1 package Girocco
::Config
;
10 our $name = "repo.or.cz";
12 # Title of the service (as shown in gitweb)
13 our $title = "Public Git Hosting";
15 # Path to the Git binary to use (you MUST set this, even if to /usr/bin/git!)
16 our $git_bin = '/usr/bin/git';
18 # E-mail of the site admin
19 our $admin = 'pasky@suse.cz';
24 # Enable mirroring mode if true
27 # Enable push mode if true
30 # Enable user management if true
31 our $manage_users = 1;
33 # Enable the special 'mob' user if set to 'mob'
36 # Let users set admin passwords; if false, all password inputs are assumed empty.
37 # This will make new projects use empty passwords and all operations on them
38 # unrestricted, but you will be able to do no operations on previously created
39 # projects you have set a password on.
40 our $project_passwords = 1;
42 # How to determine project owner; 'email' adds a form item asking for their
43 # email contact, 'source' takes realname of owner of source repository if it
44 # is a local path (and empty string otherwise).
45 our $project_owners = 'email';
47 # Which project fields to make editable, out of 'shortdesc', 'homepage',
49 our @project_fields = qw(homepage shortdesc README);
54 # Path to the Girocco files (checkout of this project)
55 # This will get COMPLETELY OVERWRITTEN by each make install!
56 our $basedir = '/home/repo/repomgr';
58 # The repository collection
59 our $reporoot = "/srv/git";
61 # The chroot for ssh pushing; location for project database even in non-chroot
63 our $chroot = "/home/repo/j";
65 # The gitweb files web directory (corresponds to $gitwebfiles)
66 our $webroot = "/home/repo/WWW";
68 # The CGI-enabled web directory (corresponds to $gitweburl and $webadmurl)
69 our $cgiroot = "/home/repo/WWW";
71 # A web-accessible symlink to $reporoot (corresponds to $httppullurl, can be undef)
72 our $webreporoot = "/home/repo/WWW/r";
77 # URL of the gitweb.cgi script (must be in pathinfo mode)
78 our $gitweburl = "http://repo.or.cz/w";
80 # URL of the extra gitweb files (CSS, .js files, images, ...)
81 our $gitwebfiles = "http://repo.or.cz/";
83 # URL of the Girocco CGI web admin interface (Girocco cgi/ subdirectory)
84 our $webadmurl = "http://repo.or.cz/";
86 # URL of the Girocco CGI html templater (Girocco cgi/html.cgi)
87 our $htmlurl = "http://repo.or.cz/h";
89 # HTTP URL of the repository collection (undef if N/A)
90 our $httppullurl = "http://repo.or.cz/r";
92 # Git URL of the repository collection (undef if N/A)
93 our $gitpullurl = "git://repo.or.cz/";
95 # Pushy URL of the repository collection (undef if N/A)
96 our $pushurl = "ssh://repo.or.cz/srv/git";
98 # URL of gitweb of this Girocco instance (set to undef if you're not nice
100 our $giroccourl = "$Girocco::Config::gitweburl/repo.git";
103 ## Some templating settings
105 # Legal warning (on reguser and regproj pages)
106 our $legalese = <<EOT;
107 <p>By submitting this form, you are confirming that you will mirror or push
108 only free software and redistributing it will not violate any law
110 <sup><a href="$Girocco::Config::htmlurl/about.html">(more details)</a></sup>
114 # Pre-configured mirror sources (set to undef for none)
115 # Arrayref of name - record pairs, the record has these attributes:
116 # label: The label of this source
117 # url: The template URL; %1, %2, ... will be substituted for inputs
118 # desc: Optional VERY short description
119 # link: Optional URL to make the desc point at
120 # inputs: Arrayref of hashref input records:
121 # label: Label of input record
122 # suffix: Optional suffix
123 # If the inputs arrayref is undef, single URL input is shown,
124 # pre-filled with url (probably empty string).
125 our $mirror_sources = [
129 desc
=> 'Any HTTP/Git/rsync pull URL - bring it on!',
134 url
=> 'git://github.com/%1/%2.git',
135 desc
=> 'GitHub Social Code Hosting',
136 link => 'http://github.com/',
137 inputs
=> [ { label
=> 'User:' }, { label
=> 'Project:', suffix
=> '.git' } ]
140 label
=> 'Gitorious',
141 url
=> 'git://gitorious.org/%1/%2.git',
142 desc
=> 'Green and Orange Boxes',
143 link => 'http://gitorious.org/',
144 inputs
=> [ { label
=> 'Project:' }, { label
=> 'Repository:', suffix
=> '.git' } ]
149 ## Permission settings
151 # Note that if you are going to need the fixup root cronjob
152 # ($chrooted and $permission_control eq 'Group'), you need to update
153 # the settings in jobs/fixup.sh as well.
155 # Girocco needs some way to manipulate write permissions to various parts of
156 # all repositories; this concerns three entities:
157 # - www-data: the web interface needs to be able to rewrite few files within
159 # - repo: a user designated for cronjobs; handles mirroring and repacking;
160 # this one is optional if not $mirror
161 # - others: the designated users that are supposed to be able to push
163 # There are several ways how to use Girocco based on a combination of the
164 # following settings.
166 # (Non-chroot) UNIX user the CGI scripts run on
167 our $cgi_user = 'www-data';
169 # (Non-chroot) UNIX user performing mirroring jobs
170 our $mirror_user = 'repo';
172 # (Non-chroot) UNIX group owning the repositories by default; it owns whole
173 # mirror repositories and at least web-writable metadata of push repositories.
174 # If you undefine this, all the data will become WORLD-WRITABLE.
175 # Both $cgi_user and $mirror_user should be members of this group.
176 our $owning_group = 'repo';
178 # Whether to use chroot jail for pushing; this must be always the same
180 # TODO: Gitosis support for $manage_users and not $chrooted?
181 our $chrooted = $manage_users;
183 # How to control permissions of push-writable data in push repositories:
184 # * 'Group' for the traditional model: The $chroot/etc/group project database
185 # file is used as the UNIX group(5) file; the directories have gid appropriate
186 # for the particular repository and are group-writable. This works only if
187 # $chrooted so that users are put in the proper groups on login. This requires
188 # you also to set up the very crude fixup.sh cronjob for root.
189 # * 'ACL' for a model based on POSIX ACL: The directories are coupled with ACLs
190 # listing the users with push permissions. This works for both chroot and
191 # non-chroot setups, however it requires ACL support within the filesystem.
192 # This option is BASICALLY UNTESTED, too. And UNIMPLEMENTED. :-)
193 # * 'Hooks' for a relaxed model: The directories are world-writable and push
194 # permission control is purely hook-driven. This is INSECURE and works only
195 # when you trust all your users; on the other hand, the attack vectors are
196 # mostly just DoS or fully-traceable tinkering.
197 our $permission_control = 'Group';
200 # Couple of sanity checks
201 ($mirror or $push) or die "Girocco::Config: neither \$mirror or \$push is set?!";
202 (not $push or ($pushurl or $gitpullurl or $httppullurl)) or die "Girocco::Config: no pull URL is set";
203 (not $push or $pushurl) or die "Girocco::Config: \$push set but \$pushurl is undef";
204 (not $mirror or $mirror_user) or die "Girocco::Config: \$mirror set but \$mirror_user is undef";
205 ($manage_users == $chrooted) or die "Girocco::Config: \$manage_users and \$chrooted must be set to the same value";
206 (not $chrooted or $permission_control ne 'ACL') or die "Girocco::Config: resolving uids for ACL not supported when using chroot";
207 (grep { $permission_control eq $_ } qw(Group Hooks)) or die "Girocco::Config: \$permission_control must be set to Group or Hooks";
208 ($chrooted or not $mob) or die "Girocco::Config: mob user supported only in the chrooted mode";