Girocco/Config.pm

   1 package Girocco::Config;
   2
   3 use strict;
   4 use warnings;
   5
   6
   7 ## Basic settings
   8
   9 # Name of the service
  10 our $name = "repo.or.cz";
  11
  12 # Title of the service (as shown in gitweb)
  13 our $title = "Public Git Hosting";
  14
  15 # Legal jurisdiction of the site
  16 our $jurisdiction = "Czech Republic";
  17
  18 # Path to the Git binary to use (you MUST set this, even if to /usr/bin/git!)
  19 our $git_bin = '/home/pasky/bin/git';
  20
  21 # E-mail of the site admin
  22 our $admin = 'pasky@suse.cz';
  23
  24
  25 ## Feature knobs
  26
  27 # Enable mirroring mode if true
  28 our $mirror = 1;
  29
  30 # Enable push mode if true
  31 our $push = 1;
  32
  33 # Enable user management if true
  34 our $manage_users = 1;
  35
  36 # Enable the special 'mob' user if set to 'mob'
  37 our $mob = "mob";
  38
  39
  40 ## Paths
  41
  42 # Path to the Girocco files (checkout of this project)
  43 our $basedir = '/home/repo/repomgr';
  44
  45 # Path to the directory of the mirror queue (undef if not $mirror)
  46 our $mqueuedir = '/home/repo/repodata';
  47
  48 # The repository collection
  49 our $reporoot = "/srv/git";
  50
  51 # The chroot for ssh pushing; location for project database even in non-chroot
  52 # setups
  53 our $chroot = "/home/repo/j";
  54
  55
  56 ## URL addresses
  57
  58 # URL of the gitweb.cgi script (must be in pathinfo mode)
  59 our $gitweburl = "http://repo.or.cz/w";
  60
  61 # URL of the extra gitweb files (CSS, .js files, images, ...)
  62 our $gitwebfiles = "http://repo.or.cz/";
  63
  64 # URL of the Girocco CGI web admin interface (Girocco cgi/ subdirectory)
  65 our $webadmurl = "http://repo.or.cz/m";
  66
  67 # URL of the Girocco CGI html templater (Girocco cgi/html.cgi)
  68 our $htmlurl = "http://repo.or.cz/h";
  69
  70 # HTTP URL of the repository collection (undef if N/A)
  71 our $httppullurl = "http://repo.or.cz/r";
  72
  73 # Git URL of the repository collection (undef if N/A)
  74 our $gitpullurl = "git://repo.or.cz/";
  75
  76 # Pushy URL of the repository collection (undef if N/A)
  77 our $pushurl = "ssh://repo.or.cz/srv/git";
  78
  79 # URL of gitweb of this Girocco instance (set to undef if you're not nice
  80 # to the community)
  81 our $giroccourl = "$Girocco::Config::gitweburl/repo.git";
  82
  83
  84 ## Permission settings
  85
  86 # Note that if you are going to need the fixup root cronjob
  87 # ($chrooted and $permission_control eq 'Group'), you need to update
  88 # the settings in jobs/fixup.sh as well.
  89
  90 # Girocco needs some way to manipulate write permissions to various parts of
  91 # all repositories; this concerns three entities:
  92 # - www-data: the web interface needs to be able to rewrite few files within
  93 # the repository
  94 # - repo: a user designated for cronjobs; handles mirroring and repacking;
  95 # this one is optional if not $mirror
  96 # - others: the designated users that are supposed to be able to push
  97
  98 # There are several ways how to use Girocco based on a combination of the
  99 # following settings.
 100
 101 # (Non-chroot) UNIX user performing mirroring jobs
 102 our $mirror_user = 'repo';
 103
 104 # (Non-chroot) UNIX group owning the repositories by default; it owns whole
 105 # mirror repositories and at least web-writable metadata of push repositories
 106 our $owning_group = 'repo';
 107
 108 # Whether to use chroot jail for pushing; this must be always the same
 109 # as $manage_users.
 110 # TODO: Gitosis support for $manage_users and not $chrooted?
 111 our $chrooted = $manage_users;
 112
 113 # How to control permissions of push-writable data in push repositories:
 114 # * 'Group' for the traditional model: The $chroot/etc/group project database
 115 #   file is used as the UNIX group(5) file; the directories have gid appropriate
 116 #   for the particular repository and are group-writable. This works only if
 117 #   $chrooted so that users are put in the proper groups on login. This requires
 118 #   you also to set up the very crude fixup.sh cronjob for root.
 119 # * 'ACL' for a model based on POSIX ACL: The directories are coupled with ACLs
 120 #   listing the users with push permissions. This works for both chroot and
 121 #   non-chroot setups, however it requires ACL support within the filesystem.
 122 #   This option is BASICALLY UNTESTED, too. And UNIMPLEMENTED. :-)
 123 # * 'Hooks' for a relaxed model: The directories are world-writable and push
 124 #   permission control is purely hook-driven. This is INSECURE and works only
 125 #   when you trust all your users; on the other hand, the attack vectors are
 126 #   mostly just DoS or fully-traceable tinkering. UNIMPLEMENTED too.
 127 our $permission_control = 'Group';
 128
 129
 130 # Couple of sanity checks
 131 ($mirror or $push) or die "Girocco::Config: neither \$mirror or \$push is set?!";
 132 (($push and $pushurl) or $gitpullurl or $httppullurl) or die "Girocco::Config: no pull URL is set";
 133 (not $push or $pushurl) or die "Girocco::Config: \$push set but \$pushurl is undef";
 134 (not $mirror or $mirror_user) or die "Girocco::Config: \$mirror set but \$mirror_user is undef";
 135 ($manage_users == $chrooted) or die "Girocco::Config: \$manage_users and \$chrooted must be set to the same value";
 136 ($permission_control eq 'Group') or die "Girocco::Config: \$permission_control must be set to Group for now";
 137
 138
 139 1;