28 changed files with 169 additions and 242 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,5 +5,3 @@
 /apidocs
 /gitosis/test/tmp
 /.coverage
 .idea
 venv
--- a/README.rst
+++ b/README.rst
@ -24,17 +24,7 @@ more information.
 You can get ``gitosis`` via ``git`` by saying::
-    This repositories are from jakob@schuerz.at, support python3 and ssh-certificates
+    git clone https://github.com/tv42/gitosis.git
    git clone git@codeberg.org:xundeenergie/gitosis.git (fetch)
    git clone git@github.com:xundeenergie/gitosis.git (fetch)
    git clone git@git.schuerz.at:public/gitosis.git (fetch)
    This repository translates gitosis to python3, but not fully.
    git clone git@github.com:mgukov/gitosis.git (push)
    Original repository seems unmaintained
    git clone git@github.com:tv42/gitosis.git (fetch)
 And install it via::
@ -85,12 +75,6 @@ it to running ``gitosis-serve``. Run::
 	sudo -H -u git gitosis-init <FILENAME.pub
 	# (or just copy-paste the public key when prompted)
 If you want to use ssh-certificates with principals, you need a file with
 your admin-user in it. Name it adminuser.txt, only one line with your admins
 username in it and run::
        sudo -H -u git gitosis-init <adminuser.txt
 then just ``git clone git@SERVER:gitosis-admin.git``, and you get a
 repository with SSH keys as ``keys/USER.pub`` and a ``gitosis.conf``
 where you can configure who has access to what.
@ -206,75 +190,6 @@ Note that this short snippet is not a substitute for reading and
 understanding the relevant documentation.
 Using ssh-certificates and principals
 =====================================
 ``ssh certificates`` are a new feature of openssh, where you setup your own ssh-CA
 and you sign all you host- and user-pubkeys. 
 If you want to use certificates ans principals, please visit THIS_ and THIS_ website.
 To find out more about the AuthorizedPrincipalCommand in sshd_config, please consult GITLABS_ 
 documentation for it.
 .. _THIS: https://ef.gy/hardening-ssh
 .. _THIS: https://framkant.org/2017/07/scalable-access-control-using-openssh-certificates/
 .. _GITLABS: https://docs.gitlab.com/ee/administration/operations/ssh_certificates.html
 To use principals and ssh-certificates with this fork of gitosis, please add this snippet to your sshd_config on your git-server::
    Match User git
        AuthorizedPrincipalsCommandUser git
        AuthorizedPrincipalsCommand    /usr/local/bin/gitosis-authorized-principals %i 
 And for all users except git, use only principal-files::
    Match User !git,*
        AuthorizedPrincipalsFile /etc/ssh/userprincipals/%u
 This will run the command as user "git", which will you have installed, when you serve your gitrepos with gitosis. 
 %i is the key-identity of your certificate, which will you give on your sign-process to the user-certificate.
 Then you need an additional line in your gitosis.conf in the [gitosis]-section::
    [gitosis]
    ...
    allowedPrincipals = git gitosis-admin
 In the members-line of your gitosis.conf, you have to write down the key-identity (which is passed as %i in you sshd_config). If you are not sure,
 what the identity is, try::
    ssh-keygen -L -f ~/.ssh/id_rsa-cert.pub
    /home/myusername/.ssh/id_rsa-cert.pub:
        Type: ssh-rsa-cert-v01@openssh.com user certificate
        Public key: RSA-CERT SHA256:cjLH4l45G32zOaJBjv8Udnr7bkwHRNB3nAz0a6SCOl0
        Signing CA: ED25519 SHA256:9bMENs+blen§naslr§BJEN421I5ckbu4mvpnktiHdUs (using ssh-ed25519)
        Key ID: "myusername"
        Serial: 4
        Valid: from 2019-08-02T02:29:00 to 2020-08-01T02:30:20
        Principals: 
                myusername
                principal2
                git
                gitosis-admin
        Critical Options: (none)
        Extensions: 
                permit-X11-forwarding
                permit-agent-forwarding
                permit-port-forwarding
                permit-pty
                permit-user-rc
 from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos.
 Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo
 Parallel use of principals/certificates an pubkeys
 --------------------------------------------------
 It is possible, to use pubkeys in parallel to these principals from certificates. Just as described above. If you have a user, which has no certificate from your ssh-CA, just add his
 public-sshkey in the keydir. (not tested now)
 Contact
 =======
@ -282,7 +197,5 @@ Contact
 You can email the author at ``tv@eagain.net``, or hop on
 ``irc.freenode.net`` channel ``#git`` and hope for the best.
 For ssh-certificates and principals, please contact wertstoffe@xundeenergie.at
 There will be more, keep an eye on http://eagain.net/ and/or the git
 mailing list.
--- a/TODO.rst
+++ b/TODO.rst
@ -40,9 +40,9 @@
 - can't trust "~"::
-	[0 tv@musti ~]$ sudo python -c 'import os; print(os.path.expanduser("~"))'
+	[0 tv@musti ~]$ sudo python -c 'import os; print os.path.expanduser("~")'
 	/home/tv
-	[0 tv@musti ~]$ sudo -H python -c 'import os; print(os.path.expanduser("~"))'
+	[0 tv@musti ~]$ sudo -H python -c 'import os; print os.path.expanduser("~")'
 	/root
 - command line options
--- a/example.conf
+++ b/example.conf
@ -18,12 +18,6 @@ daemon = no
 ## Logging level, one of DEBUG, INFO, WARNING, ERROR, CRITICAL
 loglevel = DEBUG
 ## If you use ssh-certificates with principals, you need this option
 ## If commented, allowedPrincipals defaults to "git". At least, your certificates of the users
 ## which want to use this repos, must have at least "git" as principal in their
 ## certificates
 allowedPrincipals = git
 [group quux]
 members = jdoe wsmith @anothergroup
 writable = foo bar baz/thud
--- a/gitosis/access.py
+++ b/gitosis/access.py
@ -1,5 +1,5 @@
 import os, logging
-from configparser import NoSectionError, NoOptionError
+from ConfigParser import NoSectionError, NoOptionError
 from gitosis import group
--- a/gitosis/app.py
+++ b/gitosis/app.py
@ -3,7 +3,7 @@ import sys
 import logging
 import optparse
 import errno
-import configparser
+import ConfigParser
 log = logging.getLogger('gitosis.app')
@ -31,14 +31,14 @@ class App(object):
        cfg = self.create_config(options)
        try:
            self.read_config(options, cfg)
-        except CannotReadConfigError as e:
+        except CannotReadConfigError, e:
            log.error(str(e))
            sys.exit(1)
        self.setup_logging(cfg)
        self.handle_args(parser, cfg, options, args)
    def setup_basic_logging(self):
-        logging.basicConfig(filename='/home/git/gitosis.log')
+        logging.basicConfig(filename='gitosis.log', level=10)
    def create_parser(self):
        parser = optparse.OptionParser()
@ -53,13 +53,13 @@ class App(object):
        return parser
    def create_config(self, options):
-        cfg = configparser.RawConfigParser()
+        cfg = ConfigParser.RawConfigParser()
        return cfg
    def read_config(self, options, cfg):
        try:
-            conffile = open(options.config)
+            conffile = file(options.config)
-        except (IOError, OSError) as e:
+        except (IOError, OSError), e:
            if e.errno == errno.ENOENT:
                # special case this because gitosis-init wants to
                # ignore this particular error case
@ -74,12 +74,12 @@ class App(object):
    def setup_logging(self, cfg):
        try:
            loglevel = cfg.get('gitosis', 'loglevel')
-        except (configparser.NoSectionError,
+        except (ConfigParser.NoSectionError,
-                configparser.NoOptionError):
+                ConfigParser.NoOptionError):
            pass
        else:
            try:
-                symbolic = logging._nameToLevel[loglevel]
+                symbolic = logging._levelNames[loglevel]
            except KeyError:
                log.warning(
                    'Ignored invalid loglevel configuration: %r',
--- a/gitosis/gitdaemon.py
+++ b/gitosis/gitdaemon.py
@ -2,7 +2,7 @@ import errno
 import logging
 import os
-from configparser import NoSectionError, NoOptionError
+from ConfigParser import NoSectionError, NoOptionError
 log = logging.getLogger('gitosis.gitdaemon')
@ -14,13 +14,13 @@ def export_ok_path(repopath):
 def allow_export(repopath):
    p = export_ok_path(repopath)
-    open(p, 'a').close()
+    file(p, 'a').close()
 def deny_export(repopath):
    p = export_ok_path(repopath)
    try:
        os.unlink(p)
-    except OSError as e:
+    except OSError, e:
        if e.errno == errno.ENOENT:
            pass
        else:
--- a/gitosis/gitweb.py
+++ b/gitosis/gitweb.py
@ -27,7 +27,7 @@ To plug this into ``gitweb``, you have two choices.
 import os, urllib, logging
-from configparser import NoSectionError, NoOptionError
+from ConfigParser import NoSectionError, NoOptionError
 from gitosis import util
@ -91,9 +91,8 @@ def generate_project_list_fp(config, fp):
        else:
            response.append(owner)
-        line = ' '.join([urllib.parse.quote_plus(s) for s in response])
+        line = ' '.join([urllib.quote_plus(s) for s in response])
-        #print >>fp, line
+        print >>fp, line
        print(line, end="", file=fp)
 def generate_project_list(config, path):
    """
@ -107,7 +106,7 @@ def generate_project_list(config, path):
    """
    tmp = '%s.%d.tmp' % (path, os.getpid())
-    f = open(tmp, 'w')
+    f = file(tmp, 'w')
    try:
        generate_project_list_fp(config=config, fp=f)
    finally:
@ -158,10 +157,9 @@ def set_descriptions(config):
            'description',
            )
        tmp = '%s.%d.tmp' % (path, os.getpid())
-        f = open(tmp, 'w')
+        f = file(tmp, 'w')
        try:
-            #print >>f, description
+            print >>f, description
            print(description, end="", file=f)
        finally:
            f.close()
        os.rename(tmp, path)
--- a/gitosis/group.py
+++ b/gitosis/group.py
@ -1,5 +1,5 @@
 import logging
-from configparser import NoSectionError, NoOptionError
+from ConfigParser import NoSectionError, NoOptionError
 def _getMembership(config, user, seen):
    log = logging.getLogger('gitosis.group.getMembership')
--- a/gitosis/init.py
+++ b/gitosis/init.py
@ -9,8 +9,8 @@ import sys
 import re
 from pkg_resources import resource_filename
-from io import StringIO
+from cStringIO import StringIO
-from configparser import RawConfigParser
+from ConfigParser import RawConfigParser
 from gitosis import repository
 from gitosis import run_hook
@ -68,7 +68,7 @@ def symlink_config(git_dir):
    tmp = '%s.%d.tmp' % (dst, os.getpid())
    try:
        os.unlink(tmp)
-    except OSError as e:
+    except OSError, e:
        if e.errno == errno.ENOENT:
            pass
        else:
@ -94,18 +94,15 @@ def init_admin_repository(
    # can't rely on setuptools and all kinds of distro packaging to
    # have kept our templates executable, it seems
-    os.chmod(os.path.join(git_dir, 'hooks', 'post-update'), 0o755)
+    os.chmod(os.path.join(git_dir, 'hooks', 'post-update'), 0755)
    if not repository.has_initial_commit(git_dir):
        log.info('Making initial commit...')
        # ConfigParser does not guarantee order, so jump through hoops
        # to make sure [gitosis] is first
        cfg_file = StringIO()
-        print('[gitosis]', file=cfg_file)
+        print >>cfg_file, '[gitosis]'
-        #print('', end="", file=cfg_file)
+        print >>cfg_file
        #print >>cfg_file, '[gitosis]'
        #print >>cfg_file
        cfg = RawConfigParser()
        cfg.add_section('group gitosis-admin')
        cfg.set('group gitosis-admin', 'members', user)
@ -136,7 +133,7 @@ class Main(app.App):
    def handle_args(self, parser, cfg, options, args):
        super(Main, self).handle_args(parser, cfg, options, args)
-        os.umask(0o022)
+        os.umask(0022)
        log.info('Reading SSH public key...')
        pubkey = read_ssh_pubkey()
@ -161,7 +158,7 @@ class Main(app.App):
            user=user,
            )
        log.info('Running post-update hook...')
-        util.mkdir(os.path.expanduser('~/.ssh'), 0o700)
+        util.mkdir(os.path.expanduser('~/.ssh'), 0700)
        run_hook.post_update(cfg=cfg, git_dir=admin_repository)
        log.info('Symlinking ~/.gitosis.conf to repository...')
        symlink_config(git_dir=admin_repository)
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@ -1,48 +0,0 @@
 """
 Perform gitosis actions for a git hook.
 """
 import errno
 import logging
 import os
 import sys
 import shutil
 from gitosis import repository
 from gitosis import ssh
 from gitosis import gitweb
 from gitosis import gitdaemon
 from gitosis import app
 from gitosis import util
 def serve_principal(cfg, sshUser, principals):
    TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
              +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
    for p in   util.getAllowedSSHPrincipals(config=cfg).split()  : 
        print(TEMPLATE % dict(user=sshUser.partition('@')[0], principals=p))
 class Main(app.App):
    def create_parser(self):
        parser = super(Main, self).create_parser()
        parser.set_usage('%prog [OPTS] sshUser principal principal ...')
        parser.set_description(
            'Serves principals as AuthorizedPrincipalsCommand ')
        return parser
    def handle_args(self, parser, cfg, options, args):
        try:
            sshUser = args.pop(0)
            principals = ' '.join(args)
        except ValueError:
            parser.error('Missing argument sshUsers and/or principals.')
        log = logging.getLogger('gitosis.principals')
        if sshUser != "":
            log.info('Running serve_principal for user %s', sshUser)
            #log.debug('serve_principal: %s', serve_principal(cfg, sshUser, principals))
            serve_principal(cfg, sshUser, principals)
            log.info('Done.')
--- a/gitosis/repository.py
+++ b/gitosis/repository.py
@ -36,7 +36,7 @@ def init(
    if _git is None:
        _git = 'git'
-    util.mkdir(path, 0o750)
+    util.mkdir(path, 0750)
    args = [
        _git,
        '--git-dir=.',
@ -131,7 +131,7 @@ class GitCheckoutIndexError(GitExportError):
 def export(git_dir, path):
    try:
        os.mkdir(path)
-    except OSError as e:
+    except OSError, e:
        if e.errno == errno.EEXIST:
            pass
        else:
@ -185,7 +185,7 @@ def has_initial_commit(git_dir):
        stdout=subprocess.PIPE,
        close_fds=True,
        )
-    got = child.stdout.read().decode('utf-8')
+    got = child.stdout.read()
    returncode = child.wait()
    if returncode != 0:
        raise GitRevParseError('exit status %d' % returncode)
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@ -10,6 +10,7 @@ import shutil
 from gitosis import repository
 from gitosis import ssh
 from gitosis import ssh_principals
 from gitosis import gitweb
 from gitosis import gitdaemon
 from gitosis import app
@ -19,7 +20,7 @@ def post_update(cfg, git_dir):
    export = os.path.join(git_dir, 'gitosis-export')
    try:
        shutil.rmtree(export)
-    except OSError as e:
+    except OSError, e:
        if e.errno == errno.ENOENT:
            pass
        else:
@ -47,6 +48,11 @@ def post_update(cfg, git_dir):
        path=authorized_keys,
        keydir=os.path.join(export, 'keydir'),
        )
    principals = util.getSSHPrincipalsPath(config=cfg)
    ssh_principals.writePrincipals(
        path=principals,
        principals=os.path.join(export, 'keydir/principals'),
        )
 class Main(app.App):
    def create_parser(self):
@ -63,18 +69,16 @@ class Main(app.App):
            parser.error('Missing argument HOOK.')
        log = logging.getLogger('gitosis.run_hook')
-        os.umask(0o022)
+        os.umask(0022)
        git_dir = os.environ.get('GIT_DIR')
        if git_dir is None:
            log.error('Must have GIT_DIR set in enviroment')
            sys.exit(1)
        else:
            log.debug("GIT_DIR %s".format(git_dir))
        if hook == 'post-update':
-            log.info('Running hook %s'.format(hook))
+            log.info('Running hook %s', hook)
            post_update(cfg, git_dir)
            log.info('Done.')
        else:
-            log.warning('Ignoring unknown hook: %r'.format(hook))
+            log.warning('Ignoring unknown hook: %r', hook)
--- a/gitosis/serve.py
+++ b/gitosis/serve.py
@ -141,7 +141,7 @@ def serve(
        p = topdir
        for segment in repopath.split(os.sep)[:-1]:
            p = os.path.join(p, segment)
-            util.mkdir(p, 0o750)
+            util.mkdir(p, 0750)
        repository.init(path=fullpath)
        gitweb.set_descriptions(
@ -178,7 +178,7 @@ class Main(app.App):
            parser.error('Missing argument USER.')
        main_log = logging.getLogger('gitosis.serve.main')
-        os.umask(0o022)
+        os.umask(0022)
        cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None)
        if cmd is None:
@ -197,7 +197,7 @@ class Main(app.App):
                user=user,
                command=cmd,
                )
-        except ServingError as e:
+        except ServingError, e:
            main_log.error('%s', e)
            sys.exit(1)
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@ -25,7 +25,7 @@ def readKeys(keydir):
            continue
        path = os.path.join(keydir, filename)
-        f = open(path)
+        f = file(path)
        for line in f:
            line = line.rstrip('\n')
            yield (basename, line)
@ -62,27 +62,24 @@ def filterAuthorizedKeys(fp):
 def writeAuthorizedKeys(path, keydir):
    tmp = '%s.%d.tmp' % (path, os.getpid())
    log.debug("writeAuthorizedKeys " + str(tmp) )
    try:
-        in_ = open(path)
+        in_ = file(path)
-    except IOError as e:
+    except IOError, e:
        if e.errno == errno.ENOENT:
            in_ = None
        else:
            raise
    try:
-        out = open(tmp, 'w')
+        out = file(tmp, 'w')
        try:
            if in_ is not None:
                for line in filterAuthorizedKeys(in_):
-                    #print >>out, line
+                    print >>out, line
                    print(line, file=out)
            keygen = readKeys(keydir)
            for line in generateAuthorizedKeys(keygen):
-                #print >>out, line
+                print >>out, line
                print(line, file=out)
            os.fsync(out)
        finally:
--- a/gitosis/ssh_principals.py
+++ b/gitosis/ssh_principals.py
@ -0,0 +1,82 @@
 import os, errno, re
 import logging
 log = logging.getLogger('gitosis.ssh')
 _ACCEPTABLE_USER_RE = re.compile(r'^[a-zA-Z][a-zA-Z0-9_.-]*(@[a-zA-Z][a-zA-Z0-9.-]*)?$')
 def isSafeUsername(user):
    match = _ACCEPTABLE_USER_RE.match(user)
    return (match is not None)
 def readPrincipals(principals):
    """
    Read SSH principals from ``principals``
    """
    f = file(principals)
    for line in f:
        if not isSafeUsername(line):
            log.warn('Unsafe SSH username in principalfile: %r', line)
            continue
        line = line.rstrip('\n')
        yield (line)
    f.close()
 COMMENT = '### autogenerated by gitosis, DO NOT EDIT'
 def generatePrincipals(keys):
    TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
              +'no-X11-forwarding,no-agent-forwarding,no-pty %(user)s')
    yield COMMENT
    for (user) in keys:
        log.debug(TEMPLATE % dict(user=user))
        yield TEMPLATE % dict(user=user)
 _COMMAND_RE = re.compile('^command="(/[^ "]+/)?gitosis-serve [^"]+",no-port-forw'
                         +'arding,no-X11-forwarding,no-agent-forwardi'
                         +'ng,no-pty .*')
 def filterPrincipals(fp):
    """
    Read lines from ``fp``, filter out autogenerated ones.
    Note removes newlines.
    """
    for line in fp:
        line = line.rstrip('\n')
        if line == COMMENT:
            continue
        if _COMMAND_RE.match(line):
            continue
        yield line
 def writePrincipals(path, principals):
    tmp = '%s.%d.tmp' % (path, os.getpid())
    try:
        in_ = file(path)
    except IOError, e:
        if e.errno == errno.ENOENT:
            in_ = None
        else:
            raise
    try:
        out = file(tmp, 'w')
        try:
            if in_ is not None:
                for line in filterPrincipals(in_):
                    print >>out, line
            keygen = readPrincipals(principals)
            for line in generatePrincipals(keygen):
                print >>out, line
            os.fsync(out)
        finally:
            out.close()
    finally:
        if in_ is not None:
            in_.close()
    os.rename(tmp, path)
--- a/gitosis/test/test_access.py
+++ b/gitosis/test/test_access.py
@ -1,7 +1,7 @@
 from nose.tools import eq_ as eq
 import logging
-from configparser import RawConfigParser
+from ConfigParser import RawConfigParser
 from gitosis import access
--- a/gitosis/test/test_gitdaemon.py
+++ b/gitosis/test/test_gitdaemon.py
@ -1,7 +1,7 @@
 from nose.tools import eq_ as eq
 import os
-from configparser import RawConfigParser
+from ConfigParser import RawConfigParser
 from gitosis import gitdaemon
 from gitosis.test.util import maketemp, writeFile
--- a/gitosis/test/test_gitweb.py
+++ b/gitosis/test/test_gitweb.py
@ -1,8 +1,8 @@
 from nose.tools import eq_ as eq
 import os
-from configparser import RawConfigParser
+from ConfigParser import RawConfigParser
-from io import StringIO
+from cStringIO import StringIO
 from gitosis import gitweb
 from gitosis.test.util import mkdir, maketemp, readFile, writeFile
--- a/gitosis/test/test_group.py
+++ b/gitosis/test/test_group.py
@ -1,6 +1,6 @@
 from nose.tools import eq_ as eq, assert_raises
-from configparser import RawConfigParser
+from ConfigParser import RawConfigParser
 from gitosis import group
--- a/gitosis/test/test_init.py
+++ b/gitosis/test/test_init.py
@ -2,7 +2,7 @@ from nose.tools import eq_ as eq
 from gitosis.test.util import assert_raises, maketemp
 import os
-from configparser import RawConfigParser
+from ConfigParser import RawConfigParser
 from gitosis import init
 from gitosis import repository
@ -113,7 +113,7 @@ def test_init_admin_repository():
        'hooks',
        'post-update',
        )
-    util.check_mode(hook, 0o755, is_file=True)
+    util.check_mode(hook, 0755, is_file=True)
    got = util.readFile(hook).splitlines()
    assert 'gitosis-run-hook post-update' in got
    export_dir = os.path.join(tmp, 'export')
--- a/gitosis/test/test_repository.py
+++ b/gitosis/test/test_repository.py
@ -23,17 +23,17 @@ def test_init_simple():
    tmp = maketemp()
    path = os.path.join(tmp, 'repo.git')
    repository.init(path)
-    check_mode(path, 0o750, is_dir=True)
+    check_mode(path, 0750, is_dir=True)
    check_bare(path)
 def test_init_exist_dir():
    tmp = maketemp()
    path = os.path.join(tmp, 'repo.git')
-    mkdir(path, 0o710)
+    mkdir(path, 0710)
-    check_mode(path, 0o710, is_dir=True)
+    check_mode(path, 0710, is_dir=True)
    repository.init(path)
    # my weird access mode is preserved
-    check_mode(path, 0o710, is_dir=True)
+    check_mode(path, 0710, is_dir=True)
    check_bare(path)
 def test_init_exist_git():
@ -41,7 +41,7 @@ def test_init_exist_git():
    path = os.path.join(tmp, 'repo.git')
    repository.init(path)
    repository.init(path)
-    check_mode(path, 0o750, is_dir=True)
+    check_mode(path, 0750, is_dir=True)
    check_bare(path)
 def test_init_templates():
@ -53,7 +53,7 @@ def test_init_templates():
        )
    # for reproducibility
-    os.umask(0o022)
+    os.umask(0022)
    repository.init(path, template=templatedir)
    repository.init(path)
@ -61,7 +61,7 @@ def test_init_templates():
    eq(got, 'i should show up\n')
    check_mode(
        os.path.join(path, 'hooks', 'post-update'),
-        0o755,
+        0755,
        is_file=True,
        )
    got = readFile(os.path.join(path, 'hooks', 'post-update'))
@ -91,7 +91,7 @@ PATH="${PATH#*:}"
 exec git "$@"
 ''')
-    os.chmod(mockgit, 0o755)
+    os.chmod(mockgit, 0755)
    magic_cookie = '%d' % random.randint(1, 100000)
    good_path = os.environ['PATH']
    try:
@ -130,7 +130,7 @@ PATH="${PATH#*:}"
 exec git "$@"
 ''')
-    os.chmod(mockgit, 0o755)
+    os.chmod(mockgit, 0755)
    magic_cookie = '%d' % random.randint(1, 100000)
    good_path = os.environ['PATH']
    try:
@ -226,7 +226,7 @@ PATH="${PATH#*:}"
 exec git "$@"
 ''')
-    os.chmod(mockgit, 0o755)
+    os.chmod(mockgit, 0755)
    repository.init(path=git_dir)
    repository.fast_import(
        git_dir=git_dir,
@ -301,7 +301,7 @@ PATH="${PATH#*:}"
 exec git "$@"
 ''')
-    os.chmod(mockgit, 0o755)
+    os.chmod(mockgit, 0755)
    repository.init(path=tmp)
    repository.fast_import(
        git_dir=tmp,
--- a/gitosis/test/test_run_hook.py
+++ b/gitosis/test/test_run_hook.py
@ -1,8 +1,8 @@
 from nose.tools import eq_ as eq
 import os
-from configparser import RawConfigParser
+from ConfigParser import RawConfigParser
-from io import StringIO
+from cStringIO import StringIO
 from gitosis import init, repository, run_hook
 from gitosis.test.util import maketemp, readFile
--- a/gitosis/test/test_serve.py
+++ b/gitosis/test/test_serve.py
@ -3,8 +3,8 @@ from gitosis.test.util import assert_raises
 import logging
 import os
-from io import StringIO
+from cStringIO import StringIO
-from configparser import RawConfigParser
+from ConfigParser import RawConfigParser
 from gitosis import serve
 from gitosis import repository
@ -354,7 +354,7 @@ def test_push_inits_subdir_parent_missing():
        )
    eq(os.listdir(repositories), ['foo'])
    foo = os.path.join(repositories, 'foo')
-    util.check_mode(foo, 0o750, is_dir=True)
+    util.check_mode(foo, 0750, is_dir=True)
    eq(os.listdir(foo), ['bar.git'])
    assert os.path.isfile(os.path.join(repositories, 'foo', 'bar.git', 'HEAD'))
@ -366,7 +366,7 @@ def test_push_inits_subdir_parent_exists():
    os.mkdir(repositories)
    foo = os.path.join(repositories, 'foo')
    # silly mode on purpose; not to be touched
-    os.mkdir(foo, 0o751)
+    os.mkdir(foo, 0751)
    cfg.set('gitosis', 'repositories', repositories)
    generated = os.path.join(tmp, 'generated')
    os.mkdir(generated)
@ -380,7 +380,7 @@ def test_push_inits_subdir_parent_exists():
        command="git-receive-pack 'foo/bar.git'",
        )
    eq(os.listdir(repositories), ['foo'])
-    util.check_mode(foo, 0o751, is_dir=True)
+    util.check_mode(foo, 0751, is_dir=True)
    eq(os.listdir(foo), ['bar.git'])
    assert os.path.isfile(os.path.join(repositories, 'foo', 'bar.git', 'HEAD'))
--- a/gitosis/test/test_ssh.py
+++ b/gitosis/test/test_ssh.py
@ -1,7 +1,7 @@
 from nose.tools import eq_ as eq, assert_raises
 import os
-from io import StringIO
+from cStringIO import StringIO
 from gitosis import ssh
 from gitosis.test.util import mkdir, maketemp, writeFile, readFile
@ -171,7 +171,7 @@ class WriteAuthorizedKeys_Test(object):
    def test_simple(self):
        tmp = maketemp()
        path = os.path.join(tmp, 'authorized_keys')
-        f = open(path, 'w')
+        f = file(path, 'w')
        try:
            f.write('''\
 # foo
--- a/gitosis/test/util.py
+++ b/gitosis/test/util.py
@ -9,7 +9,7 @@ import sys
 def mkdir(*a, **kw):
    try:
        os.mkdir(*a, **kw)
-    except OSError as e:
+    except OSError, e:
        if e.errno == errno.EEXIST:
            pass
        else:
@ -27,7 +27,7 @@ def maketemp():
    tmp = os.path.join(tmp, name)
    try:
        shutil.rmtree(tmp)
-    except OSError as e:
+    except OSError, e:
        if e.errno == errno.ENOENT:
            pass
        else:
@ -37,7 +37,7 @@ def maketemp():
 def writeFile(path, content):
    tmp = '%s.tmp' % path
-    f = open(tmp, 'w')
+    f = file(tmp, 'w')
    try:
        f.write(content)
    finally:
@ -45,7 +45,7 @@ def writeFile(path, content):
    os.rename(tmp, path)
 def readFile(path):
-    f = open(path)
+    f = file(path)
    try:
        data = f.read()
    finally:
@ -58,7 +58,7 @@ def assert_raises(excClass, callableObj, *args, **kwargs):
    """
    try:
        callableObj(*args, **kwargs)
-    except excClass as e:
+    except excClass, e:
        return e
    else:
        if hasattr(excClass,'__name__'): excName = excClass.__name__
--- a/gitosis/util.py
+++ b/gitosis/util.py
@ -1,11 +1,11 @@
 import errno
 import os
-from configparser import NoSectionError, NoOptionError
+from ConfigParser import NoSectionError, NoOptionError
 def mkdir(*a, **kw):
    try:
        os.mkdir(*a, **kw)
-    except OSError as e:
+    except OSError, e:
        if e.errno == errno.EEXIST:
            pass
        else:
@ -41,10 +41,3 @@ def getSSHPrincipalsPath(config):
    except (NoSectionError, NoOptionError):
        path = os.path.expanduser('~/.ssh/principals')
    return path
 def getAllowedSSHPrincipals(config):
    try:
        principals = config.get('gitosis', 'allowedPrincipals')
    except (NoSectionError, NoOptionError):
        principals = "git"
    return principals
--- a/setup.py
+++ b/setup.py
@ -45,7 +45,6 @@ arbitrary commands.
            'gitosis-serve = gitosis.serve:Main.run',
            'gitosis-run-hook = gitosis.run_hook:Main.run',
            'gitosis-init = gitosis.init:Main.run',
            'gitosis-authorized-principals = gitosis.principals:Main.run',
            ],
        },