foo
parent
9ab1c273f6
commit
d5566303d6
|
@ -1,11 +1,26 @@
|
||||||
Here's an example of how to run ikiwiki in a [[Subversion]] post-commit
|
The best way to run ikiwiki in a [[Subversion]] post-commit hook is using
|
||||||
hook to automatically update a wiki as commits come in:
|
a wrapper, which can be generated using `ikiwiki --gen-wrapper`.
|
||||||
|
|
||||||
wiki_src=/path/to/checkout
|
First, set up the subversion checkout that ikiwiki will update and compile
|
||||||
wiki_dest=/path/to/web/server
|
into your wiki at each subversion commit. Run ikiwiki a few times by hand
|
||||||
svn up -q $wiki_src
|
to get a feel for it. Now, generate the wrapper by adding "--gen-wrapper"
|
||||||
ikiwiki $wiki_src $wiki_dest --wikiname=MyWiki
|
to whatever command line you've been using to run ikiwiki. For example:
|
||||||
|
|
||||||
This assumes that permissions allow anyone who commits to svn up the
|
~/wiki-checkout> ikiwiki . ~/public_html/wiki
|
||||||
wiki_src directory and write to wiki_dest. If they don't, you'll need a
|
~/wiki-checkout> ikiwiki . ~/public_html/wiki --gen-wrapper
|
||||||
suid wrapper to run the above as a user who can write to both.
|
successfully generated ikiwiki-wrap
|
||||||
|
|
||||||
|
The generated wrapper is a C program that is designed to safely be made
|
||||||
|
suid if necessary. It's hardcoded to run ikiwiki with the settings
|
||||||
|
specified when you ran --gen-wrapper, and can only be used to update and
|
||||||
|
compile that one checkout into the specified html directory.
|
||||||
|
|
||||||
|
Now, put the wrapper somewhere convenient, and create a post-commit hook
|
||||||
|
script in your subversion repository for the wiki. All the post-commit
|
||||||
|
hook has to do is run ikiwiki-wrap (with no parameters).
|
||||||
|
|
||||||
|
Depending on your Subversion setup, the post-commit hook might end up
|
||||||
|
getting called by users who have write access to subversion, but not to
|
||||||
|
your wiki checkout and html directory. If so, you can safely make
|
||||||
|
ikiwiki-wrap suid to a user who can write there (*not* to root!). You might
|
||||||
|
want to read [[Security]] first.
|
||||||
|
|
|
@ -42,11 +42,11 @@ they can try to use this to exploit your web server.
|
||||||
|
|
||||||
## --gen-wrapper might generate insecure wrappers
|
## --gen-wrapper might generate insecure wrappers
|
||||||
|
|
||||||
ikiwiki --gen-wrapper is instended to generate a wrapper program that
|
ikiwiki --gen-wrapper is intended to generate a wrapper program that
|
||||||
runs ikiwiki to update a given wiki. The wrapper can in turn be made suid,
|
runs ikiwiki to update a given wiki. The wrapper can in turn be made suid,
|
||||||
for example to be used in a [[post-commit]] hook by people who cannot write
|
for example to be used in a [[post-commit]] hook by people who cannot write
|
||||||
to the html pages, etc.
|
to the html pages, etc.
|
||||||
|
|
||||||
If the wrapper script is made suid, then any bugs in this wrapper would be
|
If the wrapper script is made suid, then any bugs in this wrapper would be
|
||||||
security holes. The wrapper is written as securely as I know how and
|
security holes. The wrapper is written as securely as I know how and
|
||||||
there's been no problems yet.
|
there's been no problem yet.
|
||||||
|
|
2
ikiwiki
2
ikiwiki
|
@ -463,7 +463,7 @@ sub gen_wrapper ($$) {
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
int main (void) {
|
int main (void) {
|
||||||
unsetenv("PERLIO_DEBUG"); /* CAN-2005-0155 */
|
clearenv();
|
||||||
execl($call, NULL);
|
execl($call, NULL);
|
||||||
perror("failed to run $this");
|
perror("failed to run $this");
|
||||||
exit(1);
|
exit(1);
|
||||||
|
|
Loading…
Reference in New Issue