Girocco/Config.pm

   1 package Girocco::Config;
   2
   3 use strict;
   4 use warnings;
   5
   6
   7 ## Basic settings
   8
   9 # Name of the service
  10 our $name = "repo.or.cz";
  11
  12 # Title of the service (as shown in gitweb)
  13 our $title = "Public Git Hosting";
  14
  15 # Path to the Git binary to use (you MUST set this, even if to /usr/bin/git!)
  16 our $git_bin = '/home/pasky/bin/git';
  17
  18 # E-mail of the site admin
  19 our $admin = 'pasky@suse.cz';
  20
  21
  22 ## Feature knobs
  23
  24 # Enable mirroring mode if true
  25 our $mirror = 1;
  26
  27 # Enable push mode if true
  28 our $push = 1;
  29
  30 # Enable user management if true
  31 our $manage_users = 1;
  32
  33 # Enable the special 'mob' user if set to 'mob'
  34 our $mob = "mob";
  35
  36
  37 ## Paths
  38
  39 # Path to the Girocco files (checkout of this project)
  40 # This will get COMPLETELY OVERWRITTEN by each make install!
  41 our $basedir = '/home/repo/repomgr';
  42
  43 # Path to the directory of the mirror queue (undef if not $mirror)
  44 our $mqueuedir = '/home/repo/repodata';
  45
  46 # The repository collection
  47 our $reporoot = "/srv/git";
  48
  49 # The chroot for ssh pushing; location for project database even in non-chroot
  50 # setups
  51 our $chroot = "/home/repo/j";
  52
  53 # The gitweb files web directory (corresponds to $gitwebfiles)
  54 our $webroot = "/home/pasky/WWW/repo";
  55
  56 # The CGI-enabled web directory (corresponds to $gitweburl and $webadmurl)
  57 our $cgiroot = "/home/pasky/WWW/repo";
  58
  59 # A web-accessible symlink to $reporoot (corresponds to $httppullurl, can be undef)
  60 our $webreporoot = "/home/pasky/WWW/repo/r";
  61
  62
  63 ## URL addresses
  64
  65 # URL of the gitweb.cgi script (must be in pathinfo mode)
  66 our $gitweburl = "http://repo.or.cz/w";
  67
  68 # URL of the extra gitweb files (CSS, .js files, images, ...)
  69 our $gitwebfiles = "http://repo.or.cz/";
  70
  71 # URL of the Girocco CGI web admin interface (Girocco cgi/ subdirectory)
  72 our $webadmurl = "http://repo.or.cz/m";
  73
  74 # URL of the Girocco CGI html templater (Girocco cgi/html.cgi)
  75 our $htmlurl = "http://repo.or.cz/h";
  76
  77 # HTTP URL of the repository collection (undef if N/A)
  78 our $httppullurl = "http://repo.or.cz/r";
  79
  80 # Git URL of the repository collection (undef if N/A)
  81 our $gitpullurl = "git://repo.or.cz/";
  82
  83 # Pushy URL of the repository collection (undef if N/A)
  84 our $pushurl = "ssh://repo.or.cz/srv/git";
  85
  86 # URL of gitweb of this Girocco instance (set to undef if you're not nice
  87 # to the community)
  88 our $giroccourl = "$Girocco::Config::gitweburl/repo.git";
  89
  90
  91 ## Some templating settings
  92
  93 # Legal warning (on reguser and regproj pages)
  94 our $legalese = <<EOT;
  95 <p>By submitting this form, you are confirming that you will mirror or push
  96 only free software and redistributing it will not violate any law
  97 of Czech Republic.
  98 <sup><a href="$Girocco::Config::htmlurl/about.html">(more details)</a></sup>
  99 </p>
 100 EOT
 101
 102 # Pre-configured mirror sources (set to undef for none)
 103 # Arrayref of name - record pairs, the record has these attributes:
 104 #       label: The label of this source
 105 #       url: The template URL; %1, %2, ... will be substituted for inputs
 106 #       desc: Optional VERY short description
 107 #       link: Optional URL to make the desc point at
 108 #       inputs: Arrayref of hashref input records:
 109 #               label: Label of input record
 110 #               suffix: Optional suffix
 111 #       If the inputs arrayref is undef, single URL input is shown,
 112 #       pre-filled with url (probably empty string).
 113 our $mirror_sources = [
 114         {
 115                 label => 'Anywhere',
 116                 url => '',
 117                 desc => 'Any HTTP/Git/rsync pull URL - bring it on!',
 118                 inputs => undef
 119         },
 120         {
 121                 label => 'GitHub',
 122                 url => 'git://github.com/%1/%2.git',
 123                 desc => 'GitHub Social Code Hosting',
 124                 link => 'http://github.com/',
 125                 inputs => [ { label => 'User:' }, { label => 'Project:', suffix => '.git' } ]
 126         },
 127         {
 128                 label => 'Gitorious',
 129                 url => 'git://gitorious.org/%1/%2.git',
 130                 desc => 'Green and Orange Boxes',
 131                 link => 'http://gitorious.org/',
 132                 inputs => [ { label => 'Project:' }, { label => 'Repository:', suffix => '.git' } ]
 133         }
 134 ];
 135
 136
 137 ## Permission settings
 138
 139 # Note that if you are going to need the fixup root cronjob
 140 # ($chrooted and $permission_control eq 'Group'), you need to update
 141 # the settings in jobs/fixup.sh as well.
 142
 143 # Girocco needs some way to manipulate write permissions to various parts of
 144 # all repositories; this concerns three entities:
 145 # - www-data: the web interface needs to be able to rewrite few files within
 146 # the repository
 147 # - repo: a user designated for cronjobs; handles mirroring and repacking;
 148 # this one is optional if not $mirror
 149 # - others: the designated users that are supposed to be able to push
 150
 151 # There are several ways how to use Girocco based on a combination of the
 152 # following settings.
 153
 154 # (Non-chroot) UNIX user the CGI scripts run on
 155 our $cgi_user = 'www-data';
 156
 157 # (Non-chroot) UNIX user performing mirroring jobs
 158 our $mirror_user = 'repo';
 159
 160 # (Non-chroot) UNIX group owning the repositories by default; it owns whole
 161 # mirror repositories and at least web-writable metadata of push repositories
 162 our $owning_group = 'repo';
 163
 164 # Whether to use chroot jail for pushing; this must be always the same
 165 # as $manage_users.
 166 # TODO: Gitosis support for $manage_users and not $chrooted?
 167 our $chrooted = $manage_users;
 168
 169 # How to control permissions of push-writable data in push repositories:
 170 # * 'Group' for the traditional model: The $chroot/etc/group project database
 171 #   file is used as the UNIX group(5) file; the directories have gid appropriate
 172 #   for the particular repository and are group-writable. This works only if
 173 #   $chrooted so that users are put in the proper groups on login. This requires
 174 #   you also to set up the very crude fixup.sh cronjob for root.
 175 # * 'ACL' for a model based on POSIX ACL: The directories are coupled with ACLs
 176 #   listing the users with push permissions. This works for both chroot and
 177 #   non-chroot setups, however it requires ACL support within the filesystem.
 178 #   This option is BASICALLY UNTESTED, too. And UNIMPLEMENTED. :-)
 179 # * 'Hooks' for a relaxed model: The directories are world-writable and push
 180 #   permission control is purely hook-driven. This is INSECURE and works only
 181 #   when you trust all your users; on the other hand, the attack vectors are
 182 #   mostly just DoS or fully-traceable tinkering.
 183 our $permission_control = 'Group';
 184
 185
 186 # Couple of sanity checks
 187 ($mirror or $push) or die "Girocco::Config: neither \$mirror or \$push is set?!";
 188 (not $push or ($pushurl or $gitpullurl or $httppullurl)) or die "Girocco::Config: no pull URL is set";
 189 (not $push or $pushurl) or die "Girocco::Config: \$push set but \$pushurl is undef";
 190 (not $mirror or $mirror_user) or die "Girocco::Config: \$mirror set but \$mirror_user is undef";
 191 ($manage_users == $chrooted) or die "Girocco::Config: \$manage_users and \$chrooted must be set to the same value";
 192 (not $chrooted or $permission_control ne 'ACL') or die "Girocco::Config: resolving uids for ACL not supported when using chroot";
 193 (grep { $permission_control eq $_ } qw(Group Hooks)) or die "Girocco::Config: \$permission_control must be set to Group or Hooks";
 194 ($chrooted or not $mob) or die "Girocco::Config: mob user supported only in the chrooted mode";
 195
 196
 197 1;