedSSHPrincipals(config=cfg):
+    for p in  [ util.getAllowedSSHPrincipals(config=cfg) ] : 
         print TEMPLATE % dict(user=sshUser, principals=p)
 
         return TEMPLATE % dict(user=sshUser, principals=p)

From 26e6fc448c13e20c77c97ffa5186c220212880b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sat, 3 Aug 2019 15:26:17 +0200
Subject: [PATCH 73/92] split output

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 32e5476..8871523 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -21,7 +21,7 @@ def serve_principal(cfg, sshUser, principals):
     TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
-    for p in  [ util.getAllowedSSHPrincipals(config=cfg) ] : 
+    for p in   util.getAllowedSSHPrincipals(config=cfg).split()  : 
         print TEMPLATE % dict(user=sshUser, principals=p)
 
         return TEMPLATE % dict(user=sshUser, principals=p)

From 1a02e0763e8ab19d7526d1d9c2ad269a6b4d1a67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sat, 3 Aug 2019 15:27:54 +0200
Subject: [PATCH 74/92] debug

---
 gitosis/principals.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 8871523..18d50c3 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -24,7 +24,7 @@ def serve_principal(cfg, sshUser, principals):
     for p in   util.getAllowedSSHPrincipals(config=cfg).split()  : 
         print TEMPLATE % dict(user=sshUser, principals=p)
 
-        return TEMPLATE % dict(user=sshUser, principals=p)
+        log.debug(TEMPLATE % dict(user=sshUser, principals=p))
 
 
 class Main(app.App):
@@ -46,7 +46,7 @@ def handle_args(self, parser, cfg, options, args):
 
         if sshUser != "":
             log.info('Running serve_principal for user %s', sshUser)
-            log.debug('serve_principal: %s', serve_principal(cfg, sshUser, principals))
+            #log.debug('serve_principal: %s', serve_principal(cfg, sshUser, principals))
             serve_principal(cfg, sshUser, principals)
             log.info('Done.')
 #

From 34e373864f2d1e19253ca6a25a4c437cfbed0067 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sat, 3 Aug 2019 15:28:56 +0200
Subject: [PATCH 75/92] log entfernt

---
 gitosis/principals.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 18d50c3..d5a46c7 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -24,9 +24,6 @@ def serve_principal(cfg, sshUser, principals):
     for p in   util.getAllowedSSHPrincipals(config=cfg).split()  : 
         print TEMPLATE % dict(user=sshUser, principals=p)
 
-        log.debug(TEMPLATE % dict(user=sshUser, principals=p))
-
-
 class Main(app.App):
     def create_parser(self):
         parser = super(Main, self).create_parser()

From e15bad3da1e6f3e99648f4700c7f535d8b264d86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sun, 4 Aug 2019 02:52:44 +0200
Subject: [PATCH 76/92] only build principal with username out of user@host
 yield principals instead of print

---
 gitosis/principals.py | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index d5a46c7..96aba88 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -22,7 +22,7 @@ def serve_principal(cfg, sshUser, principals):
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
     for p in   util.getAllowedSSHPrincipals(config=cfg).split()  : 
-        print TEMPLATE % dict(user=sshUser, principals=p)
+        yield print TEMPLATE % dict(user=sshUser.partition('@')[0], principals=p)
 
 class Main(app.App):
     def create_parser(self):
@@ -44,12 +44,5 @@ def handle_args(self, parser, cfg, options, args):
         if sshUser != "":
             log.info('Running serve_principal for user %s', sshUser)
             #log.debug('serve_principal: %s', serve_principal(cfg, sshUser, principals))
-            serve_principal(cfg, sshUser, principals)
+            print serve_principal(cfg, sshUser, principals)
             log.info('Done.')
-#
-#        if hook == 'post-update':
-#            log.info('Running hook %s', hook)
-#            post_update(cfg, git_dir)
-#            log.info('Done.')
-#        else:
-#            log.warning('Ignoring unknown hook: %r', hook)

From 2c7b1c6e2241308a55a5e4ecd8daf5848b240b98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sun, 4 Aug 2019 03:08:22 +0200
Subject: [PATCH 77/92] print removed

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 96aba88..248af7a 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -22,7 +22,7 @@ def serve_principal(cfg, sshUser, principals):
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
     for p in   util.getAllowedSSHPrincipals(config=cfg).split()  : 
-        yield print TEMPLATE % dict(user=sshUser.partition('@')[0], principals=p)
+        yield TEMPLATE % dict(user=sshUser.partition('@')[0], principals=p)
 
 class Main(app.App):
     def create_parser(self):

From 8fbf51be7a14b66dc6081d1a315cf339fe021c71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@ebcont.com>
Date: Sun, 4 Aug 2019 03:09:47 +0200
Subject: [PATCH 78/92] yield changed to print

---
 gitosis/principals.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index 248af7a..e4c9665 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -22,7 +22,7 @@ def serve_principal(cfg, sshUser, principals):
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
     for p in   util.getAllowedSSHPrincipals(config=cfg).split()  : 
-        yield TEMPLATE % dict(user=sshUser.partition('@')[0], principals=p)
+        print TEMPLATE % dict(user=sshUser.partition('@')[0], principals=p)
 
 class Main(app.App):
     def create_parser(self):
@@ -44,5 +44,5 @@ def handle_args(self, parser, cfg, options, args):
         if sshUser != "":
             log.info('Running serve_principal for user %s', sshUser)
             #log.debug('serve_principal: %s', serve_principal(cfg, sshUser, principals))
-            print serve_principal(cfg, sshUser, principals)
+            serve_principal(cfg, sshUser, principals)
             log.info('Done.')

From 2039e7fb10a2798663885b22fa703637cc24c278 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Wed, 28 Aug 2019 09:17:18 +0200
Subject: [PATCH 79/92] Add sshd_config snippet for users not git

Added another snippet for sshd_config to use principal-files for users
which are NOT git. There you can also use another
AuthorizedPrincipalsCommand, if you want instead.
---
 README.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.rst b/README.rst
index 452c085..2541fbe 100644
--- a/README.rst
+++ b/README.rst
@@ -216,6 +216,12 @@ To use principals and ssh-certificates with this fork of gitosis, please add thi
         AuthorizedPrincipalsCommandUser git
         AuthorizedPrincipalsCommand    /usr/local/bin/gitosis-authorized-principals %i 
 
+And for all users except git, use only principal-files::
+    
+    Match User !git,*
+        AuthorizedPrincipalsFile /etc/ssh/userprincipals/%u
+
+
 This will run the command as user "git", which will you have installed, when you serve your gitrepos with gitosis. 
 %i is the key-identity of your certificate, which will you give on your sign-process to the user-certificate.
 

From 9defb275d350f27955f3a4784be8f29680f323f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Fri, 6 Sep 2019 00:23:52 +0200
Subject: [PATCH 80/92] fix logging if GIT_DIR is none

---
 gitosis/run_hook.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index 02fc055..903d40a 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -66,10 +66,11 @@ def handle_args(self, parser, cfg, options, args):
         os.umask(0022)
 
         git_dir = os.environ.get('GIT_DIR')
-        log.debug("GIT_DIR", git_dir)
         if git_dir is None:
             log.error('Must have GIT_DIR set in enviroment')
             sys.exit(1)
+        else:
+            log.debug("GIT_DIR", git_dir)
 
         if hook == 'post-update':
             log.info('Running hook %s', hook)

From 98be92f1496c2c3b8895fe8fb697eb5f2bd2c1dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Fri, 6 Sep 2019 00:35:17 +0200
Subject: [PATCH 81/92] debug

---
 gitosis/run_hook.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index 903d40a..adb1f50 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -66,6 +66,7 @@ def handle_args(self, parser, cfg, options, args):
         os.umask(0022)
 
         git_dir = os.environ.get('GIT_DIR')
+        print type(git_dir)
         if git_dir is None:
             log.error('Must have GIT_DIR set in enviroment')
             sys.exit(1)

From ea02faf354144a75c75970f83d233a5b05805f12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Fri, 6 Sep 2019 00:38:07 +0200
Subject: [PATCH 82/92] fixed logging when GIT_DIR is none

---
 gitosis/run_hook.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index 02fc055..1c66252 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -66,10 +66,12 @@ def handle_args(self, parser, cfg, options, args):
         os.umask(0022)
 
         git_dir = os.environ.get('GIT_DIR')
-        log.debug("GIT_DIR", git_dir)
         if git_dir is None:
             log.error('Must have GIT_DIR set in enviroment')
             sys.exit(1)
+        else:
+            log.debug("GIT_DIR", git_dir)
+
 
         if hook == 'post-update':
             log.info('Running hook %s', hook)

From 2cb9ed308a49182e5bbc3466b771aa298da15735 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Fri, 6 Sep 2019 00:44:26 +0200
Subject: [PATCH 83/92] remove debug-log

---
 gitosis/run_hook.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index 1c66252..e535e6a 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -69,9 +69,6 @@ def handle_args(self, parser, cfg, options, args):
         if git_dir is None:
             log.error('Must have GIT_DIR set in enviroment')
             sys.exit(1)
-        else:
-            log.debug("GIT_DIR", git_dir)
-
 
         if hook == 'post-update':
             log.info('Running hook %s', hook)

From 0fe0eef34d26e62a0d79b31c80d8e57705d751bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Fri, 6 Sep 2019 00:52:33 +0200
Subject: [PATCH 84/92] debug added

---
 gitosis/ssh.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index a315a5c..79c0456 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -62,6 +62,7 @@ def filterAuthorizedKeys(fp):
 
 def writeAuthorizedKeys(path, keydir):
     tmp = '%s.%d.tmp' % (path, os.getpid())
+    log.debug("writeAuthorizedKeys")
     try:
         in_ = file(path)
     except IOError, e:

From ebaf7a7f719dc82e1c96b91ab3ff734b8b2598e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Fri, 6 Sep 2019 00:55:38 +0200
Subject: [PATCH 85/92] improve debug

---
 gitosis/ssh.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index 79c0456..252eb60 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -62,7 +62,7 @@ def filterAuthorizedKeys(fp):
 
 def writeAuthorizedKeys(path, keydir):
     tmp = '%s.%d.tmp' % (path, os.getpid())
-    log.debug("writeAuthorizedKeys")
+    log.debug("writeAuthorizedKeys",tmp)
     try:
         in_ = file(path)
     except IOError, e:

From 89921e7838b06216e0cb33f795e87b0bb1aeed2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Fri, 6 Sep 2019 00:56:39 +0200
Subject: [PATCH 86/92] fix improved logging

---
 gitosis/ssh.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index 252eb60..6b95ceb 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -62,7 +62,7 @@ def filterAuthorizedKeys(fp):
 
 def writeAuthorizedKeys(path, keydir):
     tmp = '%s.%d.tmp' % (path, os.getpid())
-    log.debug("writeAuthorizedKeys",tmp)
+    log.debug("writeAuthorizedKeys " + str(tmp) )
     try:
         in_ = file(path)
     except IOError, e:

From 1504a3349659bf0d1bddcbbb19a95c259911c0b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Sat, 2 Oct 2021 19:50:36 +0200
Subject: [PATCH 87/92] Python 3

---
 gitosis/principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/principals.py b/gitosis/principals.py
index e4c9665..4339afe 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -22,7 +22,7 @@ def serve_principal(cfg, sshUser, principals):
               +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
 
     for p in   util.getAllowedSSHPrincipals(config=cfg).split()  : 
-        print TEMPLATE % dict(user=sshUser.partition('@')[0], principals=p)
+        print(TEMPLATE % dict(user=sshUser.partition('@')[0], principals=p))
 
 class Main(app.App):
     def create_parser(self):

From a6205344b16d7e72c0f05c4114ee05e9e2434715 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz=20=28admin=29?= <adminjs@schuerz.at>
Date: Sat, 2 Oct 2021 20:08:52 +0200
Subject: [PATCH 88/92] fix _levelNames error

---
 gitosis/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitosis/app.py b/gitosis/app.py
index d3180ce..9da247d 100644
--- a/gitosis/app.py
+++ b/gitosis/app.py
@@ -79,7 +79,7 @@ def setup_logging(self, cfg):
             pass
         else:
             try:
-                symbolic = logging._levelNames[loglevel]
+                symbolic = logging._nameToLevel[loglevel]
             except KeyError:
                 log.warning(
                     'Ignored invalid loglevel configuration: %r',

From daadb52b9c244b5c35f5b7788a664f181d26b76d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Sun, 31 Oct 2021 11:58:12 +0100
Subject: [PATCH 89/92] change print for python3

---
 TODO.rst          | 4 ++--
 gitosis/gitweb.py | 8 +++++---
 gitosis/ssh.py    | 6 ++++--
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/TODO.rst b/TODO.rst
index 5874a9f..c749b8e 100644
--- a/TODO.rst
+++ b/TODO.rst
@@ -40,9 +40,9 @@
 
 - can't trust "~"::
 
-	[0 tv@musti ~]$ sudo python -c 'import os; print os.path.expanduser("~")'
+	[0 tv@musti ~]$ sudo python -c 'import os; print(os.path.expanduser("~"))'
 	/home/tv
-	[0 tv@musti ~]$ sudo -H python -c 'import os; print os.path.expanduser("~")'
+	[0 tv@musti ~]$ sudo -H python -c 'import os; print(os.path.expanduser("~"))'
 	/root
 
 - command line options
diff --git a/gitosis/gitweb.py b/gitosis/gitweb.py
index 6d1cc67..19cf5ad 100644
--- a/gitosis/gitweb.py
+++ b/gitosis/gitweb.py
@@ -91,8 +91,9 @@ def generate_project_list_fp(config, fp):
         else:
             response.append(owner)
 
-        line = ' '.join([urllib.quote_plus(s) for s in response])
-        print >>fp, line
+        line = ' '.join([urllib.parse.quote_plus(s) for s in response])
+        #print >>fp, line
+        print(line, end="", file=fp)
 
 def generate_project_list(config, path):
     """
@@ -159,7 +160,8 @@ def set_descriptions(config):
         tmp = '%s.%d.tmp' % (path, os.getpid())
         f = open(tmp, 'w')
         try:
-            print >>f, description
+            #print >>f, description
+            print(description, end="", file=f)
         finally:
             f.close()
         os.rename(tmp, path)
diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index 45fbf0c..892f72c 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -76,11 +76,13 @@ def writeAuthorizedKeys(path, keydir):
         try:
             if in_ is not None:
                 for line in filterAuthorizedKeys(in_):
-                    print >>out, line
+                    #print >>out, line
+                    print(line, end="", file=out)
 
             keygen = readKeys(keydir)
             for line in generateAuthorizedKeys(keygen):
-                print >>out, line
+                #print >>out, line
+                print(line, end="", file=out)
 
             os.fsync(out)
         finally:

From f839d08232d3d9f7bc2c401076d161c11595b711 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Sun, 31 Oct 2021 12:02:28 +0100
Subject: [PATCH 90/92] change description of repositories

---
 README.rst | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 2541fbe..3266bfb 100644
--- a/README.rst
+++ b/README.rst
@@ -24,7 +24,17 @@ more information.
 
 You can get ``gitosis`` via ``git`` by saying::
 
-    git clone https://github.com/tv42/gitosis.git
+    This repositories are from jakob@schuerz.at, support python3 and ssh-certificates
+    git clone git@codeberg.org:xundeenergie/gitosis.git (fetch)
+    git clone git@github.com:xundeenergie/gitosis.git (fetch)
+    git clone git@git.schuerz.at:public/gitosis.git (fetch)
+
+    This repository translates gitosis to python3, but not fully.
+    git clone git@github.com:mgukov/gitosis.git (push)
+
+    Original repository seems unmaintained
+    git clone git@github.com:tv42/gitosis.git (fetch)
+
 
 And install it via::
 

From 0934212421356bdbfe25d5d2047da83fdadf8ccf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Sun, 31 Oct 2021 12:07:57 +0100
Subject: [PATCH 91/92] change lineend for authorized_keys

---
 gitosis/ssh.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index 892f72c..33b3f2a 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -77,12 +77,12 @@ def writeAuthorizedKeys(path, keydir):
             if in_ is not None:
                 for line in filterAuthorizedKeys(in_):
                     #print >>out, line
-                    print(line, end="", file=out)
+                    print(line, file=out)
 
             keygen = readKeys(keydir)
             for line in generateAuthorizedKeys(keygen):
                 #print >>out, line
-                print(line, end="", file=out)
+                print(line, file=out)
 
             os.fsync(out)
         finally:

From 4bb3c5f1076a07ecc5557fc6cad15c934a4c04dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@schuerz.at>
Date: Sun, 31 Oct 2021 12:12:59 +0100
Subject: [PATCH 92/92] change logging format for python 3

---
 gitosis/run_hook.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py
index d2a2d11..52716e8 100644
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@@ -70,11 +70,11 @@ def handle_args(self, parser, cfg, options, args):
             log.error('Must have GIT_DIR set in enviroment')
             sys.exit(1)
         else:
-            log.debug("GIT_DIR", git_dir)
+            log.debug("GIT_DIR %s".format(git_dir))
 
         if hook == 'post-update':
-            log.info('Running hook %s', hook)
+            log.info('Running hook %s'.format(hook))
             post_update(cfg, git_dir)
             log.info('Done.')
         else:
-            log.warning('Ignoring unknown hook: %r', hook)
+            log.warning('Ignoring unknown hook: %r'.format(hook))