1 package Girocco
::Config
;
13 # Name of the service (typically a single word or a domain name)
15 our $name = "GiroccoEx";
17 # Nickname of the service (undef for initial part of $name upto first '.')
19 our $nickname = undef;
21 # Title of the service (as shown in gitweb)
22 # (may contain spaces)
23 our $title = "Example Girocco Hosting";
25 # Path to the Git binary to use (you MUST set this, even if to /usr/bin/git!)
26 our $git_bin = '/usr/bin/git';
28 # Path to the git-daemon binary to use (undef to use default)
29 # If $gitpullurl is undef this will never be used (assuming no git inetd
30 # service has been set up in that case).
31 # The default if this is undef is `$git_bin --exec-path`/git-daemon
32 our $git_daemon_bin = undef;
34 # Path to the git-http-backend binary to use (undef to use default)
35 # If both $httppullurl and $httpspushurl are undef this will never be used
36 # The default if this is undef is `$git_bin --exec-path`/git-http-backend
37 our $git_http_backend_bin = undef;
39 # Name (if in $PATH) or full path to netcat executable that accepts a -U option
40 # to connect to a unix socket. This may simply be 'nc' on many systems.
41 # See the ../src/dragonfly/README file for a DragonFly BSD nc with -U support.
42 our $nc_openbsd_bin = 'nc.openbsd';
44 # Path to POSIX sh executable to use. Set to undef to use /bin/sh
45 our $posix_sh_bin = undef;
47 # Path to Perl executable to use. Set to undef to use Perl found in $PATH
48 our $perl_bin = undef;
50 # Path to gzip executable to use. Set to undef to use gzip found in $PATH
51 our $gzip_bin = undef;
53 # Path to the sendmail instance to use. It should understand the -f <from>, -i and -t
54 # options as well as accepting a list of recipient addresses in order to be used here.
55 # You MUST set this, even if to '/usr/sbin/sendmail'!
56 # Setting this to 'sendmail.pl' is special and will automatically be expanded to
57 # a full path to the ../bin/sendmail.pl executable in this Girocco installation.
58 # sendmail.pl is a sendmail-compatible script that delivers the message directly
59 # using SMTP to a mail relay host. This is the recommended configuration as it
60 # minimizes the information exposed to recipients (no sender account names or uids),
61 # can talk to an SMTP server on another host (eliminating the need for a working
62 # sendmail and/or SMTP server on this host) and avoids any unwanted address rewriting.
63 # By default it expects the mail relay to be listening on localhost port 25.
64 # See the sendmail.pl section below for more information on configuring sendmail.pl.
65 our $sendmail_bin = 'sendmail.pl';
67 # E-mail of the site admin
68 our $admin = 'admin@example.org';
71 # This is the SMTP 'MAIL FROM:' value
72 # It will be passed to $sendmail_bin with the -f option
73 # Some sites may not allow non-privileged users to pass the -f option to
74 # $sendmail_bin. In that case set this to undef and no -f option will be
75 # passed which means the 'MAIL FROM:' value will be the user the mail is
76 # sent as (either $cgi_user or $mirror_user depending on the activity).
77 # To avoid having bounce emails go to $admin, this may be set to something
78 # else such as 'admin-noreply@example.org' and then the 'admin-noreply' address
79 # may be redirected to /dev/null. Setting this to '' or '<>' is not
80 # recommended because that will likely cause the emails to be marked as SPAM
81 # by the receiver's SPAM filter. If $sendmail_bin is set to 'sendmail.pl' this
82 # value must be acceptable to the receiving SMTP server as a 'MAIL FROM:' value.
83 # If this is set to undef and 'sendmail.pl' is used, the 'MAIL FROM:' value will
84 # be the user the mail is sent as (either $cgi_user or $mirror_user).
87 # Copy $admin on failure/recovery messages?
90 # Girocco branch to use for html.cgi view source links (undef for HEAD)
91 our $giroccobranch = undef;
94 # If the PATH needs to be customized to find required executables on
95 # the system, it can be done here.
96 # For example something like this:
97 #$ENV{PATH} = substr(`/usr/bin/getconf PATH`,0,-1).":/usr/local/bin";
101 ## ----------------------
102 ## Git user agent strings
103 ## ----------------------
106 # Git clients (i.e. fetch/clone) always send a user agent string when fetching
107 # over HTTP. Since version 1.7.12.1 an 'agent=' capability string is included
108 # as well which affects git:, smart HTTP and ssh: protocols.
110 # These settings allow the default user agent string to be changed independently
111 # for fetch/clone operations (only matters if $mirror is true) and server
112 # operations (some other Git client fetching from us). Note that it is not
113 # possible to suppress the capability entirely although it can be set to an
114 # empty string. If these values are not set, the default user agent string
115 # will be used. Typically (unless Git was built with non-standard options) the
116 # default is "git/" plus the version. So for example "git/1.8.5.6" or
117 # "git/2.1.4" might be seen.
119 # One might want to change the default user agent strings in order to prevent
120 # an attacker from learning the exact Git version being used to avoid being
121 # able to quickly target any version-specific vulnerabilities. Note that
122 # no matter what's set here, an attacker can easily determine whether a server
123 # is running JGit, libgit2 or Git and for Git whether it's version 1.7.12.1 or
124 # later. A reasonable value to hide the exact Git version number while
125 # remaining compatible with servers that require a "Git/" user agent string
126 # would be something like "git/2" or even just "git/".
128 # The GIT_USER_AGENT value to use when acting as a client (i.e. clone/fetch)
129 # This value is only used if $mirror is true and at least one mirror is set up.
130 # Setting this to the empty string will suppress the HTTP User-Agent header,
131 # but will still include an "agent=" capability in the packet protocol. The
132 # empty string is not recommended because some servers match on "git/".
133 # Leave undef to use the default Git user agent string
134 # IMPORTANT: some server sites will refuse to serve up Git repositories unless
135 # the client user agent string contains "Git/" (matched case insensitively)!
136 our $git_client_ua = undef;
138 # The GIT_USER_AGENT value to use when acting as a server (i.e. some Git client
139 # is fetching/cloning from us).
140 # Leave undef to use the default Git user agent string
141 our $git_server_ua = undef;
150 # Enable mirroring mode if true (see "Foreign VCS mirrors" section below)
153 # Enable push mode if true
156 # If both $mirror and $push are enabled, setting this to 'mirror' pre-selects
157 # mirror mode on the initial regproj display, otherwise 'push' mode will be
158 # pre-selected. When forking the initial mode will be 'push' if $push enabled.
159 our $initial_regproj_mode = 'mirror';
161 # Enable user management if true; this means the interface for registering
162 # user accounts and uploading SSH keys. This implies full chroot.
163 our $manage_users = 1;
165 # Minimum key length (in bits) for uploaded SSH RSA/DSA keys.
166 # If this is not set (i.e. undef) keys as small as 512 bits will be allowed.
167 # Nowadays keys less than 2048 bits in length should probably not be allowed.
168 # Note, however, that versions of OpenSSH starting with 4.3p1 will only generate
169 # DSA keys of exactly 1024 bits in length even though that length is no longer
170 # recommended. (OpenSSL can be used to generate DSA keys with lengths > 1024.)
171 # OpenSSH does not have any problem generating RSA keys longer than 1024 bits.
172 # This setting is only checked when new keys are added so setting it/increasing it
173 # will not affect existing keys. For maximum compatibility a value of 1024 may
174 # be used however 2048 is recommended. Setting it to anything other than 1024,
175 # 2048 or 3072 may have the side effect of making it very difficult to generate
176 # DSA keys that satisfy the restriction (but RSA keys should not be a problem).
177 # Note that no matter what setting is specified here keys smaller than 512 bits
178 # will never be allowed via the reguser.cgi/edituser.cgi interface.
179 # RECOMMENDED VALUE: 2048 (ok) or 3072 (better)
180 our $min_key_length = 3072;
182 # Disable DSA public keys?
183 # If this is set to 1, adding DSA keys at reguser.cgi/edituser.cgi time will be
184 # prohibited. If $pushurl is undef then this is implicitly set to 1 since DSA
185 # keys are not usable with https push.
186 # OpenSSH will only generate 1024 bit DSA keys starting with version 4.3p1.
187 # Even if OpenSSL is used to generate a longer DSA key (which can then be used
188 # with OpenSSH), the SSH protocol itself still forces use of SHA-1 in the DSA
189 # signature blob which tends to defeat the purpose of going to a longer key in
190 # the first place. So it may be better from a security standpoint to simply
191 # disable DSA keys especially if $min_key_length and $rsakeylength have been set
192 # to something higher such as 3072 or 4096. This setting is only checked when
193 # new keys are added so setting it/increasing it will not affect existing keys.
194 # There is no way to disable DSA keys in the OpenSSH server config file itself.
195 # If this is set to 1, no ssh_host_dsa_key will be generated or used with the
196 # sshd running in the jail (but if the sshd_config has already been generated
197 # in the jail, it must be removed and 'sudo make install' run again or otherwise
198 # the sshd_config needs to be edited by hand for the change to take effect).
199 # RECOMMENDED VALUE: 1
200 our $disable_dsa = 1;
202 # Enable the special 'mob' user if set to 'mob'
205 # Let users set admin passwords; if false, all password inputs are assumed empty.
206 # This will make new projects use empty passwords and all operations on them
207 # unrestricted, but you will be able to do no operations on previously created
208 # projects you have set a password on.
209 our $project_passwords = 1;
211 # How to determine project owner; 'email' adds a form item asking for their
212 # email contact, 'source' takes realname of owner of source repository if it
213 # is a local path (and empty string otherwise). 'source' is suitable in case
214 # the site operates only as mirror of purely local-filesystem repositories.
215 our $project_owners = 'email';
217 # Which project fields to make editable, out of 'shortdesc', 'homepage', 'README',
218 # 'cleanmirror', 'notifymail', 'reverseorder', 'summaryonly', 'notifytag' and 'notifyjson'
219 # 'notifycia' was used by the now defunct CIA service and while allowing it to
220 # be edited does work and the value is saved, the value is totally ignored by Girocco
221 our @project_fields = qw(cleanmirror homepage shortdesc README notifymail reverseorder summaryonly notifytag notifyjson);
223 # Minimal number of seconds to pass between two updates of a project.
224 our $min_mirror_interval = 3600; # 1 hour
226 # Minimal number of seconds to pass between two garbage collections of a project.
227 our $min_gc_interval = 604800; # 1 week
229 # Minimal number of seconds to pass after first failure before sending failure email.
230 # A mirror update failed message will not be sent until mirror updates have been
231 # failing for at least this long. Set to 0 to send a failure message right away
232 # (provided the $min_mirror_failure_message_count coundition has been met).
233 our $min_mirror_failure_message_interval = 216000; # 2.5 days
235 # Minimal number of consecutive failures required before sending failure email.
236 # A mirror update failed message will not be sent until mirror updates have failed
237 # for this many consecutive updates. Set to 0 to send a failure message right away
238 # (provided the $min_mirror_failure_message_interval coundition has been met).
239 our $min_mirror_failure_message_count = 3;
241 # Maximum window memory size when repacking. If this is set, it will be used
242 # instead of the automatically computed value if it's less than that value.
243 # May use a 'k', 'm', or 'g' suffix otherwise value is in bytes.
244 our $max_gc_window_memory_size = undef;
246 # Maximum big file threshold size when repacking. If this is set, it will be
247 # used instead of the automatically computed value if it's less than that value.
248 # May use a 'k', 'm', or 'g' suffix otherwise value is in bytes.
249 our $max_gc_big_file_threshold_size = undef;
251 # Whether or not to run the ../bin/update-pwd-db script whenever the etc/passwd
252 # database is changed. This is typically needed (i.e. set to a true value) for
253 # FreeBSD style systems when using an sshd chroot jail for push access. So if
254 # $pushurl is undef or the system Girocco is running on is not like FreeBSD
255 # (e.g. a master.passwd file that must be transformed into pwd.db and spwd.db), then
256 # this setting should normally be left false (i.e. 0). See comments in the
257 # provided ../bin/update-pwd-db script about when and how it's invoked.
258 our $update_pwd_db = 0;
260 # Port the sshd running in the jail should listen on
261 # Be sure to update $pushurl to match
262 # Not used if $pushurl is undef
263 our $sshd_jail_port = 22;
265 # If this is true then host names used in mirror source URLs will be checked
266 # and any that are not DNS names (i.e. IPv4 or IPv6) or match one of the DNS
267 # host names in any of the URL settings below will be rejected.
268 our $restrict_mirror_hosts = 1;
270 # If $restrict_mirror_hosts is enabled this is the minimum number of labels
271 # required in a valid dns name. Normally 2 is the correct value, but if
272 # Girocco is being used internally where a common default or search domain
273 # is set for everyone then this should be changed to 1 to allow a dns name
274 # with a single label in it. No matter what is set here at least 1 label
275 # is always required when $restrict_mirror_hosts is enabled.
276 our $min_dns_labels = 2;
278 # If $xmllint_readme is true then the contents of the README.html section
279 # will be passed through xmllint and any errors must be corrected before
280 # it can be saved. If this is set to true then xmllint must be in the $PATH.
281 # RECOMMENDED VALUE: 1
282 our $xmllint_readme = 0;
286 ## -------------------
287 ## Foreign VCS mirrors
288 ## -------------------
291 # Note that if any of these settings are changed from true to false, then
292 # any pre-existing mirrors using the now-disabled foreign VCS will stop
293 # updating, new mirrors using the now-disabled foreign VCS will be disallowed
294 # and attempts to update ANY project settings for a pre-existing project that
295 # uses a now-disabled foreign VCS source URL will also be disallowed.
297 # If $mirror is true and $mirror_svn is true then mirrors from svn source
298 # repositories will be allowed (and be converted to Git). These URLs have
299 # the form svn://... or svn+http://... or svn+https://...
300 # Note that for this to work the "svn" command line command must be available
301 # in PATH and the "git svn" commands must work (which generally requires both
302 # Perl and the subversion perl bindings be installed).
305 # Prior to Git v1.5.1, git-svn always used a log window size of 1000.
306 # Starting with Git v1.5.1, git-svn defaults to using a log window size of 100
307 # and provides a --log-window-size= option to change it. Starting with Git
308 # v2.2.0, git-svn disconnects and reconnects to the server every log window size
309 # interval to attempt to reduce memory use by git-svn. If $svn_log_window_size
310 # is undefined, Girocco will use a log window size of 250 (instead of the
311 # the default 100). If $svn_log_window_size is set, Girocco will use that
312 # value instead. Beware that setting it too low (i.e. < 50) will almost
313 # certainly cause performance issues if not failures. Unless there are concerns
314 # about git-svn memory use on a server with extremely limited memory, the
315 # value of 250 that Girocco uses by default should be fine. Obviously if
316 # $mirror or $mirror_svn is false this setting is irrelevant.
317 our $svn_log_window_size = undef;
319 # If $mirror is true and $mirror_darcs is true then mirrors from darcs source
320 # repositories will be allowed (and be converted to Git). These URLs have
321 # the form darcs://...
322 # Note that for this to work the "darcs" command line command must be available
323 # in PATH and so must python (required to run the darcs-fast-export script).
324 our $mirror_darcs = 1;
326 # If $mirror is true and $mirror_bzr is true then mirrors from bzr source
327 # repositories will be allowed (and be converted to Git). These URLs have
329 # Note that for this to work the "bzr" command line command must be available
330 # in PATH (it's a python script so python is required as well).
333 # If $mirror is true and $mirror_hg is true then mirrors from hg source
334 # repositories will be allowed (and be converted to Git). These URLs have
335 # the form hg+http://... or hg+https://...
336 # Note that for this to work the "hg" command line command must be available
337 # in PATH and so must python (required to run the hg-fast-export.py script).
338 # Note that if the PYTHON environment variable is set that will be used instead
339 # of just plain "python" to run the hg-fast-export.py script (which needs to
340 # be able to import from mercurial).
350 # Path where the main chunk of Girocco files will be installed
351 # This will get COMPLETELY OVERWRITTEN by each make install!!!
352 our $basedir = '/home/repo/repomgr';
354 # Path where the automatically generated non-user certificates will be stored
355 # (The per-user certificates are always stored in $chroot/etc/sshcerts/)
356 # This is preserved by each make install and MUST NOT be under $basedir!
357 # Not used unless $httpspushurl is defined
358 our $certsdir = '/home/repo/certs';
360 # The repository collection
361 # "$reporoot/_recyclebin" will also be created for use by toolbox/trash-project.pl
362 our $reporoot = "/srv/git";
364 # The repository collection's location within the chroot jail
365 # Normally $reporoot will be bind mounted onto $chroot/$jailreporoot
366 # Should NOT start with '/'
367 our $jailreporoot = "srv/git";
369 # The chroot for ssh pushing; location for project database and other run-time
370 # data even in non-chroot setups
371 our $chroot = "/home/repo/j";
373 # The gitweb files web directory (corresponds to $gitwebfiles)
374 # Note that it is safe to place this under $basedir since it's set up after
375 # $basedir is completely replaced during install time. Be WARNED, however,
376 # that normally the install process only adds/replaces things in $webroot,
377 # but if $webroot is under $basedir then it will be completely removed and
378 # rebuilt each time "make install" is run. This will make gitweb/git-browser
379 # web services very briefly unavailable while this is happening.
380 our $webroot = "/home/repo/www";
382 # The CGI-enabled web directory (corresponds to $gitweburl and $webadmurl)
383 # This will not be web-accessible except that if any aliases point to
384 # a *.cgi file in here it will be allowed to run as a cgi-script.
385 # Note that it is safe to place this under $basedir since it's set up after
386 # $basedir is completely replaced during install time. Be WARNED, however,
387 # that normally the install process only adds/replaces things in $cgiroot,
388 # but if $cgiroot is under $basedir then it will be completely removed and
389 # rebuilt each time "make install" is run. This will make gitweb/git-browser
390 # web services very briefly unavailable while this is happening.
391 our $cgiroot = "/home/repo/cgibin";
393 # A web-accessible symlink to $reporoot (corresponds to $httppullurl, can be undef)
394 # If using the sample apache.conf (with paths suitably updated) this is not required
395 # to serve either smart or non-smart HTTP repositories to the Git client
396 our $webreporoot = "/home/repo/www/r";
398 # The location to store the project list cache, gitweb project list and gitweb
399 # cache file. Normally this should not be changed. Note that it must be in
400 # a directory that is writable by $mirror_user and $cgi_user (just in case the
401 # cache file is missing). The directory should have its group set to $owning_group.
402 # Again, this setting should not normally need to be changed.
403 our $projlist_cache_dir = "$chroot/etc";
407 ## ----------------------------------------------------
408 ## Certificates (only used if $httpspushurl is defined)
409 ## ----------------------------------------------------
412 # path to root certificate (undef to use automatic root cert)
413 # this certificate is made available for easy download and should be whatever
414 # the root certificate is for the https certificate being used by the web server
415 our $rootcert = undef;
417 # The certificate to sign user push client authentication certificates with (undef for auto)
418 # The automatically generated certificate should always be fine
419 our $clientcert = undef;
421 # The private key for $clientcert (undef for auto)
422 # The automatically generated key should always be fine
423 our $clientkey = undef;
425 # The client certificate chain suffix (a pemseq file to append to user client certs) (undef for auto)
426 # The automatically generated chain should always be fine
427 # This suffix will also be appended to the $mobusercert before making it available for download
428 our $clientcertsuffix = undef;
430 # The mob user certificate signed by $clientcert (undef for auto)
431 # The automatically generated certificate should always be fine
432 # Not used unless $mob is set to 'mob'
433 # The $clientcertsuffix will be appended before making $mobusercert available for download
434 our $mobusercert = undef;
436 # The private key for $mobusercert (undef for auto)
437 # The automatically generated key should always be fine
438 # Not used unless $mob is set to 'mob'
439 our $mobuserkey = undef;
441 # Server alt names to embed in the auto-generated girocco_www_crt.pem certificate.
442 # The common name (CN) in the server certificate is the host name from $httpspushurl.
443 # By default no server alt names are embedded (not even the host from $httpspushurl).
444 # If the web server configuration is not using this auto-generated server certificate
445 # then the values set here will have no impact and this setting can be ignored.
446 # To embed server alternative names, list each (separated by spaces). The names
447 # may be DNS names, IPv4 addresses or IPv6 addresses (NO surrounding '[' ']' please).
448 # If ANY DNS names are included here be sure to also include the host name from
449 # the $httpspushurl or else standards-conforming clients will fail with a host name
450 # mismatch error when they attempt to verify the connection.
451 #our $wwwcertaltnames = 'example.com www.example.com git.example.com 127.0.0.1 ::1';
452 our $wwwcertaltnames = undef;
454 # The key length for automatically generated RSA private keys (in bits).
455 # These keys are then used to create the automatically generated certificates.
456 # If undef or set to a value less than 2048, then 2048 will be used.
457 # Set to 3072 to generate more secure keys/certificates. Set to 4096 (or higher) for
458 # even greater security. Be warned that setting to a non-multiple of 8 and/or greater
459 # than 4096 could negatively impact compatibility with some clients.
460 # The values 2048, 3072 and 4096 are expected to be compatible with all clients.
461 # Note that OpenSSL has no problem with > 4096 or non-multiple of 8 lengths.
462 # See also the $min_key_length setting above to restrict user key sizes.
463 # This value is also used when generating the ssh_host_rsa_key for the chroot jail sshd.
464 # RECOMMENDED VALUE: 3072
465 our $rsakeylength = 3072;
474 # URL of the gitweb.cgi script (must be in pathinfo mode). If the sample
475 # apache.conf configuration is used, the trailing "/w" is optional.
476 our $gitweburl = "http://repo.or.cz/w";
478 # URL of the extra gitweb files (CSS, .js files, images, ...)
479 our $gitwebfiles = "http://repo.or.cz";
481 # URL of the Girocco CGI web admin interface (Girocco cgi/ subdirectory)
482 # e.g. reguser.cgi, edituser.cgi, regproj.cgi, editproj.cgi etc.
483 our $webadmurl = "http://repo.or.cz";
485 # URL of the Girocco CGI bundles information generator (Girocco cgi/bundles.cgi)
486 # If the sample apache.conf configuration is used, the trailing "/b" is optional.
487 # This is different from $httpbundleurl. This URL lists all available bundles
488 # for a project and returns that as an HTML page.
489 our $bundlesurl = "http://repo.or.cz/b";
491 # URL of the Girocco CGI html templater (Girocco cgi/html.cgi)
492 # If mod_rewrite is enabled and the sample apache.conf configuration is used,
493 # the trailing "/h" is optional when the template file name ends in ".html"
494 # (which all the provided ones do).
495 our $htmlurl = "http://repo.or.cz/h";
497 # HTTP URL of the repository collection (undef if N/A)
498 # If the sample apache.conf configuration is used, the trailing "/r" is optional.
499 our $httppullurl = "http://repo.or.cz/r";
501 # HTTP URL of the repository collection when fetching a bundle (undef if N/A)
502 # Normally this will be the same as $httppullurl, but note that the bundle
503 # fetching logic is located in git-http-backend-verify so whatever URL is
504 # given here MUST end up running the git-http-backend-verify script!
505 # For example, if we're fetching the 'clone.bundle' for the 'girocco.git'
506 # repository, the final URL will be "$httpbundleurl/girocco.git/clone.bundle"
507 # If the sample apache.conf configuration is used, the trailing "/r" is optional.
508 # This is different from $bundlesurl. This URL fetches a single Git-format
509 # .bundle file that is only usable with the 'git bundle' command.
510 our $httpbundleurl = "http://repo.or.cz/r";
512 # HTTPS push URL of the repository collection (undef if N/A)
513 # If this is defined, the openssl command must be available
514 # The sample apache.conf configuration requires mod_ssl, mod_authn_anon and
515 # mod_rewrite be enabled to support https push operations.
516 # Normally this should be set to $httppullurl with http: replaced with https:
517 # If the sample apache.conf configuration is used, the trailing "/r" is optional.
518 our $httpspushurl = undef;
520 # Git URL of the repository collection (undef if N/A)
521 # (You need to set up git-daemon on your system, and Girocco will not
522 # do this particular thing for you.)
523 our $gitpullurl = "git://repo.or.cz";
525 # Pushy SSH URL of the repository collection (undef if N/A)
526 # Note that the "/$jailreporoot" portion is optional and will be automatically
527 # added if appropriate when omitted by the client so this URL can typically
528 # be made the same as $gitpullurl with git: replaced with ssh:
529 our $pushurl = "ssh://repo.or.cz/$jailreporoot";
531 # URL of gitweb of this Girocco instance (set to undef if you're not nice
533 our $giroccourl = "$Girocco::Config::gitweburl/girocco.git";
537 ## -------------------
538 ## web server controls
539 ## -------------------
542 # If true then non-smart HTTP access will be disabled
543 # There's normally no reason to leave non-smart HTTP access enabled
544 # since downloadable bundles are provided. However, in case the
545 # non-smart HTTP access is needed for some reason, this can be set to undef or 0.
546 # This affects access via http: AND https: and processing of apache.conf.in.
547 # Note that this setting does not affect gitweb, ssh: or git: URL access in any way.
548 # RECOMMENDED VALUE: 1
549 our $SmartHTTPOnly = 1;
551 # If true, the https <VirtualHost ...> section in apache.conf.in will be
552 # automatically enabled when it's converted to apache.conf by the conversion
553 # script. Do NOT enable this unless the required Apache modules are present
554 # and loaded (mod_ssl, mod_rewrite, mod_authn_anon) AND $httpspushurl is
555 # defined above otherwise the server will fail to start (with various errors)
556 # when the resulting apache.conf is used.
561 ## ------------------------
562 ## Some templating settings
563 ## ------------------------
566 # Legal warning (on reguser and regproj pages)
567 our $legalese = <<EOT;
568 <p>By submitting this form, you are confirming that you will mirror or push
569 only what we can store and show to anyone else who can visit this site without
570 breaking any law, and that you will be nice to all small furry animals.
571 <sup class="sup"><span><a href="/h/about.html">(more details)</a></span></sup>
575 # Pre-configured mirror sources (set to undef for none)
576 # Arrayref of name - record pairs, the record has these attributes:
577 # label: The label of this source
578 # url: The template URL; %1, %2, ... will be substituted for inputs
579 # desc: Optional VERY short description
580 # link: Optional URL to make the desc point at
581 # inputs: Arrayref of hashref input records:
582 # label: Label of input record
583 # suffix: Optional suffix
584 # If the inputs arrayref is undef, single URL input is shown,
585 # pre-filled with url (probably empty string).
586 our $mirror_sources = [
590 desc
=> 'Any HTTP/Git/rsync pull URL - bring it on!',
595 url
=> 'https://github.com/%1/%2.git',
596 desc
=> 'GitHub Social Code Hosting',
597 link => 'http://github.com/',
598 inputs
=> [ { label
=> 'User:' }, { label
=> 'Project:', suffix
=> '.git' } ]
602 url
=> 'https://gitlab.com/%1/%2.git',
603 desc
=> 'Engulfed the Green and Orange Boxes',
604 link => 'https://gitlab.com/',
605 inputs
=> [ { label
=> 'Project:' }, { label
=> 'Repository:', suffix
=> '.git' } ]
609 # You can customize the gitweb interface widely by editing
610 # gitweb/gitweb_config.perl
614 ## -------------------
615 ## Permission settings
616 ## -------------------
619 # Girocco needs some way to manipulate write permissions to various parts of
620 # all repositories; this concerns three entities:
621 # - www-data: the web interface needs to be able to rewrite few files within
623 # - repo: a user designated for cronjobs; handles mirroring and repacking;
624 # this one is optional if not $mirror
625 # - others: the designated users that are supposed to be able to push; they
626 # may have account either within chroot, or outside of it
628 # There are several ways how to use Girocco based on a combination of the
629 # following settings.
631 # (Non-chroot) UNIX user the CGI scripts run on; note that if some non-related
632 # untrusted CGI scripts run on this account too, that can be a big security
633 # problem and you'll probably need to set up suexec (poor you).
634 # This must always be set.
635 our $cgi_user = 'www-data';
637 # (Non-chroot) UNIX user performing mirroring jobs; this is the user who
638 # should run all the daemons and cronjobs and
639 # the user who should be running make install (if not root).
640 # This must always be set.
641 our $mirror_user = 'repo';
643 # (Non-chroot) UNIX group owning the repositories by default; it owns whole
644 # mirror repositories and at least web-writable metadata of push repositories.
645 # If you undefine this, all the data will become WORLD-WRITABLE.
646 # Both $cgi_user and $mirror_user should be members of this group!
647 our $owning_group = 'repo';
649 # Whether to use chroot jail for pushing; this must be always the same
651 # TODO: Gitosis support for $manage_users and not $chrooted?
652 our $chrooted = $manage_users;
654 # How to control permissions of push-writable data in push repositories:
655 # * 'Group' for the traditional model: The $chroot/etc/group project database
656 # file is used as the UNIX group(5) file; the directories have gid appropriate
657 # for the particular repository and are group-writable. This works only if
658 # $chrooted so that users are put in the proper groups on login when using
659 # SSH push. Smart HTTPS push does not require a chroot to work -- simply
660 # run "make install" as the non-root $mirror_user user, but leave
661 # $manage_users and $chrooted enabled.
662 # * 'ACL' for a model based on POSIX ACL: The directories are coupled with ACLs
663 # listing the users with push permissions. This works for both chroot and
664 # non-chroot setups, however it requires ACL support within the filesystem.
665 # This option is BASICALLY UNTESTED, too. And UNIMPLEMENTED. :-)
666 # * 'Hooks' for a relaxed model: The directories are world-writable and push
667 # permission control is purely hook-driven. This is INSECURE and works only
668 # when you trust all your users; on the other hand, the attack vectors are
669 # mostly just DoS or fully-traceable tinkering.
670 our $permission_control = 'Group';
672 # Path to alternate screen multiuser acl file (see screen/README, undef for none)
673 our $screen_acl_file = undef;
675 # Reserved project name and user name suffixes.
677 # Note that with personal mob branches enabled, a user name can end up being a
678 # file name after having a 'mob.' prefix added or a directory name after having
679 # a 'mob_' prefix added. If there is ANY possibility that a file with a
680 # .suffix name may need to be served by the web server, lc(suffix) SHOULD be in
681 # this hash! Pre-existing project names or user names with a suffix in this
682 # table can continue to be used, but no new projects or users can be created
683 # that have a suffix (case-insensitive) listed here.
684 our %reserved_suffixes = (
685 # Entries must be lowercase WITHOUT a leading '.'
724 ## -------------------------
725 ## sendmail.pl configuration
726 ## -------------------------
729 # Full information on available sendmail.pl settings can be found by running
730 # ../bin/sendmail.pl -v -h
732 # These settings will only used if $sendmail_bin is set to 'sendmail.pl'
734 # sendmail.pl host name
735 #$ENV{'SENDMAIL_PL_HOST'} = 'localhost'; # localhost is the default
737 # sendmail.pl port name
738 #$ENV{'SENDMAIL_PL_PORT'} = '25'; # port 25 is the default
740 # sendmail.pl nc executable
741 #$ENV{'SENDMAIL_PL_NCBIN'} = "$chroot/bin/nc.openbsd"; # default is nc found in $PATH
743 # sendmail.pl nc options
744 # multiple options may be included, e.g. '-4 -X connect -x 192.168.100.10:8080'
745 #$ENV{'SENDMAIL_PL_NCOPT'} = '-4'; # force IPv4, default is to allow IPv4 & IPv6
749 ## -------------------------
750 ## Obscure Tuneable Features
751 ## -------------------------
754 # Throttle classes configured here override the defaults for them that
755 # are located in taskd/taskd.pl. See comments in that file for more info.
756 our @throttle_classes = ();
758 # Any tag names listed here will be allowed even if they would otherwise not be.
759 # Note that @allowed_tags takes precedence over @blocked_tags.
760 our @allowed_tags = ();
762 # Any tag names listed here will be disallowed in addition to the standard
763 # list of nonsense words etc. that are blocked as tags.
764 our @blocked_tags = ();
766 # If there are no more than this many objects, then all deltas will be
767 # recomputed when gc takes place. Note that this does not affect any
768 # fast-import created packs as they ALWAYS have their deltas recomputed.
769 # Also when combining small packs, if the total object count in the packs
770 # to be combined is no more than this then the new, combined pack will have
771 # its deltas recomputed during the combine operation.
772 # Leave undef to use the default (which should generally be fine).
773 # Lowering this from the default can increase disk use.
774 # Values less than 1000 * number of CPU cores will be silently ignored.
775 # The "girocco.redelta" config item can be used to modify this behavior on
776 # a per-repository basis. See the description of it in gc.sh.
777 our $new_delta_threshold = undef;
779 # This setting is irrelevant unless foreign vcs mirrors that use git fast-import
780 # are enabled (e.g. $mirror_darcs, $mirror_bzr or $mirror_hg -- $mirror_svn does
781 # NOT use git fast-import and is not affected by this setting).
782 # The packs generated by git fast-import are very poor quality. For this reason
783 # they ALWAYS have their deltas recomputed at some point. Normally this is
784 # delayed until the next full (or mini) gc takes place. For this reason a full
785 # gc is always scheduled immediately after a fresh mirror clone completes.
786 # However, in the case of normal mirror updates, several git fast-import created
787 # packs may exist as a result of changes fetched during the normal mirror update
788 # process. These packs will persist (with their git fast-import poor quality)
789 # until the next full (or mini) gc triggers. The bad deltas in these update
790 # packs could be sent down to clients who fetch updates before the next gc
791 # triggers. To reduce (i.e. practically eliminate) the likelihood of this
792 # occurring, this setting can be changed to a false (0 or undef) value in which
793 # case after each mirror update of a git fast-import mirror, any newly created
794 # git fast-import packs (as a result of the mirror update running) will have
795 # their deltas recomputed shortly thereafter instead of waiting for the next gc.
796 # Recomputing deltas immediately (almost immediately) will result in an extra
797 # redeltification step (with associated CPU cost) that would otherwise not
798 # occur and, in some cases (mainly large repositories), could ultimately result
799 # in slightly less efficient deltas being retained.
800 # RECOMMENDED VALUE: 1
801 our $delay_gfi_redelta = 1;
803 # If this is set to a true value, then core.packedGitWindowSize will be set
804 # to 1 MiB (the same as if Git was compiled with NO_MMAP set). If this is NOT
805 # set, core.packedGitWindowSize will be set to 32 MiB (even on 64-bit) to avoid
806 # memory blowout. If your Git was built with NO_MMAP set and will not work
807 # without NO_MMAP set, you MUST set this to a true value!
808 our $git_no_mmap = undef;
810 # If set to a true value, the "X-Girocco: $gitweburl" header included in all
811 # Girocco-generated emails will be suppressed.
812 our $suppress_x_girocco = undef;
814 # Number of days to keep reflogs around
815 # May be set to a value between 1 and 30 (inclusive)
816 # The default of one day should normally suffice unless there's a need to
817 # support a "Where's the undo? WHERE IS THE UNDO?!!!" option ;)
818 our $reflogs_lifetime = 1;
820 # The pack.window size to use with git upload-pack
821 # When Git is creating a pack to send down to a client, if it needs to send
822 # down objects that are deltas against objects it is not sending and that it
823 # does not know the client already has, it must undelta and recompute deltas
824 # for those objects. This is the "Compressing objects" objects phase the
825 # client sees during a fetch or clone. If this value is unset, the normal
826 # Git default of 10 will be used for the window size during these operations.
827 # This value may be set to a number between 2 and 50 inclusive to change the
828 # window size during upload pack operations. A window size of 2 provides the
829 # fastest response at the expense of less efficient deltas for the objects
830 # being recompressed (meaning more data to send to the client). A window
831 # size of 5 typically reduces the compression time by almost half and is
832 # usually nearly as fast as a window size of 2 while providing better deltas.
833 # A window size of 50 will increase the time spent in the "Compressing objects"
834 # phase by as much as 5 times but will produce deltas similar to those that
835 # Girocco generates when it performs garbage collection.
836 # RECOMMENDED VALUE: undef or 5
837 our $upload_pack_window = undef;
839 # When using pack bitmaps and computing data to send to clients over a fetch,
840 # having pack.writeBitmapHashCache set to true produces better deltas (thereby
841 # potentially reducing the amount of data that needs to be sent). However,
842 # JGit does not understand this extra data, so if JGit needs to use the bitmaps
843 # generated when Girocco runs Git, this setting needs to be set to a true value
844 # so that the hash cache is excluded when Git generates the bitmaps thereby
845 # making them compatible with JGit.
846 # Note that changes to this setting will not take effect until the next time
847 # gc is scheduled to run on a project and then only if gc actually takes place.
848 # Use the $basedir/toolbox/make-all-gc-eligible.sh script to force all projects
849 # to actually do a gc the next time they are scheduled for one.
850 # RECOMMENDED VAALUE: undef or 0
851 our $jgit_compatible_bitmaps = 0;
855 ## ------------------------
856 ## Sanity checks & defaults
857 ## ------------------------
859 # Changing anything in this section can result in unexpected breakage
861 # Couple of sanity checks and default settings (do not change these)
862 use Digest
::MD5
qw(md5);
863 use MIME
::Base64
qw(encode_base64);
865 $nickname = lc((split(/[.]/, $name))[0]) unless $nickname;
866 $nickname =~ s/\s+/_/gs;
867 our $tmpsuffix = substr(encode_base64
(md5
($name.':'.$nickname)),0,6);
868 $tmpsuffix =~ tr
,+/,=_
,;
869 ($mirror_user) or die "Girocco::Config: \$mirror_user must be set even if to current user";
870 ($basedir) or die "Girocco::Config: \$basedir must be set";
871 ($sendmail_bin) or die "Girocco::Config: \$sendmail_bin must be set";
872 $sendmail_bin = "$basedir/bin/sendmail.pl" if $sendmail_bin eq "sendmail.pl";
873 $screen_acl_file = "$basedir/screen/giroccoacl" unless $screen_acl_file;
874 $jailreporoot =~ s
,^/+,,;
875 ($reporoot) or die "Girocco::Config \$reporoot must be set";
876 ($jailreporoot) or die "Girocco::Config \$jailreporoot must be set";
877 (not $mob or $mob eq 'mob') or die "Girocco::Config \$mob must be undef (or '') or 'mob'";
878 (not $min_key_length or $min_key_length =~ /^[1-9][0-9]*$/)
879 or die "Girocco::Config \$min_key_length must be undef or numeric";
880 $admincc = $admincc ?
1 : 0;
881 $rootcert = "$certsdir/girocco_root_crt.pem" if $httpspushurl && !$rootcert;
882 $clientcert = "$certsdir/girocco_client_crt.pem" if $httpspushurl && !$clientcert;
883 $clientkey = "$certsdir/girocco_client_key.pem" if $httpspushurl && !$clientkey;
884 $clientcertsuffix = "$certsdir/girocco_client_suffix.pem" if $httpspushurl && !$clientcertsuffix;
885 $mobusercert = "$certsdir/girocco_mob_user_crt.pem" if $httpspushurl && $mob && !$mobusercert;
886 $mobuserkey = "$certsdir/girocco_mob_user_key.pem" if $httpspushurl && $mob && !$mobuserkey;
887 our $mobpushurl = $pushurl;
888 $mobpushurl =~ s
,^ssh
://,ssh
://mob@
,i
if $mobpushurl;
889 $disable_dsa = 1 unless $pushurl;
890 $disable_dsa = $disable_dsa ?
1 : '';
891 our $httpdnsname = ($gitweburl =~ m
,https?
://([A
-Za
-z0
-9.-]+),i
) ?
lc($1) : undef if $gitweburl;
892 our $httpsdnsname = ($httpspushurl =~ m
,https
://([A
-Za
-z0
-9.-]+),i
) ?
lc($1) : undef if $httpspushurl;
893 ($mirror or $push) or die "Girocco::Config: neither \$mirror nor \$push is set?!";
894 (not $push or ($pushurl or $httpspushurl or $gitpullurl or $httppullurl)) or die "Girocco::Config: no pull URL is set";
895 (not $push or ($pushurl or $httpspushurl)) or die "Girocco::Config: \$push set but \$pushurl and \$httpspushurl are undef";
896 (not $mirror or $mirror_user) or die "Girocco::Config: \$mirror set but \$mirror_user is undef";
897 ($manage_users == $chrooted) or die "Girocco::Config: \$manage_users and \$chrooted must be set to the same value";
898 (not $chrooted or $permission_control ne 'ACL') or die "Girocco::Config: resolving uids for ACL not supported when using chroot";
899 (grep { $permission_control eq $_ } qw(Group Hooks)) or die "Girocco::Config: \$permission_control must be set to Group or Hooks";
900 ($chrooted or not $mob) or die "Girocco::Config: mob user supported only in the chrooted mode";
901 (not $httpspushurl or $httpsdnsname) or die "Girocco::Config invalid \$httpspushurl does not start with https://domainname";
902 (not $svn_log_window_size or $svn_log_window_size =~ /^[1-9][0-9]*$/)
903 or die "Girocco::Config \$svn_log_window_size must be undef or numeric";
904 (not $posix_sh_bin or $posix_sh_bin !~ /\s/) or die "Girocco::Config: \$posix_sh_bin must not contain any whitespace";
905 (not $perl_bin or $perl_bin !~ /\s/) or die "Girocco::Config: \$perl_bin must not contain any whitespace";
906 !$delay_gfi_redelta and $delay_gfi_redelta = undef;
907 !$git_no_mmap and $git_no_mmap = undef;
908 !$suppress_x_girocco and $suppress_x_girocco = undef;
909 !$jgit_compatible_bitmaps and $jgit_compatible_bitmaps = undef;
910 (not $reflogs_lifetime or $reflogs_lifetime !~ /^[1-9][0-9]*$/) and $reflogs_lifetime = 1;
911 $reflogs_lifetime = 0 + $reflogs_lifetime;
912 $reflogs_lifetime >= 0 or $reflogs_lifetime = 1;
913 $reflogs_lifetime <= 30 or $reflogs_lifetime = 30;
914 (not defined $upload_pack_window or $upload_pack_window =~ /^[1-9][0-9]*$/)
915 or die "Girocco::Config \$upload_pack_window must be undef or numeric";
916 (not defined $upload_pack_window or $upload_pack_window >= 2 && $upload_pack_window <= 50)
917 or die "Girocco::Config \$upload_pack_window must be in range 2..50";
918 defined($ENV{'SENDMAIL_PL_HOST'}) and our $sendmail_pl_host = $ENV{'SENDMAIL_PL_HOST'};
919 defined($ENV{'SENDMAIL_PL_PORT'}) and our $sendmail_pl_port = $ENV{'SENDMAIL_PL_PORT'};
920 defined($ENV{'SENDMAIL_PL_NCBIN'}) and our $sendmail_pl_ncbin = $ENV{'SENDMAIL_PL_NCBIN'};
921 defined($ENV{'SENDMAIL_PL_NCOPT'}) and our $sendmail_pl_ncopt = $ENV{'SENDMAIL_PL_NCOPT'};
922 defined($ENV{'PYTHON'}) and our $python = $ENV{'PYTHON'};
923 my $op; BEGIN {$op = $ENV{'PATH'}}
924 defined($op) && defined($ENV{'PATH'}) && $op ne $ENV{'PATH'} and our $path=$ENV{'PATH'};
926 # Make sure Git has a consistent and reproducible environment
928 $ENV{'XDG_CONFIG_HOME'} = $chroot.'/var/empty';
929 $ENV{'HOME'} = $chroot.'/etc/girocco';
930 $ENV{'TMPDIR'} = '/tmp';
931 $ENV{'GIT_CONFIG_NOSYSTEM'} = 1;
932 $ENV{'GIT_ATTR_NOSYSTEM'} = 1;
933 $ENV{'GIT_NO_REPLACE_OBJECTS'} = 1;
934 $ENV{'GIT_TERMINAL_PROMPT'} = 0;
935 $ENV{'GIT_ASKPASS'} = $basedir.'/bin/git-askpass-password';
936 delete $ENV{'GIT_USER_AGENT'};
937 $ENV{'GIT_USER_AGENT'} = $git_client_ua if defined($git_client_ua);
938 delete $ENV{'GIT_HTTP_USER_AGENT'};
939 $ENV{'GIT_HTTP_USER_AGENT'} = $git_client_ua if defined($git_client_ua);
940 delete $ENV{'GIT_CONFIG_PARAMETERS'};
941 delete $ENV{'GIT_ALTERNATE_OBJECT_DIRECTORIES'};
942 delete $ENV{'GIT_CONFIG'};
943 delete $ENV{'GIT_DIR'};
944 delete $ENV{'GIT_GRAFT_FILE'};
945 delete $ENV{'GIT_INDEX_FILE'};
946 delete $ENV{'GIT_OBJECT_DIRECTORY'};
947 delete $ENV{'GIT_NAMESPACE'};
949 # Guarantee a sane umask for Girocco
951 umask(umask() & ~0770);