1 package Girocco
::Config
;
14 our $name = "GiroccoEx";
16 # Nickname of the service (undef for initial part of $name upto first '.')
17 our $nickname = undef;
19 # Title of the service (as shown in gitweb)
20 our $title = "Example Girocco Hosting";
22 # Path to the Git binary to use (you MUST set this, even if to /usr/bin/git!)
23 our $git_bin = '/usr/bin/git';
25 # Path to the git-daemon binary to use (undef to use default)
26 # If $gitpullurl is undef this will never be used (assuming no git inetd
27 # service has been set up in that case).
28 # The default if this is undef is `$git_bin --exec-path`/git-daemon
29 our $git_daemon_bin = undef;
31 # Path to the git-http-backend binary to use (undef to use default)
32 # If both $httppullurl and $httpspushurl are undef this will never be used
33 # The default if this is undef is `$git_bin --exec-path`/git-http-backend
34 our $git_http_backend_bin = undef;
36 # Name (if in $PATH) or full path to netcat executable that accepts a -U option
37 # to connect to a unix socket. This may simply be 'nc' on many systems.
38 our $nc_openbsd_bin = 'nc.openbsd';
40 # Path to the sendmail instance to use. It should understand the -f <from>, -i and -t
41 # options as well as accepting a list of recipient addresses in order to be used here.
42 # You MUST set this, even if to '/usr/sbin/sendmail'!
43 # Setting this to 'sendmail.pl' is special and will automatically be expanded to
44 # a full path to the ../bin/sendmail.pl executable in this Girocco installation.
45 # sendmail.pl is a sendmail-compatible script that delivers the message directly
46 # using SMTP to a mail relay host. This is the recommended configuration as it
47 # minimizes the information exposed to recipients (no sender account names or uids),
48 # can talk to an SMTP server on another host (eliminating the need for a working
49 # sendmail and/or SMTP server on this host) and avoids any unwanted address rewriting.
50 # By default it expects the mail relay to be listening on localhost port 25.
51 # See the sendmail.pl section below for more information on configuring sendmail.pl.
52 our $sendmail_bin = 'sendmail.pl';
54 # E-mail of the site admin
55 our $admin = 'admin@example.org';
58 # This is the SMTP 'MAIL FROM:' value
59 # It will be passed to $sendmail_bin with the -f option
60 # Some sites may not allow non-privileged users to pass the -f option to
61 # $sendmail_bin. In that case set this to undef and no -f option will be
62 # passed which means the 'MAIL FROM:' value will be the user the mail is
63 # sent as (either $cgi_user or $mirror_user depending on the activity).
64 # To avoid having bounce emails go to $admin, this may be set to something
65 # else such as 'admin-noreply@example.org' and then the 'admin-noreply' address
66 # may be redirected to /dev/null. Setting this to '' or '<>' is not
67 # recommended because that will likely cause the emails to be marked as SPAM
68 # by the receiver's SPAM filter. If $sendmail_bin is set to 'sendmail.pl' this
69 # value must be acceptable to the receiving SMTP server as a 'MAIL FROM:' value.
70 # If this is set to undef and 'sendmail.pl' is used, the 'MAIL FROM:' value will
71 # be the user the mail is sent as (either $cgi_user or $mirror_user).
74 # Copy $admin on failure/recovery messages?
77 # Girocco branch to use for html.cgi view source links (undef for HEAD)
78 our $giroccobranch = undef;
82 ## ----------------------
83 ## Git user agent strings
84 ## ----------------------
87 # Git clients (i.e. fetch/clone) always send a user agent string when fetching
88 # over HTTP. Since version 1.7.12.1 an 'agent=' capability string is included
89 # as well which affects git:, smart HTTP and ssh: protocols.
91 # These settings allow the default user agent string to be changed independently
92 # for fetch/clone operations (only matters if $mirror is true) and server
93 # operations (some other Git client fetching from us). Note that it is not
94 # possible to suppress the capability entirely although it can be set to an
95 # empty string. If these values are not set, the default user agent string
96 # will be used. Typically (unless Git was built with non-standard options) the
97 # default is "git/" plus the version. So for example "git/1.8.5.6" or
98 # "git/2.1.4" might be seen.
100 # One might want to change the default user agent strings in order to prevent
101 # an attacker from learning the exact Git version being used to avoid being
102 # able to quickly target any version-specific vulnerabilities. Note that
103 # no matter what's set here, an attacker can easily determine whether a server
104 # is running JGit, libgit2 or Git and for Git whether it's version 1.7.12.1 or
105 # later. A reasonable value to hide the exact Git version number while
106 # remaining compatible with servers that require a "Git/" user agent string
107 # would be something like "git/2" or even just "git/".
109 # The GIT_USER_AGENT value to use when acting as a client (i.e. clone/fetch)
110 # This value is only used if $mirror is true and at least one mirror is set up.
111 # Setting this to the empty string will suppress the HTTP User-Agent header,
112 # but will still include an "agent=" capability in the packet protocol. The
113 # empty string is not recommended because some servers match on "git/".
114 # Leave undef to use the default Git user agent string
115 # IMPORTANT: some server sites will refuse to serve up Git repositories unless
116 # the client user agent string contains "Git/" (matched case insensitively)!
117 our $git_client_ua = undef;
119 # The GIT_USER_AGENT value to use when acting as a server (i.e. some Git client
120 # is fetching/cloning from us).
121 # Leave undef to use the default Git user agent string
122 our $git_server_ua = undef;
131 # Enable mirroring mode if true (see "Foreign VCS mirrors" section below)
134 # Enable push mode if true
137 # If both $mirror and $push are enabled, setting this to 'mirror' pre-selects
138 # mirror mode on the initial regproj display, otherwise 'push' mode will be
139 # pre-selected. When forking the initial mode will be 'push' if $push enabled.
140 our $initial_regproj_mode = 'mirror';
142 # Enable user management if true; this means the interface for registering
143 # user accounts and uploading SSH keys. This implies full chroot.
144 our $manage_users = 1;
146 # Minimum key length (in bits) for uploaded SSH RSA/DSA keys.
147 # If this is not set (i.e. undef) keys as small as 512 bits will be allowed.
148 # Nowadays keys less than 2048 bits in length should probably not be allowed.
149 # Note, however, that versions of OpenSSH starting with 4.3p1 will only generate
150 # DSA keys of exactly 1024 bits in length even though that length is no longer
151 # recommended. (OpenSSL can be used to generate DSA keys with lengths > 1024.)
152 # OpenSSH does not have any problem generating RSA keys longer than 1024 bits.
153 # This setting is only checked when new keys are added so setting it/increasing it
154 # will not affect existing keys. For maximum compatibility a value of 1024 may
155 # be used however 2048 is recommended. Setting it to anything other than 1024,
156 # 2048 or 3072 may have the side effect of making it very difficult to generate
157 # DSA keys that satisfy the restriction (but RSA keys should not be a problem).
158 # Note that no matter what setting is specified here keys smaller than 512 bits
159 # will never be allowed via the reguser.cgi/edituser.cgi interface.
160 # RECOMMENDED VALUE: 2048 (ok) or 3072 (better)
161 our $min_key_length = 1024;
163 # Disable DSA public keys?
164 # If this is set to 1, adding DSA keys at reguser.cgi/edituser.cgi time will be
165 # prohibited. If $pushurl is undef then this is implicitly set to 1 since DSA
166 # keys are not usable with https push.
167 # OpenSSH will only generate 1024 bit DSA keys starting with version 4.3p1.
168 # Even if OpenSSL is used to generate a longer DSA key (which can then be used
169 # with OpenSSH), the SSH protocol itself still forces use of SHA-1 in the DSA
170 # signature blob which tends to defeat the purpose of going to a longer key in
171 # the first place. So it may be better from a security standpoint to simply
172 # disable DSA keys especially if $min_key_length and $rsakeylength have been set
173 # to something higher such as 3072 or 4096. This setting is only checked when
174 # new keys are added so setting it/increasing it will not affect existing keys.
175 # There is no way to disable DSA keys in the OpenSSH server config file itself.
176 # If this is set to 1, no ssh_host_dsa_key will be generated or used with the
177 # sshd running in the jail (but if the sshd_config has already been generated
178 # in the jail, it must be removed and 'sudo make install' run again or otherwise
179 # the sshd_config needs to be edited by hand for the change to take effect).
180 # RECOMMENDED VALUE: 1
181 our $disable_dsa = 0;
183 # Enable the special 'mob' user if set to 'mob'
186 # Let users set admin passwords; if false, all password inputs are assumed empty.
187 # This will make new projects use empty passwords and all operations on them
188 # unrestricted, but you will be able to do no operations on previously created
189 # projects you have set a password on.
190 our $project_passwords = 1;
192 # How to determine project owner; 'email' adds a form item asking for their
193 # email contact, 'source' takes realname of owner of source repository if it
194 # is a local path (and empty string otherwise). 'source' is suitable in case
195 # the site operates only as mirror of purely local-filesystem repositories.
196 our $project_owners = 'email';
198 # Which project fields to make editable, out of 'shortdesc', 'homepage',
199 # 'README', 'notifymail', 'notifytag', 'notifyjson' and 'notifycia'.
200 our @project_fields = qw(homepage shortdesc README notifymail notifytag notifyjson notifycia);
202 # Minimal number of seconds to pass between two updates of a project.
203 our $min_mirror_interval = 3600; # 1 hour
205 # Minimal number of seconds to pass between two garbage collections of a project.
206 our $min_gc_interval = 604800; # 1 week
208 # Maximum window memory size when repacking. If this is set, it will be used
209 # instead of the automatically computed value if it's less than that value.
210 # May use a 'k', 'm', or 'g' suffix otherwise value is in bytes.
211 our $max_gc_window_memory_size = undef;
213 # Whether or not to run the ../bin/update-pwd-db script whenever the etc/passwd
214 # database is changed. This is typically needed (i.e. set to a true value) for
215 # FreeBSD style systems when using an sshd chroot jail for push access. So if
216 # $pushurl is undef or the system Girocco is running on is not like FreeBSD
217 # (e.g. a master.passwd file that must be transformed into pwd.db and spwd.db), then
218 # this setting should normally be left false (i.e. 0). See comments in the
219 # provided ../bin/update-pwd-db script about when and how it's invoked.
220 our $update_pwd_db = 0;
222 # Port the sshd running in the jail should listen on
223 # Be sure to update $pushurl to match
224 # Not used if $pushurl is undef
225 our $sshd_jail_port = 22;
227 # If this is true then host names used in mirror source URLs will be checked
228 # and any that are not DNS names (i.e. IPv4 or IPv6) or match one of the DNS
229 # host names in any of the URL settings below will be rejected.
230 our $restrict_mirror_hosts = 1;
232 # If $restrict_mirror_hosts is enabled this is the minimum number of labels
233 # required in a valid dns name. Normally 2 is the correct value, but if
234 # Girocco is being used internally where a common default or search domain
235 # is set for everyone then this should be changed to 1 to allow a dns name
236 # with a single label in it. No matter what is set here at least 1 label
237 # is always required when $restrict_mirror_hosts is enabled.
238 our $min_dns_labels = 2;
240 # If $xmllint_readme is true then the contents of the README.html section
241 # will be passed through xmllint and any errors must be corrected before
242 # it can be saved. If this is set to true then xmllint must be in the $PATH.
243 # RECOMMENDED VALUE: 1
244 our $xmllint_readme = 0;
248 ## -------------------
249 ## Foreign VCS mirrors
250 ## -------------------
253 # Note that if any of these settings are changed from true to false, then
254 # any pre-existing mirrors using the now-disabled foreign VCS will stop
255 # updating, new mirrors using the now-disabled foreign VCS will be disallowed
256 # and attempts to update ANY project settings for a pre-existing project that
257 # uses a now-disabled foreign VCS source URL will also be disallowed.
259 # If $mirror is true and $mirror_svn is true then mirrors from svn source
260 # repositories will be allowed (and be converted to Git). These URLs have
261 # the form svn://... or svn+http://... or svn+https://...
262 # Note that for this to work the "svn" command line command must be available
263 # in PATH and the "git svn" commands must work (which generally requires both
264 # Perl and the subversion perl bindings be installed).
267 # Prior to Git v1.5.1, git-svn always used a log window size of 1000.
268 # Starting with Git v1.5.1, git-svn defaults to using a log window size of 100
269 # and provides a --log-window-size= option to change it. Starting with Git
270 # v2.2.0, git-svn disconnects and reconnects to the server every log window size
271 # interval to attempt to reduce memory use by git-svn. If $svn_log_window_size
272 # is undefined, Girocco will use a log window size of 250 (instead of the
273 # the default 100). If $svn_log_window_size is set, Girocco will use that
274 # value instead. Beware that setting it too low (i.e. < 50) will almost
275 # certainly cause performance issues if not failures. Unless there are concerns
276 # about git-svn memory use on a server with extremely limited memory, the
277 # value of 250 that Girocco uses by default should be fine. Obviously if
278 # $mirror or $mirror_svn is false this setting is irrelevant.
279 our $svn_log_window_size = undef;
281 # If $mirror is true and $mirror_darcs is true then mirrors from darcs source
282 # repositories will be allowed (and be converted to Git). These URLs have
283 # the form darcs://...
284 # Note that for this to work the "darcs" command line command must be available
285 # in PATH and so must python (required to run the darcs-fast-export script).
286 our $mirror_darcs = 1;
288 # If $mirror is true and $mirror_bzr is true then mirrors from bzr source
289 # repositories will be allowed (and be converted to Git). These URLs have
291 # Note that for this to work the "bzr" command line command must be available
292 # in PATH (it's a python script so python is required as well).
295 # If $mirror is true and $mirror_hg is true then mirrors from hg source
296 # repositories will be allowed (and be converted to Git). These URLs have
297 # the form hg+http://... or hg+https://...
298 # Note that for this to work the "hg" command line command must be available
299 # in PATH and so must python (required to run the hg-fast-export.py script).
300 # Note that if the PYTHON environment variable is set that will be used instead
301 # of just plain "python" to run the hg-fast-export.py script (which needs to
302 # be able to import from mercurial).
312 # Path where the main chunk of Girocco files will be installed
313 # This will get COMPLETELY OVERWRITTEN by each make install!!!
314 our $basedir = '/home/repo/repomgr';
316 # Path where the automatically generated non-user certificates will be stored
317 # (The per-user certificates are always stored in $chroot/etc/sshcerts/)
318 # This is preserved by each make install and MUST NOT be under $basedir!
319 # Not used unless $httpspushurl is defined
320 our $certsdir = '/home/repo/certs';
322 # The repository collection
323 # "$reporoot/_recyclebin" will also be created for use by toolbox/trash-project.pl
324 our $reporoot = "/srv/git";
326 # The repository collection's location within the chroot jail
327 # Normally $reporoot will be bind mounted onto $chroot/$jailreporoot
328 # Should NOT start with '/'
329 our $jailreporoot = "srv/git";
331 # The chroot for ssh pushing; location for project database and other run-time
332 # data even in non-chroot setups
333 our $chroot = "/home/repo/j";
335 # The gitweb files web directory (corresponds to $gitwebfiles)
336 # Note that it is safe to place this under $basedir since it's set up after
337 # $basedir is completely replaced during install time. Be WARNED, however,
338 # that normally the install process only adds/replaces things in $webroot,
339 # but if $webroot is under $basedir then it will be completely removed and
340 # rebuilt each time "make install" is run. This will make gitweb/git-browser
341 # web services very briefly unavailable while this is happening.
342 our $webroot = "/home/repo/www";
344 # The CGI-enabled web directory (corresponds to $gitweburl and $webadmurl)
345 # This will not be web-accessible except that if any aliases point to
346 # a *.cgi file in here it will be allowed to run as a cgi-script.
347 # Note that it is safe to place this under $basedir since it's set up after
348 # $basedir is completely replaced during install time. Be WARNED, however,
349 # that normally the install process only adds/replaces things in $cgiroot,
350 # but if $cgiroot is under $basedir then it will be completely removed and
351 # rebuilt each time "make install" is run. This will make gitweb/git-browser
352 # web services very briefly unavailable while this is happening.
353 our $cgiroot = "/home/repo/cgibin";
355 # A web-accessible symlink to $reporoot (corresponds to $httppullurl, can be undef)
356 # If using the sample apache.conf (with paths suitably updated) this is not required
357 # to serve either smart or non-smart HTTP repositories to the Git client
358 our $webreporoot = "/home/repo/www/r";
360 # The location to store the project list cache, gitweb project list and gitweb
361 # cache file. Normally this should not be changed. Note that it must be in
362 # a directory that is writable by $mirror_user and $cgi_user (just in case the
363 # cache file is missing). The directory should have its group set to $owning_group.
364 # Again, this setting should not normally need to be changed.
365 our $projlist_cache_dir = "$chroot/etc";
369 ## ----------------------------------------------------
370 ## Certificates (only used if $httpspushurl is defined)
371 ## ----------------------------------------------------
374 # path to root certificate (undef to use automatic root cert)
375 # this certificate is made available for easy download and should be whatever
376 # the root certificate is for the https certificate being used by the web server
377 our $rootcert = undef;
379 # The certificate to sign user push client authentication certificates with (undef for auto)
380 # The automatically generated certificate should always be fine
381 our $clientcert = undef;
383 # The private key for $clientcert (undef for auto)
384 # The automatically generated key should always be fine
385 our $clientkey = undef;
387 # The client certificate chain suffix (a pemseq file to append to user client certs) (undef for auto)
388 # The automatically generated chain should always be fine
389 # This suffix will also be appended to the $mobusercert before making it available for download
390 our $clientcertsuffix = undef;
392 # The mob user certificate signed by $clientcert (undef for auto)
393 # The automatically generated certificate should always be fine
394 # Not used unless $mob is set to 'mob'
395 # The $clientcertsuffix will be appended before making $mobusercert available for download
396 our $mobusercert = undef;
398 # The private key for $mobusercert (undef for auto)
399 # The automatically generated key should always be fine
400 # Not used unless $mob is set to 'mob'
401 our $mobuserkey = undef;
403 # Server alt names to embed in the auto-generated girocco_www_crt.pem certificate.
404 # The common name (CN) in the server certificate is the host name from $httpspushurl.
405 # By default no server alt names are embedded (not even the host from $httpspushurl).
406 # If the web server configuration is not using this auto-generated server certificate
407 # then the values set here will have no impact and this setting can be ignored.
408 # To embed server alternative names, list each (separated by spaces). The names
409 # may be DNS names, IPv4 addresses or IPv6 addresses (NO surrounding '[' ']' please).
410 # If ANY DNS names are included here be sure to also include the host name from
411 # the $httpspushurl or else standards-conforming clients will fail with a host name
412 # mismatch error when they attempt to verify the connection.
413 #our $wwwcertaltnames = 'example.com www.example.com git.example.com 127.0.0.1 ::1';
414 our $wwwcertaltnames = undef;
416 # The key length for automatically generated RSA private keys (in bits).
417 # These keys are then used to create the automatically generated certificates.
418 # If undef or set to a value less than 2048, then 2048 will be used.
419 # Set to 3072 to generate more secure keys/certificates. Set to 4096 (or higher) for
420 # even greater security. Be warned that setting to a non-multiple of 8 and/or greater
421 # than 4096 could negatively impact compatibility with some clients.
422 # The values 2048, 3072 and 4096 are expected to be compatible with all clients.
423 # Note that OpenSSL has no problem with > 4096 or non-multiple of 8 lengths.
424 # See also the $min_key_length setting above to restrict user key sizes.
425 # This value is also used when generating the ssh_host_rsa_key for the chroot jail sshd.
426 # RECOMMENDED VALUE: 3072
427 our $rsakeylength = undef;
436 # URL of the gitweb.cgi script (must be in pathinfo mode)
437 # If mod_rewrite is enabled and the sample apache.conf configuration is used
438 # (with paths suitably updated), the trailing "/w" is optional for all browsers
439 # that send a User-Agent string WITHOUT (case insensitively) "git/". Alternatively
440 # a minor change to the sample apache.conf can redirect (301 or 302) URLs without
441 # the "/w" to a URL with it where appropriate.
442 our $gitweburl = "http://repo.or.cz/w";
444 # URL of the extra gitweb files (CSS, .js files, images, ...)
445 our $gitwebfiles = "http://repo.or.cz";
447 # URL of the Girocco CGI web admin interface (Girocco cgi/ subdirectory)
448 # e.g. reguser.cgi, edituser.cgi, regproj.cgi, editproj.cgi etc.
449 our $webadmurl = "http://repo.or.cz";
451 # URL of the Girocco CGI bundles information generator (Girocco cgi/bundles.cgi)
452 # If mod_rewrite is enabled and the sample apache.conf configuration is used
453 # (with paths suitably updated), the trailing "/b" is optional for all browsers
454 # that send a User-Agent string WITHOUT (case insensitively) "git/". Alternatively
455 # a minor change to the sample apache.conf can redirect (301 or 302) URLs without
456 # the "/b" to a URL with it where appropriate.
457 # This is different from $httpbundleurl. This URL lists all available bundles
458 # for a project and returns that as an HTML page.
459 our $bundlesurl = "http://repo.or.cz/b";
461 # URL of the Girocco CGI html templater (Girocco cgi/html.cgi)
462 # If mod_rewrite is enabled and the sample apache.conf configuration is used
463 # (with paths suitably updated), the trailing "/h" is optional for all clients
464 # when the template file name ends in ".html" (which all the provided ones do).
465 our $htmlurl = "http://repo.or.cz/h";
467 # HTTP URL of the repository collection (undef if N/A)
468 # If mod_rewrite is enabled and the sample apache.conf configuration is used
469 # (with paths suitably updated), the trailing "/r" is optional for Git clients
470 # that send a User-Agent string containing "git/" (case insensitively).
471 our $httppullurl = "http://repo.or.cz/r";
473 # HTTP URL of the repository collection when fetching a bundle (undef if N/A)
474 # Normally this will be the same as $httppullurl, but note that the bundle
475 # fetching logic is located in git-http-backend-verify so whatever URL is
476 # given here MUST end up running the git-http-backend-verify script!
477 # For example, if we're fetching the 'clone.bundle' for the 'girocco.git'
478 # repository, the final URL will be "$httpbundleurl/girocco.git/clone.bundle"
479 # If mod_rewrite is enabled and the sample apache.conf configuration is used
480 # (with paths suitably updated), the trailing "/r" is optional for all clients.
481 # This is different from $bundlesurl. This URL fetches a single Git-format
482 # .bundle file that is only usable with the 'git bundle' command.
483 our $httpbundleurl = "http://repo.or.cz/r";
485 # HTTPS push URL of the repository collection (undef if N/A)
486 # If this is defined, the openssl command must be available
487 # The sample apache.conf configuration requires mod_rewrite be enabled to
488 # support https push operations.
489 # Normally this should be set to $httppullurl with http: replaced with https:
490 # If the sample apache.conf configuration is used (with paths suitably updated),
491 # the trailing "/r" is optional for Git clients that send a User-Agent string
492 # containing "git/" (case insensitively).
493 our $httpspushurl = undef;
495 # Git URL of the repository collection (undef if N/A)
496 # (You need to set up git-daemon on your system, and Girocco will not
497 # do this particular thing for you.)
498 our $gitpullurl = "git://repo.or.cz";
500 # Pushy SSH URL of the repository collection (undef if N/A)
501 # Note that the "/$jailreporoot" portion is optional and will be automatically
502 # added if appropriate when omitted by the client so this URL can typically
503 # be made the same as $gitpullurl with git: replaced with ssh:
504 our $pushurl = "ssh://repo.or.cz/$jailreporoot";
506 # URL of gitweb of this Girocco instance (set to undef if you're not nice
508 our $giroccourl = "$Girocco::Config::gitweburl/girocco.git";
512 ## ------------------------
513 ## Some templating settings
514 ## ------------------------
517 # Legal warning (on reguser and regproj pages)
518 our $legalese = <<EOT;
519 <p>By submitting this form, you are confirming that you will mirror or push
520 only what we can store and show to anyone else who can visit this site without
521 breaking any law, and that you will be nice to all small furry animals.
522 <sup><a href="/h/about.html">(more details)</a></sup>
526 # Pre-configured mirror sources (set to undef for none)
527 # Arrayref of name - record pairs, the record has these attributes:
528 # label: The label of this source
529 # url: The template URL; %1, %2, ... will be substituted for inputs
530 # desc: Optional VERY short description
531 # link: Optional URL to make the desc point at
532 # inputs: Arrayref of hashref input records:
533 # label: Label of input record
534 # suffix: Optional suffix
535 # If the inputs arrayref is undef, single URL input is shown,
536 # pre-filled with url (probably empty string).
537 our $mirror_sources = [
541 desc
=> 'Any HTTP/Git/rsync pull URL - bring it on!',
546 url
=> 'git://github.com/%1/%2.git',
547 desc
=> 'GitHub Social Code Hosting',
548 link => 'http://github.com/',
549 inputs
=> [ { label
=> 'User:' }, { label
=> 'Project:', suffix
=> '.git' } ]
552 label
=> 'Gitorious',
553 url
=> 'git://gitorious.org/%1/%2.git',
554 desc
=> 'Green and Orange Boxes',
555 link => 'http://gitorious.org/',
556 inputs
=> [ { label
=> 'Project:' }, { label
=> 'Repository:', suffix
=> '.git' } ]
560 # You can customize the gitweb interface widely by editing
561 # gitweb/gitweb_config.perl
565 ## -------------------
566 ## Permission settings
567 ## -------------------
570 # Girocco needs some way to manipulate write permissions to various parts of
571 # all repositories; this concerns three entities:
572 # - www-data: the web interface needs to be able to rewrite few files within
574 # - repo: a user designated for cronjobs; handles mirroring and repacking;
575 # this one is optional if not $mirror
576 # - others: the designated users that are supposed to be able to push; they
577 # may have account either within chroot, or outside of it
579 # There are several ways how to use Girocco based on a combination of the
580 # following settings.
582 # (Non-chroot) UNIX user the CGI scripts run on; note that if some non-related
583 # untrusted CGI scripts run on this account too, that can be a big security
584 # problem and you'll probably need to set up suexec (poor you).
585 # This must always be set.
586 our $cgi_user = 'www-data';
588 # (Non-chroot) UNIX user performing mirroring jobs; this is the user who
589 # should run all the daemons and cronjobs and
590 # the user who should be running make install (if not root).
591 # This must always be set.
592 our $mirror_user = 'repo';
594 # (Non-chroot) UNIX group owning the repositories by default; it owns whole
595 # mirror repositories and at least web-writable metadata of push repositories.
596 # If you undefine this, all the data will become WORLD-WRITABLE.
597 # Both $cgi_user and $mirror_user should be members of this group!
598 our $owning_group = 'repo';
600 # Whether to use chroot jail for pushing; this must be always the same
602 # TODO: Gitosis support for $manage_users and not $chrooted?
603 our $chrooted = $manage_users;
605 # How to control permissions of push-writable data in push repositories:
606 # * 'Group' for the traditional model: The $chroot/etc/group project database
607 # file is used as the UNIX group(5) file; the directories have gid appropriate
608 # for the particular repository and are group-writable. This works only if
609 # $chrooted so that users are put in the proper groups on login when using
610 # SSH push. Smart HTTPS push does not require a chroot to work -- simply
611 # run "make install" as the non-root $mirror_user user, but leave
612 # $manage_users and $chrooted enabled.
613 # * 'ACL' for a model based on POSIX ACL: The directories are coupled with ACLs
614 # listing the users with push permissions. This works for both chroot and
615 # non-chroot setups, however it requires ACL support within the filesystem.
616 # This option is BASICALLY UNTESTED, too. And UNIMPLEMENTED. :-)
617 # * 'Hooks' for a relaxed model: The directories are world-writable and push
618 # permission control is purely hook-driven. This is INSECURE and works only
619 # when you trust all your users; on the other hand, the attack vectors are
620 # mostly just DoS or fully-traceable tinkering.
621 our $permission_control = 'Group';
623 # Path to alternate screen multiuser acl file (see screen/README, undef for none)
624 our $screen_acl_file = undef;
626 # Reserved project name and user name suffixes.
628 # Note that with personal mob branches enabled, a user name can end up being a
629 # file name after having a 'mob.' prefix added or a directory name after having
630 # a 'mob_' prefix added. If there is ANY possibility that a file with a
631 # .suffix name may need to be served by the web server, lc(suffix) SHOULD be in
632 # this hash! Pre-existing project names or user names with a suffix in this
633 # table can continue to be used, but no new projects or users can be created
634 # that have a suffix (case-insensitive) listed here.
635 our %reserved_suffixes = (
636 # Entries must be lowercase WITHOUT a leading '.'
674 ## -------------------------
675 ## sendmail.pl configuration
676 ## -------------------------
679 # Full information on available sendmail.pl settings can be found by running
680 # ../bin/sendmail.pl -v -h
682 # These settings will only used if $sendmail_bin is set to 'sendmail.pl'
684 # sendmail.pl host name
685 #$ENV{'SENDMAIL_PL_HOST'} = 'localhost'; # localhost is the default
687 # sendmail.pl port name
688 #$ENV{'SENDMAIL_PL_PORT'} = '25'; # port 25 is the default
690 # sendmail.pl nc executable
691 #$ENV{'SENDMAIL_PL_NCBIN'} = "$chroot/bin/nc.openbsd"; # default is nc found in $PATH
693 # sendmail.pl nc options
694 # multiple options may be included, e.g. '-4 -X connect -x 192.168.100.10:8080'
695 #$ENV{'SENDMAIL_PL_NCOPT'} = '-4'; # force IPv4, default is to allow IPv4 & IPv6
699 ## -------------------------
700 ## Obscure Tuneable Features
701 ## -------------------------
704 # Throttle classes configured here override the defaults for them that
705 # are located in taskd/taskd.pl. See comments in that file for more info.
706 our @throttle_classes = ();
710 ## ------------------------
711 ## Sanity checks & defaults
712 ## ------------------------
714 # Changing anything in this section can result in unexpected breakage
716 # Couple of sanity checks and default settings (do not change these)
717 use Digest
::MD5
qw(md5);
718 use MIME
::Base64
qw(encode_base64);
719 $nickname = (split(/[.]/, $name))[0] unless $nickname;
720 our $tmpsuffix = substr(encode_base64
(md5
($name.':'.$nickname)),0,6);
721 $tmpsuffix =~ tr
,+/,=_
,;
722 ($mirror_user) or die "Girocco::Config: \$mirror_user must be set even if to current user";
723 ($basedir) or die "Girocco::Config: \$basedir must be set";
724 ($sendmail_bin) or die "Girocco::Config: \$sendmail_bin must be set";
725 $sendmail_bin = "$basedir/bin/sendmail.pl" if $sendmail_bin eq "sendmail.pl";
726 $screen_acl_file = "$basedir/screen/giroccoacl" unless $screen_acl_file;
727 $jailreporoot =~ s
,^/+,,;
728 ($reporoot) or die "Girocco::Config \$reporoot must be set";
729 ($jailreporoot) or die "Girocco::Config \$jailreporoot must be set";
730 (not $mob or $mob eq 'mob') or die "Girocco::Config \$mob must be undef (or '') or 'mob'";
731 (not $min_key_length or $min_key_length =~ /^[1-9][0-9]*$/)
732 or die "Girocco::Config \$min_key_length must be undef or numeric";
733 $admincc = $admincc ?
1 : 0;
734 $rootcert = "$certsdir/girocco_root_crt.pem" if $httpspushurl && !$rootcert;
735 $clientcert = "$certsdir/girocco_client_crt.pem" if $httpspushurl && !$clientcert;
736 $clientkey = "$certsdir/girocco_client_key.pem" if $httpspushurl && !$clientkey;
737 $clientcertsuffix = "$certsdir/girocco_client_suffix.pem" if $httpspushurl && !$clientcertsuffix;
738 $mobusercert = "$certsdir/girocco_mob_user_crt.pem" if $httpspushurl && $mob && !$mobusercert;
739 $mobuserkey = "$certsdir/girocco_mob_user_key.pem" if $httpspushurl && $mob && !$mobuserkey;
740 our $mobpushurl = $pushurl;
741 $mobpushurl =~ s
,^ssh
://,ssh
://mob@
,i
if $mobpushurl;
742 $disable_dsa = 1 unless $pushurl;
743 $disable_dsa = $disable_dsa ?
1 : '';
744 our $httpdnsname = ($gitweburl =~ m
,https?
://([A
-Za
-z0
-9.-]+),i
) ?
lc($1) : undef if $gitweburl;
745 our $httpsdnsname = ($httpspushurl =~ m
,https
://([A
-Za
-z0
-9.-]+),i
) ?
lc($1) : undef if $httpspushurl;
746 ($mirror or $push) or die "Girocco::Config: neither \$mirror nor \$push is set?!";
747 (not $push or ($pushurl or $httpspushurl or $gitpullurl or $httppullurl)) or die "Girocco::Config: no pull URL is set";
748 (not $push or ($pushurl or $httpspushurl)) or die "Girocco::Config: \$push set but \$pushurl and \$httpspushurl are undef";
749 (not $mirror or $mirror_user) or die "Girocco::Config: \$mirror set but \$mirror_user is undef";
750 ($manage_users == $chrooted) or die "Girocco::Config: \$manage_users and \$chrooted must be set to the same value";
751 (not $chrooted or $permission_control ne 'ACL') or die "Girocco::Config: resolving uids for ACL not supported when using chroot";
752 (grep { $permission_control eq $_ } qw(Group Hooks)) or die "Girocco::Config: \$permission_control must be set to Group or Hooks";
753 ($chrooted or not $mob) or die "Girocco::Config: mob user supported only in the chrooted mode";
754 (not $httpspushurl or $httpsdnsname) or die "Girocco::Config invalid \$httpspushurl does not start with https://domainname";
755 (not $svn_log_window_size or $svn_log_window_size =~ /^[1-9][0-9]*$/)
756 or die "Girocco::Config \$svn_log_window_size must be undef or numeric";
758 # Make sure Git has a consistent and reproducible environment
760 $ENV{'XDG_CONFIG_HOME'} = $chroot.'/var/empty';
761 $ENV{'HOME'} = $chroot.'/etc/girocco';
762 $ENV{'GIT_CONFIG_NOSYSTEM'} = 1;
763 $ENV{'GIT_ATTR_NOSYSTEM'} = 1;
764 $ENV{'GIT_NO_REPLACE_OBJECTS'} = 1;
765 $ENV{'GIT_TERMINAL_PROMPT'} = 0;
766 $ENV{'GIT_ASKPASS'} = $basedir.'/bin/git-askpass-password';
767 delete $ENV{'GIT_USER_AGENT'};
768 $ENV{'GIT_USER_AGENT'} = $git_client_ua if defined($git_client_ua);
769 delete $ENV{'GIT_HTTP_USER_AGENT'};
770 $ENV{'GIT_HTTP_USER_AGENT'} = $git_client_ua if defined($git_client_ua);
772 # Guarantee a sane umask for Girocco
774 umask(umask() & ~0770);