1 This is the duct tape that ties repo.or.cz together. You will find
2 some hardcoded paths inside, and some other kludgy stuff.
4 The user interface is kept in the cgi/ subdirectory (repo.or.cz/m/ is symlink
7 There are two modes of operation for each project: hosting and mirroring.
13 (All uids and gids are allocated from range 65536..infty. All passwords are
14 stored in DES crypt(3) format because Apache is moronic - in the past the group
15 file was also used as htpasswd file.)
18 This is how the push access is provided:
20 The whole setup is confined in a chroot with its own instance of sshd running.
21 The chroot looks like:
23 drwxr-xr-x root repo /
24 drwxr-xr-x root repo /bin
25 ------x--x root repo /bin/sh
26 ------x--x root root /bin/git-index-pack
27 ------x--x root root /bin/git-pack-objects
28 ------x--x root root /bin/git-receive-pack
29 ------x--x root root /bin/git-repack
30 ------x--x root root /bin/git-rev-list
31 ------x--x root root /bin/git-shell
32 ------x--x root root /bin/git-unpack-objects
33 ------x--x root root /bin/git-update-server-info
34 ------x--x root root /bin/git-upload-pack
35 drwxr-xr-x root repo /sbin
36 ---x------ root repo /sbin/sshd
37 drwxr-xr-x root repo /lib
38 -r-xr-xr-x root repo /lib/libwrap.so.0
39 -r-xr-xr-x root repo /lib/libpam.so.0
40 -r-xr-xr-x root repo /lib/libresolv.so.2
41 -r-xr-xr-x root repo /lib/libcrypto.so.0.9.7
42 -r-xr-xr-x root repo /lib/libutil.so.1
43 -r-xr-xr-x root repo /lib/libz.so.1
44 -r-xr-xr-x root repo /lib/libnsl.so.1
45 -r-xr-xr-x root repo /lib/libcrypt.so.1
46 -r-xr-xr-x root repo /lib/libpthread.so.0
47 -r-xr-xr-x root repo /lib/libc.so.6
48 -r-xr-xr-x root repo /lib/ld-linux.so.2
49 -r-xr-xr-x root repo /lib/libnss_compat.so.2
50 -r-xr-xr-x root repo /lib/libgcc_s.so.1
51 -r-xr-xr-x root repo /lib/libdl.so.2
52 drwxrwsr-x repo repo /etc
53 -rw-rw-r-- www-data repo /etc/passwd
54 -rw-rw-r-- www-data repo /etc/group
55 drwxr-x--- root repo /etc/ssh
56 -rw-r--r-- root repo /etc/ssh/moduli
57 -rw------- root repo /etc/ssh/ssh_host_rsa_key
58 -rw-r--r-- root repo /etc/ssh/ssh_host_rsa_key.pub
59 -rw------- root repo /etc/ssh/ssh_host_dsa_key
60 -rw-r--r-- root repo /etc/ssh/ssh_host_dsa_key.pub
61 -rw-r--r-- root repo /etc/ssh/sshd_config
62 drwxrwsr-x repo repo /etc/sshkeys
63 drwxrwsr-x pasky repo /srv/git
64 drwxr-xr-x root repo /var
65 drwxr-xr-x root root /var/run
66 drwxr-xr-x root repo /var/run/sshd
67 ---------- 65538 root /var/run/mob
68 -rw-r--r-- root root /var/run/sshd.pid
69 drwxr-xr-x root root /srv
70 drwxr-xr-x root root /dev
71 crw-rw-rw- root root /dev/null
72 crw-rw-rw- root root /dev/zero
73 crw-rw-rw- root root /dev/random
74 cr--r--r-- root root /dev/urandom
75 srw-rw-rw- root root /dev/log
76 lrwxrwxrwx root root /usr -> .
78 There is a (non-chroot) system user 'repo' and a group of the same name (the
79 webserver is member of the group; TODO: suexec). The files in /etc are owned
80 by repo.repo and group-writable, as well as all files in /srv/git/*/ but
81 refs/**, info/**, and objects/** which are repo.project. /var/run/mob has zero
82 permissions bits but is owned by the mob user.
85 When you register a project, it will get a gid allocation and you will set a
86 password for it. The triple is stored in a group(5) file (but containing just
89 projname:crypt:gid:list,of,users
91 When you register a user, it will get a uid allocation and you will upload
92 an ssh public key for it. The user is stored in a passwd(5) file (but
93 containing just the repo.or.cz users; 65534 is nogroup):
95 username:x:uid:65534:email:/:/bin/git-shell
97 The authorized keys are stored in /etc/sshkeys/username.
99 When you (un)assign user to a project, you just manipulate the list of users
100 for the project in /etc/group. The web interface for the project administration
101 is protected by the group password; chroot/etc/group is used as the htpasswd
104 Since Apache is not in the project groups, there is a special cronjob run
105 every minute to fix up the permissions for the refs/, info/, and objects/
106 project directories, under the root user.
112 To keep things safe and neat, repo.or.cz is job-controlled: the only thing the
113 cgi script does is scheduling a clone job (by creating a directory with some
114 files at a magic location) and then the clonecheck.sh script is invoked every
115 minute by cron (under more reasonable uid) to check if there are any jobs
116 scheduled, and calls clone.sh to do the clone itself, notifying the user about
119 The script that keeps repositories up-to-date is updatecheck.sh, being run
120 by cron every hour and calling update.sh for all the relevant repositories.
122 updateglibc.sh stands somewhat out of the crowd and keeps the Git mirror of
123 the glibc CVS repository up-to-date, so it's probably not interesting for
126 To make sure a project is not pushable when in mirror mode, the last colon
127 in the /etc/group entry for the project is doubled.