1 package Girocco
::Config
;
13 # Name of the service (typically a single word or a domain name)
15 our $name = "GiroccoEx";
17 # Nickname of the service (undef for initial part of $name upto first '.')
19 our $nickname = undef;
21 # Title of the service (as shown in gitweb)
22 # (may contain spaces)
23 our $title = "Example Girocco Hosting";
25 # Path to the Git binary to use (you MUST set this, even if to /usr/bin/git!)
26 our $git_bin = '/usr/bin/git';
28 # Path to the git-daemon binary to use (undef to use default)
29 # If $gitpullurl is undef this will never be used (assuming no git inetd
30 # service has been set up in that case).
31 # The default if this is undef is `$git_bin --exec-path`/git-daemon
32 our $git_daemon_bin = undef;
34 # Path to the git-http-backend binary to use (undef to use default)
35 # If both $httppullurl and $httpspushurl are undef this will never be used
36 # The default if this is undef is `$git_bin --exec-path`/git-http-backend
37 our $git_http_backend_bin = undef;
39 # Name (if in $PATH) or full path to netcat executable that accepts a -U option
40 # to connect to a unix socket. This may simply be 'nc' on many systems.
41 # See the ../src/dragonfly/README file for a DragonFly BSD nc with -U support.
42 # For a Linux-like system try installing the 'netcat-openbsd' package.
43 our $nc_openbsd_bin = 'nc.openbsd';
45 # Path to POSIX sh executable to use. Set to undef to use /bin/sh
46 our $posix_sh_bin = undef;
48 # Path to Perl executable to use. Set to undef to use Perl found in $PATH
49 our $perl_bin = undef;
51 # Path to gzip executable to use. Set to undef to use gzip found in $PATH
52 our $gzip_bin = undef;
54 # Path to OpenSSL/LibreSSL executable to use.
55 # Set to undef to use openssl found in $PATH
56 # Not used unless $httpspushurl is defined
57 our $openssl_bin = undef;
59 # Path to the sendmail instance to use. It should understand the -f <from>, -i and -t
60 # options as well as accepting a list of recipient addresses in order to be used here.
61 # You MUST set this, even if to '/usr/sbin/sendmail'!
62 # Setting this to 'sendmail.pl' is special and will automatically be expanded to
63 # a full path to the ../bin/sendmail.pl executable in this Girocco installation.
64 # sendmail.pl is a sendmail-compatible script that delivers the message directly
65 # using SMTP to a mail relay host. This is the recommended configuration as it
66 # minimizes the information exposed to recipients (no sender account names or uids),
67 # can talk to an SMTP server on another host (eliminating the need for a working
68 # sendmail and/or SMTP server on this host) and avoids any unwanted address rewriting.
69 # By default it expects the mail relay to be listening on localhost port 25.
70 # See the sendmail.pl section below for more information on configuring sendmail.pl.
71 our $sendmail_bin = 'sendmail.pl';
73 # E-mail of the site admin
74 our $admin = 'admin@example.org';
77 # This is the SMTP 'MAIL FROM:' value
78 # It will be passed to $sendmail_bin with the -f option
79 # Some sites may not allow non-privileged users to pass the -f option to
80 # $sendmail_bin. In that case set this to undef and no -f option will be
81 # passed which means the 'MAIL FROM:' value will be the user the mail is
82 # sent as (either $cgi_user or $mirror_user depending on the activity).
83 # To avoid having bounce emails go to $admin, this may be set to something
84 # else such as 'admin-noreply@example.org' and then the 'admin-noreply' address
85 # may be redirected to /dev/null. Setting this to '' or '<>' is not
86 # recommended because that will likely cause the emails to be marked as SPAM
87 # by the receiver's SPAM filter. If $sendmail_bin is set to 'sendmail.pl' this
88 # value must be acceptable to the receiving SMTP server as a 'MAIL FROM:' value.
89 # If this is set to undef and 'sendmail.pl' is used, the 'MAIL FROM:' value will
90 # be the user the mail is sent as (either $cgi_user or $mirror_user).
93 # Copy $admin on failure/recovery messages?
96 # Girocco branch to use for html.cgi view source links (undef for HEAD)
97 our $giroccobranch = undef;
100 # If the PATH needs to be customized to find required executables on
101 # the system, it can be done here.
102 # IMPORTANT: If PATH is NOT set here,
103 # it *will* be set to `/usr/bin/getconf PATH`!
104 # To keep whatever PATH is in effect when Girocco is installed use:
105 #$ENV{PATH} = $ENV{PATH};
106 # To add /usr/local/bin to the standard PATH, use something like this:
107 #$ENV{PATH} = substr(`/usr/bin/getconf PATH`,0,-1).":/usr/local/bin";
111 ## ----------------------
112 ## Git user agent strings
113 ## ----------------------
116 # Git clients (i.e. fetch/clone) always send a user agent string when fetching
117 # over HTTP. Since version 1.7.12.1 an 'agent=' capability string is included
118 # as well which affects git:, smart HTTP and ssh: protocols.
120 # These settings allow the default user agent string to be changed independently
121 # for fetch/clone operations (only matters if $mirror is true) and server
122 # operations (some other Git client fetching from us). Note that it is not
123 # possible to suppress the capability entirely although it can be set to an
124 # empty string. If these values are not set, the default user agent string
125 # will be used. Typically (unless Git was built with non-standard options) the
126 # default is "git/" plus the version. So for example "git/1.8.5.6" or
127 # "git/2.1.4" might be seen.
129 # One might want to change the default user agent strings in order to prevent
130 # an attacker from learning the exact Git version being used to avoid being
131 # able to quickly target any version-specific vulnerabilities. Note that
132 # no matter what's set here, an attacker can easily determine whether a server
133 # is running JGit, libgit2 or Git and for Git whether it's version 1.7.12.1 or
134 # later. A reasonable value to hide the exact Git version number while
135 # remaining compatible with servers that require a "Git/" user agent string
136 # would be something like "git/2" or even just "git/".
138 # The GIT_USER_AGENT value to use when acting as a client (i.e. clone/fetch)
139 # This value is only used if $mirror is true and at least one mirror is set up.
140 # Setting this to the empty string will suppress the HTTP User-Agent header,
141 # but will still include an "agent=" capability in the packet protocol. The
142 # empty string is not recommended because some servers match on "git/".
143 # Leave undef to use the default Git user agent string
144 # IMPORTANT: some server sites will refuse to serve up Git repositories unless
145 # the client user agent string contains "Git/" (matched case insensitively)!
146 our $git_client_ua = undef;
148 # The GIT_USER_AGENT value to use when acting as a server (i.e. some Git client
149 # is fetching/cloning from us).
150 # Leave undef to use the default Git user agent string
151 our $git_server_ua = undef;
160 # Enable mirroring mode if true (see "Foreign VCS mirrors" section below)
163 # Enable push mode if true
166 # If both $mirror and $push are enabled, setting this to 'mirror' pre-selects
167 # mirror mode on the initial regproj display, otherwise 'push' mode will be
168 # pre-selected. When forking the initial mode will be 'push' if $push enabled.
169 our $initial_regproj_mode = 'mirror';
171 # Enable user management if true; this means the interface for registering
172 # user accounts and uploading SSH keys. This implies full chroot.
173 our $manage_users = 1;
175 # Minimum key length (in bits) for uploaded SSH RSA/DSA keys.
176 # If this is not set (i.e. undef) keys as small as 512 bits will be allowed.
177 # Nowadays keys less than 2048 bits in length should probably not be allowed.
178 # Note, however, that versions of OpenSSH starting with 4.3p1 will only generate
179 # DSA keys of exactly 1024 bits in length even though that length is no longer
180 # recommended. (OpenSSL can be used to generate DSA keys with lengths > 1024.)
181 # OpenSSH does not have any problem generating RSA keys longer than 1024 bits.
182 # This setting is only checked when new keys are added so setting it/increasing it
183 # will not affect existing keys. For maximum compatibility a value of 1024 may
184 # be used however 2048 is recommended. Setting it to anything other than 1024,
185 # 2048 or 3072 may have the side effect of making it very difficult to generate
186 # DSA keys that satisfy the restriction (but RSA keys should not be a problem).
187 # Note that no matter what setting is specified here keys smaller than 512 bits
188 # will never be allowed via the reguser.cgi/edituser.cgi interface.
189 # RECOMMENDED VALUE: 2048 (ok) or 3072 (better)
190 our $min_key_length = 3072;
192 # Disable DSA public keys?
194 # If this is set to 1, adding DSA keys at reguser.cgi/edituser.cgi time will be
195 # prohibited. If $pushurl is undef then this is implicitly set to 1 since DSA
196 # keys are not usable with https push.
198 # OpenSSH will only generate 1024 bit DSA keys starting with version 4.3p1.
199 # Even if OpenSSL is used to generate a longer DSA key (which can then be used
200 # with OpenSSH), the SSH protocol itself still forces use of SHA-1 in the DSA
201 # signature blob which tends to defeat the purpose of going to a longer key in
202 # the first place. So it may be better from a security standpoint to simply
203 # disable DSA keys especially if $min_key_length and $rsakeylength have been set
204 # to something higher such as 3072 or 4096.
206 # This setting is only checked when new keys are added so changing it will not
207 # affect existing keys. There is no way to disable DSA keys in the sshd_config
208 # file of older versions of the OpenSSH server, but newer versions of OpenSSH
209 # WILL DISABLE DSA KEYS BY DEFAULT!
211 # IMPORTANT: If you do enable DSA keys ($disable_dsa is set to 0) and you are
212 # using a more recent version of the OpenSSH server software in the
213 # chroot jail, you MUST manually ADD the following line
214 # (the "+" IS REQUIRED) to the $chroot/j/etc/ssh/sshd_config file
215 # otherwise dsa keys WILL NOT BE ACCEPTED!
217 # PubkeyAcceptedKeyTypes +ssh-dss
219 # If this is set to 1, no ssh_host_dsa_key will be generated or used with the
220 # sshd running in the jail (but if the sshd_config has already been generated
221 # in the jail, it must be removed and 'sudo make install' run again or otherwise
222 # the sshd_config needs to be edited by hand for the change to take effect).
224 # RECOMMENDED VALUE: 1
225 our $disable_dsa = 1;
227 # Enable the special 'mob' user if set to 'mob'
230 # Let users set admin passwords; if false, all password inputs are assumed empty.
231 # This will make new projects use empty passwords and all operations on them
232 # unrestricted, but you will be able to do no operations on previously created
233 # projects you have set a password on.
234 our $project_passwords = 1;
236 # How to determine project owner; 'email' adds a form item asking for their
237 # email contact, 'source' takes realname of owner of source repository if it
238 # is a local path (and empty string otherwise). 'source' is suitable in case
239 # the site operates only as mirror of purely local-filesystem repositories.
240 our $project_owners = 'email';
242 # Which project fields to make editable, out of 'shortdesc', 'homepage', 'README',
243 # 'cleanmirror', 'notifymail', 'reverseorder', 'summaryonly', 'notifytag' and 'notifyjson'
244 # 'notifycia' was used by the now defunct CIA service and while allowing it to
245 # be edited does work and the value is saved, the value is totally ignored by Girocco
246 our @project_fields = qw(cleanmirror homepage shortdesc README notifymail reverseorder summaryonly notifytag notifyjson);
248 # Which project fields to protect -- they will first require the project
249 # password to be entered before they can even be viewed on the editproj page
250 our $protect_fields = {map({$_ => 1} qw(notifymail notifytag notifyjson))};
252 # Registration/Edit expiration time
253 # The registration form must be completed within this amount of time
254 # or it will time out and require starting over. The project edit page
255 # must be submitted within this amount of time or it will time out and
256 # require starting over.
257 our $project_edit_timeout = 1800; # 30 minutes
259 # Minimal number of seconds to pass between two updates of a project.
260 our $min_mirror_interval = 3600; # 1 hour
262 # Minimal number of seconds to pass between two garbage collections of a project.
263 our $min_gc_interval = 604800; # 1 week
265 # Minimal number of seconds to pass after first failure before sending failure email.
266 # A mirror update failed message will not be sent until mirror updates have been
267 # failing for at least this long. Set to 0 to send a failure message right away
268 # (provided the $min_mirror_failure_message_count condition has been met).
269 our $min_mirror_failure_message_interval = 216000; # 2.5 days
271 # Minimal number of consecutive failures required before sending failure email.
272 # A mirror update failed message will not be sent until mirror updates have failed
273 # for this many consecutive updates. Set to 0 to send a failure message right away
274 # (provided the $min_mirror_failure_message_interval condition has been met).
275 our $min_mirror_failure_message_count = 3;
277 # Maximum window memory size when repacking. If this is set, it will be used
278 # instead of the automatically computed value if it's less than that value.
279 # May use a 'k', 'm', or 'g' suffix otherwise value is in bytes.
280 our $max_gc_window_memory_size = undef;
282 # Maximum big file threshold size when repacking. If this is set, it will be
283 # used instead of the automatically computed value if it's less than that value.
284 # May use a 'k', 'm', or 'g' suffix otherwise value is in bytes.
285 our $max_gc_big_file_threshold_size = undef;
287 # Whether or not to run the ../bin/update-pwd-db script whenever the etc/passwd
288 # database is changed. This is typically needed (i.e. set to a true value) for
289 # FreeBSD style systems when using an sshd chroot jail for push access. So if
290 # $pushurl is undef or the system Girocco is running on is not like FreeBSD
291 # (e.g. a master.passwd file that must be transformed into pwd.db and spwd.db), then
292 # this setting should normally be left false (i.e. 0). See comments in the
293 # provided ../bin/update-pwd-db script about when and how it's invoked.
294 our $update_pwd_db = 0;
296 # Port the sshd running in the jail should listen on
297 # Be sure to update $pushurl to match
298 # Not used if $pushurl is undef
299 our $sshd_jail_port = 22;
301 # If this is true then host names used in mirror source URLs will be checked
302 # and any that are not DNS names (i.e. IPv4 or IPv6) or match one of the DNS
303 # host names in any of the URL settings below will be rejected.
304 our $restrict_mirror_hosts = 1;
306 # If $restrict_mirror_hosts is enabled this is the minimum number of labels
307 # required in a valid dns name. Normally 2 is the correct value, but if
308 # Girocco is being used internally where a common default or search domain
309 # is set for everyone then this should be changed to 1 to allow a dns name
310 # with a single label in it. No matter what is set here at least 1 label
311 # is always required when $restrict_mirror_hosts is enabled.
312 our $min_dns_labels = 2;
314 # If $xmllint_readme is true then the contents of the README.html section
315 # will be passed through xmllint and any errors must be corrected before
316 # it can be saved. If this is set to true then xmllint must be in the $PATH.
317 # RECOMMENDED VALUE: 1
318 our $xmllint_readme = 0;
320 # If defined, pass this value to format-readme as its `-m` option
321 # When format-readme is formatting an automatic readme, it will skip
322 # anything larger than this. The default is 32768 if unset.
323 # See `bin/format-readme -h` for details.
324 our $max_readme_size = undef;
326 # Maximum size of any single email sent by mail.sh in K (1024-byte) units
327 # If message is larger it will be truncated with a "...e-mail trimmed" line
328 # RECOMMENDED VALUE: 256 - 5120 (.25M - 5M)
329 our $mailsh_sizelimit = 512;
333 ## -------------------
334 ## Foreign VCS mirrors
335 ## -------------------
338 # Note that if any of these settings are changed from true to false, then
339 # any pre-existing mirrors using the now-disabled foreign VCS will stop
340 # updating, new mirrors using the now-disabled foreign VCS will be disallowed
341 # and attempts to update ANY project settings for a pre-existing project that
342 # uses a now-disabled foreign VCS source URL will also be disallowed.
344 # If $mirror is true and $mirror_svn is true then mirrors from svn source
345 # repositories will be allowed (and be converted to Git). These URLs have
346 # the form svn://... or svn+http://... or svn+https://...
347 # Since this functionality makes use of the "git svn" command and is maintained
348 # with Git, it tends to be kept up-to-date and highly usable.
349 # Note that for this to work the "svn" command line command must be available
350 # in PATH and the "git svn" commands must work (which generally requires both
351 # Perl and the subversion perl bindings be installed).
352 # RECOMMENDED VALUE: 1 (if the necessary prerequisites are installed)
355 # Prior to Git v1.5.1, git-svn always used a log window size of 1000.
356 # Starting with Git v1.5.1, git-svn defaults to using a log window size of 100
357 # and provides a --log-window-size= option to change it. Starting with Git
358 # v2.2.0, git-svn disconnects and reconnects to the server every log window size
359 # interval to attempt to reduce memory use by git-svn. If $svn_log_window_size
360 # is undefined, Girocco will use a log window size of 250 (instead of the
361 # the default 100). If $svn_log_window_size is set, Girocco will use that
362 # value instead. Beware that setting it too low (i.e. < 50) will almost
363 # certainly cause performance issues if not failures. Unless there are concerns
364 # about git-svn memory use on a server with extremely limited memory, the
365 # value of 250 that Girocco uses by default should be fine. Obviously if
366 # $mirror or $mirror_svn is false this setting is irrelevant.
367 our $svn_log_window_size = undef;
369 # If $mirror is true and $mirror_darcs is true then mirrors from darcs source
370 # repositories will be allowed (and be converted to Git). These URLs have
371 # the form darcs+http://... darcs+https://... (and deprecated darcs://...)
372 # Note that for this to work the "darcs" command line command must be available
373 # in PATH and so must python (required to run the darcs-fast-export script).
374 # This support depends on items updated separately from Git and which may easily
375 # become out-of-date or incompatible (e.g. new python version).
376 # NOTE: If this is set to 0, the girocco-darcs-fast-export.git
377 # submodule need not be initialized or checked out.
378 # RECOMMENDED VALUE: 0 (unless you have a need to mirror darcs repos)
379 our $mirror_darcs = 0;
381 # If $mirror is true and $mirror_bzr is true then mirrors from bzr source
382 # repositories will be allowed (and be converted to Git). These URLs have
384 # Note that for this to work the "bzr" command line command must be available
385 # in PATH (it's a python script so python is required as well).
386 # This support depends on items updated separately from Git and which may easily
387 # become out-of-date or incompatible (e.g. new python version).
388 # RECOMMENDED VALUE: 0 (unless you have a need to mirror bzr repos)
391 # If $mirror is true and $mirror_hg is true then mirrors from hg source
392 # repositories will be allowed (and be converted to Git). These URLs have
393 # the form hg+http://... or hg+https://...
394 # Note that for this to work the "hg" command line command must be available
395 # in PATH and so must python (required to run the hg-fast-export.py script).
396 # Note that if the PYTHON environment variable is set that will be used instead
397 # of just plain "python" to run the hg-fast-export.py script (which needs to
398 # be able to import from mercurial). Currently the hg-fast-export.py script
399 # used for this feature is likely incompatible with python 3 or later.
400 # Repositories created via this facility may need to be "reset" if the upstream
401 # hg repository moves the tip revision backwards and creates "unnamed heads".
402 # This support depends on items updated separately from Git and which may easily
403 # become out-of-date or incompatible (e.g. new python version).
404 # NOTE: If this is set to 0, the girocco-hg-fast-export.git
405 # submodule need not be initialized or checked out.
406 # RECOMMENDED VALUE: 0 (unless you have a need to mirror hg repos)
416 # Path where the main chunk of Girocco files will be installed
417 # This will get COMPLETELY OVERWRITTEN by each make install!!!
418 # MUST be an absolute path
419 our $basedir = '/home/repo/repomgr';
421 # Path where the automatically generated non-user certificates will be stored
422 # (The per-user certificates are always stored in $chroot/etc/sshcerts/)
423 # This is preserved by each make install and MUST NOT be under $basedir!
424 # The secrets used to generate TimedTokens are also stored in here.
425 # MUST be an absolute path
426 our $certsdir = '/home/repo/certs';
428 # The repository collection
429 # "$reporoot/_recyclebin" will also be created for use by toolbox/trash-project.pl
430 # MUST be an absolute path
431 our $reporoot = "/srv/git";
433 # The repository collection's location within the chroot jail
434 # Normally $reporoot will be bind mounted onto $chroot/$jailreporoot
435 # Should NOT start with '/'
436 our $jailreporoot = "srv/git";
438 # The chroot for ssh pushing; location for project database and other run-time
439 # data even in non-chroot setups
440 # MUST be an absolute path
441 our $chroot = "/home/repo/j";
443 # An installation that will never run a chrooted sshd should set this
444 # to a true value (e.g. 1) to guarantee that jailsetup for a chrooted
445 # sshd never takes place no matter what user runs `make install`.
446 # Note that the "jailsetup.sh" script will still run to do the database
447 # setup that's stored in $chroot regardless of this setting, it will just
448 # always run in "dbonly" mode when this setting is true.
449 our $disable_jailsetup = 0;
451 # The gitweb files web directory (corresponds to $gitwebfiles)
452 # Note that it is safe to place this under $basedir since it's set up after
453 # $basedir is completely replaced during install time. Be WARNED, however,
454 # that normally the install process only adds/replaces things in $webroot,
455 # but if $webroot is under $basedir then it will be completely removed and
456 # rebuilt each time "make install" is run. This will make gitweb/git-browser
457 # web services very briefly unavailable while this is happening.
458 # MUST be an absolute path
459 our $webroot = "/home/repo/www";
461 # The CGI-enabled web directory (corresponds to $gitweburl and $webadmurl)
462 # This will not be web-accessible except that if any aliases point to
463 # a *.cgi file in here it will be allowed to run as a cgi-script.
464 # Note that it is safe to place this under $basedir since it's set up after
465 # $basedir is completely replaced during install time. Be WARNED, however,
466 # that normally the install process only adds/replaces things in $cgiroot,
467 # but if $cgiroot is under $basedir then it will be completely removed and
468 # rebuilt each time "make install" is run. This will make gitweb/git-browser
469 # web services very briefly unavailable while this is happening.
470 # MUST be an absolute path
471 our $cgiroot = "/home/repo/cgibin";
473 # A web-accessible symlink to $reporoot (corresponds to $httppullurl, can be undef)
474 # If using the sample apache.conf (with paths suitably updated) this is not required
475 # to serve either smart or non-smart HTTP repositories to the Git client
476 # MUST be an absolute path if not undef
477 our $webreporoot = "/home/repo/www/r";
479 # The location to store the project list cache, gitweb project list and gitweb
480 # cache file. Normally this should not be changed. Note that it must be in
481 # a directory that is writable by $mirror_user and $cgi_user (just in case the
482 # cache file is missing). The directory should have its group set to $owning_group.
483 # Again, this setting should not normally need to be changed.
484 # MUST be an absolute path
485 our $projlist_cache_dir = "$chroot/etc";
489 ## ----------------------------------------------------
490 ## Certificates (only used if $httpspushurl is defined)
491 ## ----------------------------------------------------
494 # path to root certificate (undef to use automatic root cert)
495 # this certificate is made available for easy download and should be whatever
496 # the root certificate is for the https certificate being used by the web server
497 our $rootcert = undef;
499 # The certificate to sign user push client authentication certificates with (undef for auto)
500 # The automatically generated certificate should always be fine
501 our $clientcert = undef;
503 # The private key for $clientcert (undef for auto)
504 # The automatically generated key should always be fine
505 our $clientkey = undef;
507 # The client certificate chain suffix (a pemseq file to append to user client certs) (undef for auto)
508 # The automatically generated chain should always be fine
509 # This suffix will also be appended to the $mobusercert before making it available for download
510 our $clientcertsuffix = undef;
512 # The mob user certificate signed by $clientcert (undef for auto)
513 # The automatically generated certificate should always be fine
514 # Not used unless $mob is set to 'mob'
515 # The $clientcertsuffix will be appended before making $mobusercert available for download
516 our $mobusercert = undef;
518 # The private key for $mobusercert (undef for auto)
519 # The automatically generated key should always be fine
520 # Not used unless $mob is set to 'mob'
521 our $mobuserkey = undef;
523 # Server alt names to embed in the auto-generated girocco_www_crt.pem certificate.
524 # The common name (CN) in the server certificate is the host name from $httpspushurl.
525 # By default no server alt names are embedded (not even the host from $httpspushurl).
526 # If the web server configuration is not using this auto-generated server certificate
527 # then the values set here will have no impact and this setting can be ignored.
528 # To embed server alternative names, list each (separated by spaces). The names
529 # may be DNS names, IPv4 addresses or IPv6 addresses (NO surrounding '[' ']' please).
530 # If ANY DNS names are included here be sure to also include the host name from
531 # the $httpspushurl or else standards-conforming clients will fail with a host name
532 # mismatch error when they attempt to verify the connection.
533 #our $wwwcertaltnames = 'example.com www.example.com git.example.com 127.0.0.1 ::1';
534 our $wwwcertaltnames = undef;
536 # The key length for automatically generated RSA private keys (in bits).
537 # These keys are then used to create the automatically generated certificates.
538 # If undef or set to a value less than 2048, then 2048 will be used.
539 # Set to 3072 to generate more secure keys/certificates. Set to 4096 (or higher) for
540 # even greater security. Be warned that setting to a non-multiple of 8 and/or greater
541 # than 4096 could negatively impact compatibility with some clients.
542 # The values 2048, 3072 and 4096 are expected to be compatible with all clients.
543 # Note that OpenSSL has no problem with > 4096 or non-multiple of 8 lengths.
544 # See also the $min_key_length setting above to restrict user key sizes.
545 # This value is also used when generating the ssh_host_rsa_key for the chroot jail sshd.
546 # RECOMMENDED VALUE: 3072
547 our $rsakeylength = 3072;
556 # URL of the gitweb.cgi script (must be in pathinfo mode). If the sample
557 # apache.conf configuration is used, the trailing "/w" is optional.
558 our $gitweburl = "http://repo.or.cz/w";
560 # URL of the extra gitweb files (CSS, .js files, images, ...)
561 our $gitwebfiles = "http://repo.or.cz";
563 # URL of the Girocco CGI web admin interface (Girocco cgi/ subdirectory)
564 # e.g. reguser.cgi, edituser.cgi, regproj.cgi, editproj.cgi etc.
565 our $webadmurl = "http://repo.or.cz";
567 # URL of the Girocco CGI bundles information generator (Girocco cgi/bundles.cgi)
568 # If the sample apache.conf configuration is used, the trailing "/b" is optional.
569 # This is different from $httpbundleurl. This URL lists all available bundles
570 # for a project and returns that as an HTML page.
571 our $bundlesurl = "http://repo.or.cz/b";
573 # URL of the Girocco CGI html templater (Girocco cgi/html.cgi)
574 # If mod_rewrite is enabled and the sample apache.conf configuration is used,
575 # the trailing "/h" is optional when the template file name ends in ".html"
576 # (which all the provided ones do).
577 our $htmlurl = "http://repo.or.cz/h";
579 # HTTP URL of the repository collection (undef if N/A)
580 # If the sample apache.conf configuration is used, the trailing "/r" is optional.
581 our $httppullurl = "http://repo.or.cz/r";
583 # HTTP URL of the repository collection when fetching a bundle (undef if N/A)
584 # Normally this will be the same as $httppullurl, but note that the bundle
585 # fetching logic is located in git-http-backend-verify so whatever URL is
586 # given here MUST end up running the git-http-backend-verify script!
587 # For example, if we're fetching the 'clone.bundle' for the 'girocco.git'
588 # repository, the final URL will be "$httpbundleurl/girocco.git/clone.bundle"
589 # If the sample apache.conf configuration is used, the trailing "/r" is optional.
590 # This is different from $bundlesurl. This URL fetches a single Git-format
591 # .bundle file that is only usable with the 'git bundle' command.
592 our $httpbundleurl = "http://repo.or.cz/r";
594 # HTTPS push URL of the repository collection (undef if N/A)
595 # If this is defined, the openssl command must be available
596 # The sample apache.conf configuration requires mod_ssl, mod_authn_anon and
597 # mod_rewrite be enabled to support https push operations.
598 # Normally this should be set to $httppullurl with http: replaced with https:
599 # If the sample apache.conf configuration is used, the trailing "/r" is optional.
600 our $httpspushurl = undef;
602 # Git URL of the repository collection (undef if N/A)
603 # (You need to set up git-daemon on your system, and Girocco will not
604 # do this particular thing for you.)
605 our $gitpullurl = "git://repo.or.cz";
607 # Pushy SSH URL of the repository collection (undef if N/A)
608 # Note that the "/$jailreporoot" portion is optional and will be automatically
609 # added if appropriate when omitted by the client so this URL can typically
610 # be made the same as $gitpullurl with git: replaced with ssh:
611 our $pushurl = "ssh://repo.or.cz/$jailreporoot";
613 # URL of gitweb of this Girocco instance (set to undef if you're not nice
615 our $giroccourl = "$Girocco::Config::gitweburl/girocco.git";
619 ## -------------------
620 ## Web server controls
621 ## -------------------
624 # If true then non-smart HTTP access will be disabled
625 # There's normally no reason to leave non-smart HTTP access enabled
626 # since downloadable bundles are provided. However, in case the
627 # non-smart HTTP access is needed for some reason, this can be set to undef or 0.
628 # This affects access via http: AND https: and processing of apache.conf.in.
629 # Note that this setting does not affect gitweb, ssh: or git: URL access in any way.
630 # RECOMMENDED VALUE: 1
631 our $SmartHTTPOnly = 1;
633 # If true, the https <VirtualHost ...> section in apache.conf.in will be
634 # automatically enabled when it's converted to apache.conf by the conversion
635 # script. Do NOT enable this unless the required Apache modules are present
636 # and loaded (mod_ssl, mod_rewrite, mod_authn_anon) AND $httpspushurl is
637 # defined above otherwise the server will fail to start (with various errors)
638 # when the resulting apache.conf is used.
641 # If true, the information about configuring a Git client to trust
642 # a Girocco-generated TLS root will be suppressed presuming that some other
643 # means (such as LetsEncrypt.org) has been used to generate a TLS web
644 # certificate signed by a pre-trusted root. This does NOT affect the
645 # information on how to configure https push certificates as those are still
646 # required in order to push over https regardless of what web server certificate
648 # RECOMMENDED VALUE: 0 (for girocco-generated root & server certificates)
649 # RECOMMENDED VALUE: 1 (for LetsEncrypt etc. generated server certificates)
650 our $pretrustedroot = 0;
654 ## ------------------------
655 ## Lighttpd server controls
656 ## ------------------------
659 # Of course, the lighttp.conf.in file can be edited directly, but these
660 # settings allow it to contain conditional sections that show how the
661 # various configurations can be achieved.
663 # If lighttpd will not be used, these settings can be ignored.
665 # N.B. The lighttpd.conf.in file MUST be edited if lighttpd should listen
666 # on ports other than 80 (http) and 443 (https)
668 # If true, the lighttpd.conf.in file will be processed into a lighttpd.conf
669 # file that tries very hard to be a complete, standalone configuration file for
670 # a lighttpd server. In other words, it will set things in the lighttpd global
671 # configuration that would not be needed (or safe) if it were being included
672 # to provide only a "virtual host" configuration.
673 # RECOMMENDED VALUE: 0 (for use as an included "virtual host" configuration)
674 # RECOMMENDED VALUE: 1 (for use as a standalone configuration file)
675 our $lighttpd_standalone = 0;
677 # Only applicable if $lighttpd_standlone has been set to a true value,
678 # otherwise this setting has no effect.
679 # If true, the parts of the standalone lighttpd configuration that would
680 # require privileges (e.g. log file, pid file, etc.) will be redirected to
681 # "unprivileged" locations and neither the username nor groupname settings
682 # will be set. Otherwise "standard" locations and so forth will be used
683 # (such as /var/run, /var/log etc.). Note that this will NOT change the
684 # ports lighttpd attempts to listen on -- edit lighttpd.conf.in to do that
685 # and note that the port numbers will likely need to be changed in order to
686 # run in unprivileged mode (e.g. to 8080 and 8443).
687 # RECOMMENDED_VALUE: 0 (if running privileged as $lighttpd_standalone)
688 # RECOMMENDED_VALUE: 1 (if running unprivileged as $lighttpd_standalone)
689 our $lighttpd_unprivileged = 0;
691 # If true, listen only to the loopback interface (i.e. 127.0.0.1/::1)
692 # Otherwise allow incoming connections from anywhere
693 # RECOMMENDED_VALUE: 0 (for an externally accessible girocco web interface)
694 # RECOMMENDED_VALUE: 1 (for a localhost-accessible-only girocco web interface)
695 our $lighttpd_loopback_only = 0;
697 # This will be ignored unless $lighttpd_standalone is a false value
698 # See the copious comments in lighttpd.conf.in (search for TLSHost)
699 # RECOMMENDED_VALUE: 0 (if !$lighttpd_standalone but no other TLS hosts)
700 # RECOMMENDED_VALUE: 1 (if !$lighttpd_standalone and other TLS hosts are present)
701 our $lighttpd_tls_virtualhost = 1;
705 ## ------------------------
706 ## Some templating settings
707 ## ------------------------
710 # Legal warning (on reguser and regproj pages)
711 our $legalese = <<EOT;
712 <p>By submitting this form, you are confirming that you will mirror or push
713 only what we can store and show to anyone else who can visit this site without
714 breaking any law, and that you will be nice to all small furry animals.
715 <sup class="sup"><span><a href="/h/about.html">(more details)</a></span></sup>
719 # Pre-configured mirror sources (set to undef for none)
720 # Arrayref of name - record pairs, the record has these attributes:
721 # label: The label of this source
722 # url: The template URL; %1, %2, ... will be substituted for inputs
723 # desc: Optional VERY short description
724 # link: Optional URL to make the desc point at
725 # inputs: Arrayref of hashref input records:
726 # label: Label of input record
727 # suffix: Optional suffix
728 # If the inputs arrayref is undef, single URL input is shown,
729 # pre-filled with url (probably empty string).
730 our $mirror_sources = [
734 desc
=> 'Any HTTP/Git/rsync pull URL - bring it on!',
739 url
=> 'https://github.com/%1/%2.git',
740 desc
=> 'GitHub Social Code Hosting',
741 link => 'https://github.com/',
742 inputs
=> [ { label
=> 'User:' }, { label
=> 'Project:', suffix
=> '.git' } ]
746 url
=> 'https://gitlab.com/%1/%2.git',
747 desc
=> 'Engulfed the Green and Orange Boxes',
748 link => 'https://gitlab.com/',
749 inputs
=> [ { label
=> 'User:' }, { label
=> 'Project:', suffix
=> '.git' } ]
752 label
=> 'Bitbucket',
753 url
=> 'https://bitbucket.org/%1/%2.git',
754 desc
=> 'Embraced the best DVCS',
755 link => 'https://bitbucket.org/',
756 inputs
=> [ { label
=> 'User:' }, { label
=> 'Project:', suffix
=> '.git' } ]
760 # You can customize the gitweb interface widely by editing
761 # gitweb/gitweb_config.perl
765 ## -------------------
766 ## Permission settings
767 ## -------------------
770 # Girocco needs some way to manipulate write permissions to various parts of
771 # all repositories; this concerns three entities:
772 # - www-data: the web interface needs to be able to rewrite few files within
774 # - repo: a user designated for cronjobs; handles mirroring and repacking;
775 # this one is optional if not $mirror
776 # - others: the designated users that are supposed to be able to push; they
777 # may have account either within chroot, or outside of it
779 # There are several ways how to use Girocco based on a combination of the
780 # following settings.
782 # (Non-chroot) UNIX user the CGI scripts run on; note that if some non-related
783 # untrusted CGI scripts run on this account too, that can be a big security
784 # problem and you'll probably need to set up suexec (poor you).
785 # This must always be set.
786 our $cgi_user = 'www-data';
788 # (Non-chroot) UNIX user performing mirroring jobs; this is the user who
789 # should run all the daemons and cronjobs and
790 # the user who should be running make install (if not root).
791 # This must always be set.
792 our $mirror_user = 'repo';
794 # (Non-chroot) UNIX group owning the repositories by default; it owns whole
795 # mirror repositories and at least web-writable metadata of push repositories.
796 # If you undefine this, all the data will become WORLD-WRITABLE.
797 # Both $cgi_user and $mirror_user should be members of this group!
798 our $owning_group = 'repo';
800 # Whether to use chroot jail for pushing; this must be always the same
802 # TODO: Gitosis support for $manage_users and not $chrooted?
803 our $chrooted = $manage_users;
805 # How to control permissions of push-writable data in push repositories:
806 # * 'Group' for the traditional model: The $chroot/etc/group project database
807 # file is used as the UNIX group(5) file; the directories have gid appropriate
808 # for the particular repository and are group-writable. This works only if
809 # $chrooted so that users are put in the proper groups on login when using
810 # SSH push. Smart HTTPS push does not require a chroot to work -- simply
811 # run "make install" as the non-root $mirror_user user, but leave
812 # $manage_users and $chrooted enabled.
813 # * 'ACL' for a model based on POSIX ACL: The directories are coupled with ACLs
814 # listing the users with push permissions. This works for both chroot and
815 # non-chroot setups, however it requires ACL support within the filesystem.
816 # This option is BASICALLY UNTESTED, too. And UNIMPLEMENTED. :-)
817 # * 'Hooks' for a relaxed model: The directories are world-writable and push
818 # permission control is purely hook-driven. This is INSECURE and works only
819 # when you trust all your users; on the other hand, the attack vectors are
820 # mostly just DoS or fully-traceable tinkering.
821 our $permission_control = 'Group';
823 # Path to alternate screen multiuser acl file (see screen/README, undef for none)
824 our $screen_acl_file = undef;
826 # Reserved project name and user name suffixes.
828 # Note that with personal mob branches enabled, a user name can end up being a
829 # file name after having a 'mob.' prefix added or a directory name after having
830 # a 'mob_' prefix added. If there is ANY possibility that a file with a
831 # .suffix name may need to be served by the web server, lc(suffix) SHOULD be in
832 # this hash! Pre-existing project names or user names with a suffix in this
833 # table can continue to be used, but no new projects or users can be created
834 # that have a suffix (case-insensitive) listed here.
835 our %reserved_suffixes = (
836 # Entries must be lowercase WITHOUT a leading '.'
880 ## -------------------
881 ## Size limit settings
882 ## -------------------
885 # If this is set to a non-zero value, whenever a receive-pack, mirror fetch
886 # or clone runs, git will be run with a UL_SETFSIZE value set to this value.
888 # The limit is not active while performing garbage collection or other
891 # If git attempts to create a file larger than this limit, it will receive a
892 # SIGXFSZ signal which will cause git to terminate.
894 # Note that if the actual value of UL_GETFSIZE at runtime is already less than
895 # the value set here, then that value will be silently used instead.
897 # The value represents the maximum file size allowed in units of 512-byte blocks
898 # and must be <= 2147483647 (which represents a size of 1 TiB less 512 bytes).
900 our $max_file_size512 = undef; # default is no limit
902 # If this is set to a non-zero value, after an otherwise successful clone,
903 # if the repository contains more than this many objects, the clone will
904 # be considered to fail.
906 # This setting only takes effect after an otherwise successful clone which
907 # means that if $max_file_size512 is non-zero that the resulting clone did
908 # not exceed the file size limit if it fails this check.
910 our $max_clone_objects = undef; # default is no limit
914 ## -------------------------
915 ## sendmail.pl configuration
916 ## -------------------------
919 # Full information on available sendmail.pl settings can be found by running
920 # ../bin/sendmail.pl -v -h
922 # These settings will only be used if $sendmail_bin is set to 'sendmail.pl'
924 # sendmail.pl host name
925 #$ENV{'SENDMAIL_PL_HOST'} = 'localhost'; # localhost is the default
927 # sendmail.pl port name
928 #$ENV{'SENDMAIL_PL_PORT'} = '25'; # port 25 is the default
930 # sendmail.pl nc executable
931 #$ENV{'SENDMAIL_PL_NCBIN'} = "$chroot/bin/nc.openbsd"; # default is nc found in $PATH
933 # sendmail.pl nc options
934 # multiple options may be included, e.g. '-4 -X connect -x 192.168.100.10:8080'
935 #$ENV{'SENDMAIL_PL_NCOPT'} = '-4'; # force IPv4, default is to allow IPv4 & IPv6
939 ## -------------------------
940 ## Obscure Tuneable Features
941 ## -------------------------
944 # Throttle classes configured here override the defaults for them that
945 # are located in taskd/taskd.pl. See comments in that file for more info.
946 our @throttle_classes = ();
948 # Any tag names listed here will be allowed even if they would otherwise not be.
949 # Note that @allowed_tags takes precedence over @blocked_tags.
950 our @allowed_tags = (qw( ));
952 # Any tag names listed here will be disallowed in addition to the standard
953 # list of nonsense words etc. that are blocked as tags.
954 our @blocked_tags = (qw( ));
957 # If this setting is true, then tags that differ only in case will always use
958 # the same-cased version. If this setting is enabled and the tag is present in
959 # @allowed_tags (or the embedded white list in Util.pm) then the case of the
960 # tag will match the white list entry otherwise it will be all lowercased.
961 # If this setting is disabled (false) tags are used with their case left as-is.
962 # RECOMMENDED VALUE: 1 (true)
965 # If there are no more than this many objects, then all deltas will be
966 # recomputed when gc takes place. Note that this does not affect any
967 # fast-import created packs as they ALWAYS have their deltas recomputed.
968 # Also when combining small packs, if the total object count in the packs
969 # to be combined is no more than this then the new, combined pack will have
970 # its deltas recomputed during the combine operation.
971 # Leave undef to use the default (which should generally be fine).
972 # Lowering this from the default can increase disk use.
973 # Values less than 1000 * number of CPU cores will be silently ignored.
974 # The "girocco.redelta" config item can be used to modify this behavior on
975 # a per-repository basis. See the description of it in gc.sh.
976 our $new_delta_threshold = undef;
978 # This setting is irrelevant unless foreign vcs mirrors that use git fast-import
979 # are enabled (e.g. $mirror_darcs, $mirror_bzr or $mirror_hg -- $mirror_svn does
980 # NOT use git fast-import and is not affected by this setting).
981 # The packs generated by git fast-import are very poor quality. For this reason
982 # they ALWAYS have their deltas recomputed at some point. Normally this is
983 # delayed until the next full (or mini) gc takes place. For this reason a full
984 # gc is always scheduled immediately after a fresh mirror clone completes.
985 # However, in the case of normal mirror updates, several git fast-import created
986 # packs may exist as a result of changes fetched during the normal mirror update
987 # process. These packs will persist (with their git fast-import poor quality)
988 # until the next full (or mini) gc triggers. The bad deltas in these update
989 # packs could be sent down to clients who fetch updates before the next gc
990 # triggers. To reduce (i.e. practically eliminate) the likelihood of this
991 # occurring, this setting can be changed to a false (0 or undef) value in which
992 # case after each mirror update of a git fast-import mirror, any newly created
993 # git fast-import packs (as a result of the mirror update running) will have
994 # their deltas recomputed shortly thereafter instead of waiting for the next gc.
995 # Recomputing deltas immediately (almost immediately) will result in an extra
996 # redeltification step (with associated CPU cost) that would otherwise not
997 # occur and, in some cases (mainly large repositories), could ultimately result
998 # in slightly less efficient deltas being retained.
999 # RECOMMENDED VALUE: 1
1000 our $delay_gfi_redelta = 1;
1002 # If this is set to a true value, then core.packedGitWindowSize will be set
1003 # to 1 MiB (the same as if Git was compiled with NO_MMAP set). If this is NOT
1004 # set, core.packedGitWindowSize will be set to 32 MiB (even on 64-bit) to avoid
1005 # memory blowout. If your Git was built with NO_MMAP set and will not work
1006 # without NO_MMAP set, you MUST set this to a true value!
1007 our $git_no_mmap = undef;
1009 # If set to a true value, the "X-Girocco: $gitweburl" header included in all
1010 # Girocco-generated emails will be suppressed.
1011 our $suppress_x_girocco = undef;
1013 # Number of days to keep reflogs around
1014 # May be set to a value between 1 and 30 (inclusive)
1015 # The default of one day should normally suffice unless there's a need to
1016 # support a "Where's the undo? WHERE IS THE UNDO?!!!" option ;)
1017 our $reflogs_lifetime = 1;
1019 # The pack.window size to use with git upload-pack
1020 # When Git is creating a pack to send down to a client, if it needs to send
1021 # down objects that are deltas against objects it is not sending and that it
1022 # does not know the client already has, it must undelta and recompute deltas
1023 # for those objects. This is the remote's "Compressing objects" phase the
1024 # client sees during a fetch or clone. If this value is unset, the normal
1025 # Git default of 10 will be used for the window size during these operations.
1026 # This value may be set to a number between 2 and 50 inclusive to change the
1027 # window size during upload pack operations. A window size of 2 provides the
1028 # fastest response at the expense of less efficient deltas for the objects
1029 # being recompressed (meaning more data to send to the client). A window
1030 # size of 5 typically reduces the compression time by almost half and is
1031 # usually nearly as fast as a window size of 2 while providing better deltas.
1032 # A window size of 50 will increase the time spent in the "Compressing objects"
1033 # phase by as much as 5 times but will produce deltas similar to those that
1034 # Girocco generates when it performs garbage collection.
1035 # RECOMMENDED VALUE: undef or 5
1036 our $upload_pack_window = undef;
1038 # If this is true then remote fetching of refs/stash and refs/tgstash will
1039 # be allowed. Git does not allow single-level ref names to be pushed so the
1040 # only way they could get in there is if a linked working tree (or, gasp, a
1041 # non-bare Girocco repository) created them or they arrived via a non-clean
1042 # mirror fetch. The client almost certainly does not want to see them.
1043 # Unless this config item is true they will also be left out of the bundle too.
1044 # Since both stash and tgstash are used with their ref logs and there's no way
1045 # for a remote to fetch ref logs, the "log --walk-reflogs" feature could not be
1046 # used with them by a remote that fetched them anyway.
1048 # NOTE: The reason this doesn't just control all single-level refs is that the
1049 # "hideRefs" configuration mechanism isn't flexible enough to hide all
1050 # single-level refs without knowing their names. In addition, it hides the
1051 # entire refs hierarchy so refs/stash/foo will also be hidden along with
1052 # refs/stash, but Git doesn't actually support ref names that introduce a
1053 # directory/file confict (aka D/F conflict) and "refs/stash" represents an
1054 # official Git ref name therefore any refs/stash/... names really aren't
1055 # allowed in the first place so it's no problem if they're incidentally hidden
1056 # along with refs/stash itself.
1058 # NOTE: Git 1.8.2 or later is required to actually hide the refs from fetchers
1059 # over the "git:" protocol and Git 2.3.5 or later is required to properly hide
1060 # them over the smart "http:" protocol (Girocco will not attempt to "hide" them
1061 # on a smart HTTP fetch if Git is < 2.3.5 to avoid Git bugs.) They will never
1062 # be hidden via the non-smart HTTP fetch or any other non-smart protocols that
1063 # also make use of the $gitdir/info/refs file as they are not excluded from it.
1064 # Nor will they be hidden when accessed via any non-Girocco mechanism.
1065 # They will, however, always be excluded from the primary (aka .bitmap) pack
1066 # and bundle no matter what version of Git is used unless this is set to a
1067 # true value. It's only the server's Git version that matters when hiding refs.
1069 # RECOMMENDED VALUE: undef or 0
1070 our $fetch_stash_refs = undef;
1072 # When set to a true value, Girocco will attempt to pick up ref changes made
1073 # outside of Girocco itself and process them using the usual Girocco
1074 # notification mechanism. Git lacks any "post-ref-change" hook capability that
1075 # could facilitate this. This feature is primarily intended to detect running
1076 # of "git fetch" in linked working trees of a Girocco repository. In many
1077 # cases after running a command Git runs "git gc --auto". With the correct
1078 # encouragement we can always induce Git to run our pre-auto-gc hook at that
1079 # time. "git fetch" invokes "git gc --auto" after the fetch. Girocco needs
1080 # to do additional maintenance to make this work properly so do not enable this
1081 # unless it's really needed. Additionally, there are a number of commands
1082 # (such as "git commit") that do not invoke "git gc --auto". Even with this
1083 # enabled, additional hooks for post-rewrite and post-checkout
1084 # would really be needed to catch more things and even then there are some
1085 # Git commands that would never be caught ("git filter-branch",
1086 # "git update-ref", "git reset", etc.) so this is hardly a complete solution.
1087 # But it WILL catch "git fetch" changes although the hashes it uses for the
1088 # "old" ref values may not be all that recent, the new ref values will be.
1089 # When this is false, the hack is completely disabled.
1090 # When this is true, the hack is enabled by default for all repositories,
1091 # but can be controlled on an individual repository basis by setting the
1092 # girocco.autogchack value explicitly to true (enable) or false (disable).
1093 # If this is set to the special value "mirror" then it will behave as true
1094 # for mirrors and false for non-mirrors thereby completely eliminating any
1095 # overhead for push projects but detecting external "git fetch"s for mirrors.
1096 # If this is enabled for a project, any third party script/tool can trigger
1097 # the Girocco ref notification mechanism simply by making a ref change and
1098 # then running "git gc --auto --quiet" on the project. In a capitulation to
1099 # use of linked working trees, Girocco installs a post-commit hook that will
1100 # trigger these notifications as well when this is enabled.
1101 our $autogchack = 0;
1103 # When set to a true value the initial setting for core.hooksPath will point
1104 # to the repository's own hooks directory instead of $reporoot/_global/hooks.
1105 # Due to the unfortunate implementation of core.hooksPath, Girocco must always
1106 # ensure the value gets set in each repository's config file. Normally it
1107 # just sets it to $reporoot/_global/hooks and that's that. However, the
1108 # update-all-config script will also tolerate it pointing at the repository's
1109 # own hooks directory -- Girocco maintains symbolic links in there to the
1110 # global hooks to make sure they get run when using older versions of Git;
1111 # therefore that setting is basically equivalent. The difference is that
1112 # repository-specific hooks can be added when hooksPath is pointing at the
1113 # repository's hooks directory but not when it's pointing at _global/hooks.
1114 # A repository's setting can be changed manually (and it will stick), but
1115 # sometimes it may be desirable to always just default to pointing at the
1116 # repository's own hooks directory from the start. Perhaps linked working
1117 # trees will be in use and software that needs to set repository-specific hooks
1118 # will be in use. If $autogchack has been set to true this may very likely be
1120 our $localhooks = 0;
1122 # If this is set to a true value changes to single-level refs (e.g. refs/stash)
1123 # will be passed through to the notification machinery.
1124 # Usually this is NOT wanted, especially when linked working trees are being
1125 # used with the repository.
1126 # However, in the unlikely event that changes to such ref names should NOT be
1127 # ignored, this value may be set to any true value.
1128 # RECOMMENDED VALUE: 0
1129 our $notify_single_level = 0;
1131 # If this is set to a non-empty value it will become the default value for
1132 # all repositories' girocco.notifyHook value.
1133 # Whenever taskd.pl receives a batch of ref changes for processing, it first
1134 # sends them off to any configured "girocco.notifyHook" (same semantics as
1135 # a post-receive hook except it also gets four command-line arguments like
1136 # so: cat ref-changes | notifyhook $projname $user $linecount $contextlinecount
1137 # There is no default notify hook, but each repository may set its own by
1138 # setting the `girocco.notifyHook` config value which will be eval'd by the
1139 # shell (like $GIT_EDITOR is) with the current directory set to the
1140 # repository's git-dir and the changes on standard input.
1141 # Note that normal notification processing does not take place until after
1142 # this command (if it's not null) gets run (regardless of its result code).
1143 our $default_notifyhook = undef;
1145 # UNIX group owning the repositories' htmlcache subdirectory
1146 # If not defined defaults to $owning_group
1147 # If gitweb access is provided but only on a read-only basis, then setting
1148 # this to a group to which Both $cgi_user and $mirror_user belong will still
1149 # allow summary page caching.
1150 # $mirror_user should always belong to this group
1151 our $htmlcache_owning_group = undef;
1153 # UNIX group owning the repositories' ctags subdirectory
1154 # If not defined defaults to $owning_group
1155 # If gitweb access is provided but only on a read-only basis, then setting
1156 # this to a group to which Both $cgi_user and $mirror_user belong will still
1157 # allow tags to be added to the repository in gitweb (provided that feature
1158 # is enabled in gitweb/gitweb_config.perl).
1159 # $mirror_user should always belong to this group
1160 our $ctags_owning_group = undef;
1162 # When using pack bitmaps and computing data to send to clients over a fetch,
1163 # having pack.writeBitmapHashCache set to true produces better deltas (thereby
1164 # potentially reducing the amount of data that needs to be sent). However,
1165 # JGit does not understand this extra data, so if JGit needs to use the bitmaps
1166 # generated when Girocco runs Git, this setting needs to be set to a true value
1167 # so that the hash cache is excluded when Git generates the bitmaps thereby
1168 # making them compatible with JGit.
1169 # Note that changes to this setting will not take effect until the next time
1170 # gc is scheduled to run on a project and then only if gc actually takes place.
1171 # Use the $basedir/toolbox/make-all-gc-eligible.sh script to force all projects
1172 # to actually do a gc the next time they are scheduled for one.
1173 # RECOMMENDED VALUE: undef or 0
1174 our $jgit_compatible_bitmaps = 0;
1176 # Set the default value of receive.maxInputSize
1177 # This is only effective for receives (aka an incoming push) and causes the
1178 # push to abort if the incoming pack (which is generally thin and does not
1179 # have any index) exceeds this many bytes in size (a 'k', 'm' or 'g' suffix
1180 # may be used on the value). If undef or set to 0 there is no limit. This
1181 # limit is only effective when Girocco is running Git v2.11.0 or later.
1182 our $max_receive_size = undef;
1184 # Suppress git: and ssh: log messages
1185 # Access via http: and/or https: provides logging of the project being
1186 # cloned/fetched/pushed to. There is normally no such logging for access
1187 # via ssh: and/or git: protocols. However, Girocco intercepts those
1188 # accesses to perform sanity and permision checks and also logs the request
1189 # to the system log at that time. By setting this value to any true
1190 # value, that logging of git: and ssh: git activity will be suppressed.
1191 # RECOMMENDED VALUE: 0
1192 our $suppress_git_ssh_logging = 0;
1194 # Select the sshd to be installed into the chroot
1195 # If set this MUST be an absolute path
1196 # Ignored unless a chroot is actually being created
1197 # Leaving this undef will find sshd in "standard" system locations and
1198 # is the recommended value. Only set this if you need to override the
1199 # "standard" sshd for some reason.
1200 # RECOMMENDED VALUE: undef
1201 our $sshd_bin = undef;
1203 # Allow any git-daemon host
1204 # If set to a true value, then the extra "host=" parameter received
1205 # by git-daemon (if present) will be ignored. If the $gitpullurl value
1206 # is undefined or does not start with "git://<hostname>" then any host
1207 # will be allowed by default.
1208 # RECOMMENDED VALUE: undef
1209 our $git_daemon_any_host = undef;
1211 # Restrict git-daemon host names
1212 # If $git_daemon_any_host is any false value (or undef) AND this
1213 # value is set to a space-separated list of host names WITHOUT any
1214 # port numbers, then the "host=" parameter MUST be provided by
1215 # a git daemon client AND it must match one of the names in this
1216 # all-lowercase, space-separated list. Note that IPv6 literal
1217 # addresses MUST NOT be enclosed in brackets. If this value is
1218 # empty or undef it will default to the hostname extracted from
1219 # $gitpullurl if that is set plus several variants of localhost.
1220 # Note, do NOT terminate DNS names with a final "." or they will
1223 # our $git_daemon_host_list = "foo.example.com localhost ::1 127.0.0.1";
1224 our $git_daemon_host_list = undef;
1228 ## ------------------------
1229 ## Sanity checks & defaults
1230 ## ------------------------
1233 # A separate, non-installed module handles the checks and defaults
1234 require Girocco
::Validator
;