gitweb/indextext_readonly.html: update to match indextext.html
[girocco.git] / Girocco / Config.pm
blobfe58947445396c97d7445437361e825e4205dd85
1 package Girocco::Config;
3 use strict;
4 use warnings;
8 ## --------------
9 ## Basic settings
10 ## --------------
13 # Name of the service (typically a single word or a domain name)
14 # (no spaces allowed)
15 our $name = "repo.or.cz";
17 # Nickname of the service (undef for initial part of $name upto first '.')
18 # (no spaces allowed)
19 our $nickname = "rorcz";
21 # Title of the service (as shown in gitweb)
22 # (may contain spaces)
23 our $title = "Public Git Hosting";
25 # Path to the Git binary to use (you MUST set this, even if to /usr/bin/git!)
26 our $git_bin = '/home/repo/bin/git';
28 # Path to the git-daemon binary to use (undef to use default)
29 # If $gitpullurl is undef this will never be used (assuming no git inetd
30 # service has been set up in that case).
31 # The default if this is undef is `$git_bin --exec-path`/git-daemon
32 our $git_daemon_bin = undef;
34 # Path to the git-http-backend binary to use (undef to use default)
35 # If both $httppullurl and $httpspushurl are undef this will never be used
36 # The default if this is undef is `$git_bin --exec-path`/git-http-backend
37 our $git_http_backend_bin = undef;
39 # Name (if in $PATH) or full path to netcat executable that accepts a -U option
40 # to connect to a unix socket. This may simply be 'nc' on many systems.
41 # See the ../src/dragonfly/README file for a DragonFly BSD nc with -U support.
42 # For a Linux-like system try installing the 'netcat-openbsd' package.
43 our $nc_openbsd_bin = 'nc.openbsd';
45 # Path to POSIX sh executable to use. Set to undef to use /bin/sh
46 our $posix_sh_bin = undef;
48 # Path to Perl executable to use. Set to undef to use Perl found in $PATH
49 our $perl_bin = undef;
51 # Path to gzip executable to use. Set to undef to use gzip found in $PATH
52 our $gzip_bin = undef;
54 # Path to OpenSSL/LibreSSL executable to use.
55 # Set to undef to use openssl found in $PATH
56 # Not used unless $httpspushurl is defined
57 our $openssl_bin = undef;
59 # Path to the sendmail instance to use. It should understand the -f <from>, -i and -t
60 # options as well as accepting a list of recipient addresses in order to be used here.
61 # You MUST set this, even if to '/usr/sbin/sendmail'!
62 # Setting this to 'sendmail.pl' is special and will automatically be expanded to
63 # a full path to the ../bin/sendmail.pl executable in this Girocco installation.
64 # sendmail.pl is a sendmail-compatible script that delivers the message directly
65 # using SMTP to a mail relay host. This is the recommended configuration as it
66 # minimizes the information exposed to recipients (no sender account names or uids),
67 # can talk to an SMTP server on another host (eliminating the need for a working
68 # sendmail and/or SMTP server on this host) and avoids any unwanted address rewriting.
69 # By default it expects the mail relay to be listening on localhost port 25.
70 # See the sendmail.pl section below for more information on configuring sendmail.pl.
71 our $sendmail_bin = 'sendmail.pl';
73 # E-mail of the site admin
74 our $admin = 'admin@repo.or.cz';
76 # Sender of emails
77 # This is the SMTP 'MAIL FROM:' value
78 # It will be passed to $sendmail_bin with the -f option
79 # Some sites may not allow non-privileged users to pass the -f option to
80 # $sendmail_bin. In that case set this to undef and no -f option will be
81 # passed which means the 'MAIL FROM:' value will be the user the mail is
82 # sent as (either $cgi_user or $mirror_user depending on the activity).
83 # To avoid having bounce emails go to $admin, this may be set to something
84 # else such as 'admin-noreply@example.org' and then the 'admin-noreply' address
85 # may be redirected to /dev/null. Setting this to '' or '<>' is not
86 # recommended because that will likely cause the emails to be marked as SPAM
87 # by the receiver's SPAM filter. If $sendmail_bin is set to 'sendmail.pl' this
88 # value must be acceptable to the receiving SMTP server as a 'MAIL FROM:' value.
89 # If this is set to undef and 'sendmail.pl' is used, the 'MAIL FROM:' value will
90 # be the user the mail is sent as (either $cgi_user or $mirror_user).
91 our $sender = 'admin-noreply@repo.or.cz';
93 # Copy $admin on failure/recovery messages?
94 our $admincc = 0;
96 # Girocco branch to use for html.cgi view source links (undef for HEAD)
97 our $giroccobranch = 'rorcz';
99 # PATH adjustments
100 # If the PATH needs to be customized to find required executables on
101 # the system, it can be done here.
102 # IMPORTANT: If PATH is NOT set here,
103 # it *will* be set to `/usr/bin/getconf PATH`!
104 # To keep whatever PATH is in effect when Girocco is installed use:
105 #$ENV{PATH} = $ENV{PATH};
106 # To add /usr/local/bin to the standard PATH, use something like this:
107 #use Girocco::Dumper qw(GetConfPath);
108 #$ENV{PATH} = GetConfPath().":/usr/local/bin";
112 ## ----------------------
113 ## Git user agent strings
114 ## ----------------------
117 # Git clients (i.e. fetch/clone) always send a user agent string when fetching
118 # over HTTP. Since version 1.7.12.1 an 'agent=' capability string is included
119 # as well which affects git:, smart HTTP and ssh: protocols.
121 # These settings allow the default user agent string to be changed independently
122 # for fetch/clone operations (only matters if $mirror is true) and server
123 # operations (some other Git client fetching from us). Note that it is not
124 # possible to suppress the capability entirely although it can be set to an
125 # empty string. If these values are not set, the default user agent string
126 # will be used. Typically (unless Git was built with non-standard options) the
127 # default is "git/" plus the version. So for example "git/1.8.5.6" or
128 # "git/2.1.4" might be seen.
130 # One might want to change the default user agent strings in order to prevent
131 # an attacker from learning the exact Git version being used to avoid being
132 # able to quickly target any version-specific vulnerabilities. Note that
133 # no matter what's set here, an attacker can easily determine whether a server
134 # is running JGit, libgit2 or Git and for Git whether it's version 1.7.12.1 or
135 # later. A reasonable value to hide the exact Git version number while
136 # remaining compatible with servers that require a "Git/" user agent string
137 # would be something like "git/2" or even just "git/".
139 # The GIT_USER_AGENT value to use when acting as a client (i.e. clone/fetch)
140 # This value is only used if $mirror is true and at least one mirror is set up.
141 # Setting this to the empty string will suppress the HTTP User-Agent header,
142 # but will still include an "agent=" capability in the packet protocol. The
143 # empty string is not recommended because some servers match on "git/".
144 # Leave undef to use the default Git user agent string
145 # IMPORTANT: some server sites will refuse to serve up Git repositories unless
146 # the client user agent string contains "Git/" (matched case insensitively)!
147 our $git_client_ua = undef;
149 # The GIT_USER_AGENT value to use when acting as a server (i.e. some Git client
150 # is fetching/cloning from us).
151 # Leave undef to use the default Git user agent string
152 our $git_server_ua = undef;
156 ## -------------
157 ## Feature knobs
158 ## -------------
161 # Enable mirroring mode if true (see "Foreign VCS mirrors" section below)
162 our $mirror = 1;
164 # Enable push mode if true
165 our $push = 1;
167 # If both $mirror and $push are enabled, setting this to 'mirror' pre-selects
168 # mirror mode on the initial regproj display, otherwise 'push' mode will be
169 # pre-selected. When forking the initial mode will be 'push' if $push enabled.
170 our $initial_regproj_mode = 'mirror';
172 # Enable user management if true; this means the interface for registering
173 # user accounts and uploading SSH keys. This implies full chroot.
174 our $manage_users = 1;
176 # Minimum key length (in bits) for uploaded SSH RSA/DSA keys.
177 # If this is not set (i.e. undef) keys as small as 512 bits will be allowed.
178 # Nowadays keys less than 2048 bits in length should probably not be allowed.
179 # Note, however, that versions of OpenSSH starting with 4.3p1 will only generate
180 # DSA keys of exactly 1024 bits in length even though that length is no longer
181 # recommended. (OpenSSL can be used to generate DSA keys with lengths > 1024.)
182 # OpenSSH does not have any problem generating RSA keys longer than 1024 bits.
183 # This setting is only checked when new keys are added so setting it/increasing it
184 # will not affect existing keys. For maximum compatibility a value of 1024 may
185 # be used however 2048 is recommended. Setting it to anything other than 1024,
186 # 2048 or 3072 may have the side effect of making it very difficult to generate
187 # DSA keys that satisfy the restriction (but RSA keys should not be a problem).
188 # Note that no matter what setting is specified here keys smaller than 512 bits
189 # will never be allowed via the reguser.cgi/edituser.cgi interface.
190 # RECOMMENDED VALUE: 2048 (ok) or 3072 (better)
191 our $min_key_length = 2048;
193 # Disable DSA public keys?
195 # If this is set to 1, adding DSA keys at reguser.cgi/edituser.cgi time will be
196 # prohibited. If $pushurl is undef then this is implicitly set to 1 since DSA
197 # keys are not usable with https push.
199 # OpenSSH will only generate 1024 bit DSA keys starting with version 4.3p1.
200 # Even if OpenSSL is used to generate a longer DSA key (which can then be used
201 # with OpenSSH), the SSH protocol itself still forces use of SHA-1 in the DSA
202 # signature blob which tends to defeat the purpose of going to a longer key in
203 # the first place. So it may be better from a security standpoint to simply
204 # disable DSA keys especially if $min_key_length and $rsakeylength have been set
205 # to something higher such as 3072 or 4096.
207 # This setting is only checked when new keys are added so changing it will not
208 # affect existing keys. There is no way to disable DSA keys in the sshd_config
209 # file of older versions of the OpenSSH server, but newer versions of OpenSSH
210 # WILL DISABLE DSA KEYS BY DEFAULT!
212 # IMPORTANT: If you do enable DSA keys ($disable_dsa is set to 0) and you are
213 # using a more recent version of the OpenSSH server software in the
214 # chroot jail, you MUST manually ADD the following line
215 # (the "+" IS REQUIRED) to the $chroot/j/etc/ssh/sshd_config file
216 # otherwise dsa keys WILL NOT BE ACCEPTED!
218 # PubkeyAcceptedKeyTypes +ssh-dss
220 # If this is set to 1, no ssh_host_dsa_key will be generated or used with the
221 # sshd running in the jail (but if the sshd_config has already been generated
222 # in the jail, it must be removed and 'sudo make install' run again or otherwise
223 # the sshd_config needs to be edited by hand for the change to take effect).
225 # RECOMMENDED VALUE: 1
226 our $disable_dsa = 1;
228 # Enable the special 'mob' user if set to 'mob'
229 our $mob = "mob";
231 # Let users set admin passwords; if false, all password inputs are assumed empty.
232 # This will make new projects use empty passwords and all operations on them
233 # unrestricted, but you will be able to do no operations on previously created
234 # projects you have set a password on.
235 our $project_passwords = 1;
237 # How to determine project owner; 'email' adds a form item asking for their
238 # email contact, 'source' takes realname of owner of source repository if it
239 # is a local path (and empty string otherwise). 'source' is suitable in case
240 # the site operates only as mirror of purely local-filesystem repositories.
241 our $project_owners = 'email';
243 # Which project fields to make editable, out of 'shortdesc', 'homepage', 'README',
244 # 'cleanmirror', 'notifymail', 'reverseorder', 'summaryonly', 'notifytag' and 'notifyjson'
245 # 'notifycia' was used by the now defunct CIA service and while allowing it to
246 # be edited does work and the value is saved, the value is totally ignored by Girocco
247 our @project_fields = qw(cleanmirror homepage shortdesc README notifymail reverseorder summaryonly notifytag notifyjson);
249 # Which project fields to protect -- they will first require the project
250 # password to be entered before they can even be viewed on the editproj page
251 our $protect_fields = {map({$_ => 1} qw(notifymail notifytag notifyjson))};
253 # Registration/Edit expiration time
254 # The registration form must be completed within this amount of time
255 # or it will time out and require starting over. The project edit page
256 # must be submitted within this amount of time or it will time out and
257 # require starting over.
258 our $project_edit_timeout = 1800; # 30 minutes
260 # Minimal number of seconds to pass between two updates of a project.
261 our $min_mirror_interval = 3600; # 1 hour
263 # Minimal number of seconds to pass between two garbage collections of a project.
264 our $min_gc_interval = 604800; # 1 week
266 # Minimal number of seconds to pass after first failure before sending failure email.
267 # A mirror update failed message will not be sent until mirror updates have been
268 # failing for at least this long. Set to 0 to send a failure message right away
269 # (provided the $min_mirror_failure_message_count condition has been met).
270 our $min_mirror_failure_message_interval = 345600; # 4 days
272 # Minimal number of consecutive failures required before sending failure email.
273 # A mirror update failed message will not be sent until mirror updates have failed
274 # for this many consecutive updates. Set to 0 to send a failure message right away
275 # (provided the $min_mirror_failure_message_interval condition has been met).
276 our $min_mirror_failure_message_count = 10;
278 # Maximum window memory size when repacking. If this is set, it will be used
279 # instead of the automatically computed value if it's less than that value.
280 # May use a 'k', 'm', or 'g' suffix otherwise value is in bytes.
281 our $max_gc_window_memory_size = undef;
283 # Maximum big file threshold size when repacking. If this is set, it will be
284 # used instead of the automatically computed value if it's less than that value.
285 # May use a 'k', 'm', or 'g' suffix otherwise value is in bytes.
286 our $max_gc_big_file_threshold_size = undef;
288 # Whether or not to run the ../bin/update-pwd-db script whenever the etc/passwd
289 # database is changed. This is typically needed (i.e. set to a true value) for
290 # FreeBSD style systems when using an sshd chroot jail for push access. So if
291 # $pushurl is undef or the system Girocco is running on is not like FreeBSD
292 # (e.g. a master.passwd file that must be transformed into pwd.db and spwd.db), then
293 # this setting should normally be left false (i.e. 0). See comments in the
294 # provided ../bin/update-pwd-db script about when and how it's invoked.
295 our $update_pwd_db = 0;
297 # Port the sshd running in the jail should listen on
298 # Be sure to update $pushurl to match
299 # Not used if $pushurl is undef
300 our $sshd_jail_port = 22;
302 # If this is true then host names used in mirror source URLs will be checked
303 # and any that are not DNS names (i.e. IPv4 or IPv6) or match one of the DNS
304 # host names in any of the URL settings below will be rejected.
305 our $restrict_mirror_hosts = 1;
307 # If $restrict_mirror_hosts is enabled this is the minimum number of labels
308 # required in a valid dns name. Normally 2 is the correct value, but if
309 # Girocco is being used internally where a common default or search domain
310 # is set for everyone then this should be changed to 1 to allow a dns name
311 # with a single label in it. No matter what is set here at least 1 label
312 # is always required when $restrict_mirror_hosts is enabled.
313 our $min_dns_labels = 2;
315 # If defined, pass this value to format-readme as its `-m` option
316 # When format-readme is formatting an automatic readme, it will skip
317 # anything larger than this. The default is 32768 if unset.
318 # See `bin/format-readme -h` for details.
319 our $max_readme_size = 350000;
321 # Maximum size of any single email sent by mail.sh in K (1024-byte) units
322 # If message is larger it will be truncated with a "...e-mail trimmed" line
323 # RECOMMENDED VALUE: 256 - 5120 (.25M - 5M)
324 our $mailsh_sizelimit = 512;
328 ## ----------------------
329 ## Miscellaneous Settings
330 ## ----------------------
333 # When creating a push project the initial branch will, by default, be
334 # set to refs/heads/$initial_branch even on Git versions that do not have
335 # support for `git init --initial-branch=$initial_branch`.
336 # If this value is unset or invalid the default initial branch will always
337 # be "master". Note that this only applies to newly created "push" projects;
338 # mirror projects and "adopted" projects ignore this setting.
339 # Set the $empty_commit_message setting to make this setting truly take effect.
340 # RECOMMENDED VALUE: whatever-your-favored-initial-branch-name-is
341 #our $initial_branch = "supercalifragilisticexpialidocious";
342 #our $initial_branch = "frabjous";
343 our $initial_branch = undef;
345 # When creating a new push project, if this is DEFINED to any value (including
346 # the empty string), then an initial empty commit will be added to the newly
347 # created push project that has an empty tree and contains the $empty_commit_message
348 # as its commit message. By doing so, the initial branch will NOT be unborn and
349 # as a result, when cloning such a project the clone WILL respect the $initial_branch
350 # setting and set up its HEAD symbolic-ref to match. Since the initial commit will
351 # have an empty tree it should be no less convenient than cloning a project with an
352 # unborn initial branch. In fact, it should be more convenient as the expected
353 # $initial_branch will be checked out rather than whatever random initial branch the
354 # client might otherwise be inclined to set up for a newly initialized empty project.
355 # Defining this will also suppress the "You appear to have cloned an empty repository."
356 # message that would otherwise be generated by the Git client when cloning a newly
357 # created push project since the project will no longer technically be "empty".
358 # RECOMMENDED VALUE: defined if the $initial_branch setting should be respected
359 #our $empty_commit_message = "create project";
360 #our $empty_commit_message = "initial empty commit";
361 #our $empty_commit_message = "initial commit\n\ngit add ...\ngit commit\ngit push";
362 #our $empty_commit_message = "";
363 our $empty_commit_message = undef;
367 ## -------------------
368 ## Foreign VCS mirrors
369 ## -------------------
372 # Note that if any of these settings are changed from true to false, then
373 # any pre-existing mirrors using the now-disabled foreign VCS will stop
374 # updating, new mirrors using the now-disabled foreign VCS will be disallowed
375 # and attempts to update ANY project settings for a pre-existing project that
376 # uses a now-disabled foreign VCS source URL will also be disallowed.
378 # If $mirror is true and $mirror_svn is true then mirrors from svn source
379 # repositories will be allowed (and be converted to Git). These URLs have
380 # the form svn://... or svn+http://... or svn+https://...
381 # Since this functionality makes use of the "git svn" command and is maintained
382 # with Git, it tends to be kept up-to-date and highly usable.
383 # Note that for this to work the "svn" command line command must be available
384 # in PATH and the "git svn" commands must work (which generally requires both
385 # Perl and the subversion perl bindings be installed).
386 # RECOMMENDED VALUE: 1 (if the necessary prerequisites are installed)
387 our $mirror_svn = 1;
389 # Prior to Git v1.5.1, git-svn always used a log window size of 1000.
390 # Starting with Git v1.5.1, git-svn defaults to using a log window size of 100
391 # and provides a --log-window-size= option to change it. Starting with Git
392 # v2.2.0, git-svn disconnects and reconnects to the server every log window size
393 # interval to attempt to reduce memory use by git-svn. If $svn_log_window_size
394 # is undefined, Girocco will use a log window size of 250 (instead of the
395 # the default 100). If $svn_log_window_size is set, Girocco will use that
396 # value instead. Beware that setting it too low (i.e. < 50) will almost
397 # certainly cause performance issues if not failures. Unless there are concerns
398 # about git-svn memory use on a server with extremely limited memory, the
399 # value of 250 that Girocco uses by default should be fine. Obviously if
400 # $mirror or $mirror_svn is false this setting is irrelevant.
401 our $svn_log_window_size = undef;
403 # If $mirror is true and $mirror_darcs is true then mirrors from darcs source
404 # repositories will be allowed (and be converted to Git). These URLs have
405 # the form darcs+http://... darcs+https://... (and deprecated darcs://...)
406 # Note that for this to work the "darcs" command line command must be available
407 # in PATH and so must python (required to run the darcs-fast-export script).
408 # This support depends on items updated separately from Git and which may easily
409 # become out-of-date or incompatible (e.g. new python version).
410 # NOTE: If this is set to 0, the girocco-darcs-fast-export.git
411 # submodule need not be initialized or checked out.
412 # RECOMMENDED VALUE: 0 (unless you have a need to mirror darcs repos)
413 our $mirror_darcs = 0;
415 # If $mirror is true and $mirror_bzr is true then mirrors from bzr source
416 # repositories will be allowed (and be converted to Git). These URLs have
417 # the form bzr://...
418 # Note that for this to work the "bzr" command line command must be available
419 # in PATH (it's a python script so python is required as well).
420 # This support depends on items updated separately from Git and which may easily
421 # become out-of-date or incompatible (e.g. new python version).
422 # RECOMMENDED VALUE: 0 (unless you have a need to mirror bzr repos)
423 our $mirror_bzr = 0;
425 # If $mirror is true and $mirror_hg is true then mirrors from hg source
426 # repositories will be allowed (and be converted to Git). These URLs have
427 # the form hg+http://... or hg+https://...
428 # Note that for this to work the "hg" command line command must be available
429 # in PATH and so must python (required to run the hg-fast-export.py script).
430 # Note that if the PYTHON environment variable is set that will be used instead
431 # of just plain "python" to run the hg-fast-export.py script (which needs to
432 # be able to import from mercurial). Currently the hg-fast-export.py script
433 # used for this feature is likely incompatible with python 3 or later.
434 # Repositories created via this facility may need to be "reset" if the upstream
435 # hg repository moves the tip revision backwards and creates "unnamed heads".
436 # This support depends on items updated separately from Git and which may easily
437 # become out-of-date or incompatible (e.g. new python version).
438 # NOTE: If this is set to 0, the girocco-hg-fast-export.git
439 # submodule need not be initialized or checked out.
440 # RECOMMENDED VALUE: 0 (unless you have a need to mirror hg repos)
441 our $mirror_hg = 0;
445 ## -----
446 ## Paths
447 ## -----
450 # Path where the main chunk of Girocco files will be installed
451 # This will get COMPLETELY OVERWRITTEN by each make install!!!
452 # MUST be an absolute path
453 our $basedir = '/home/repo/repomgr';
455 # Path where the automatically generated non-user certificates will be stored
456 # (The per-user certificates are always stored in $chroot/etc/sshcerts/)
457 # This is preserved by each make install and MUST NOT be under $basedir!
458 # The secrets used to generate TimedTokens are also stored in here.
459 # MUST be an absolute path
460 our $certsdir = '/home/repo/certs';
462 # The repository collection
463 # "$reporoot/_recyclebin" will also be created for use by toolbox/trash-project.pl
464 # MUST be an absolute path
465 our $reporoot = "/srv/git";
467 # The repository collection's location within the chroot jail
468 # Normally $reporoot will be bind mounted onto $chroot/$jailreporoot
469 # Should NOT start with '/'
470 our $jailreporoot = "srv/git";
472 # The chroot for ssh pushing; location for project database and other run-time
473 # data even in non-chroot setups
474 # MUST be an absolute path
475 our $chroot = "/home/repo/j";
477 # An installation that will never run a chrooted sshd should set this
478 # to a true value (e.g. 1) to guarantee that jailsetup for a chrooted
479 # sshd never takes place no matter what user runs `make install`.
480 # Note that the "jailsetup.sh" script will still run to do the database
481 # setup that's stored in $chroot regardless of this setting, it will just
482 # always run in "dbonly" mode when this setting is true.
483 our $disable_jailsetup = 0;
485 # The gitweb files web directory (corresponds to $gitwebfiles)
486 # Note that it is safe to place this under $basedir since it's set up after
487 # $basedir is completely replaced during install time. Be WARNED, however,
488 # that normally the install process only adds/replaces things in $webroot,
489 # but if $webroot is under $basedir then it will be completely removed and
490 # rebuilt each time "make install" is run. This will make gitweb/git-browser
491 # web services very briefly unavailable while this is happening.
492 # MUST be an absolute path
493 our $webroot = "/home/repo/www";
495 # The CGI-enabled web directory (corresponds to $gitweburl and $webadmurl)
496 # This will not be web-accessible except that if any aliases point to
497 # a *.cgi file in here it will be allowed to run as a cgi-script.
498 # Note that it is safe to place this under $basedir since it's set up after
499 # $basedir is completely replaced during install time. Be WARNED, however,
500 # that normally the install process only adds/replaces things in $cgiroot,
501 # but if $cgiroot is under $basedir then it will be completely removed and
502 # rebuilt each time "make install" is run. This will make gitweb/git-browser
503 # web services very briefly unavailable while this is happening.
504 # MUST be an absolute path
505 our $cgiroot = "/home/repo/cgibin";
507 # A web-accessible symlink to $reporoot (corresponds to $httppullurl, can be undef)
508 # If using the sample apache.conf (with paths suitably updated) this is not required
509 # to serve either smart or non-smart HTTP repositories to the Git client
510 # MUST be an absolute path if not undef
511 our $webreporoot = "/home/repo/www/r";
513 # The location to store the project list cache, gitweb project list and gitweb
514 # cache file. Normally this should not be changed. Note that it must be in
515 # a directory that is writable by $mirror_user and $cgi_user (just in case the
516 # cache file is missing). The directory should have its group set to $owning_group.
517 # Again, this setting should not normally need to be changed.
518 # MUST be an absolute path
519 our $projlist_cache_dir = "$chroot/etc";
523 ## ----------------------------------------------------
524 ## Certificates (only used if $httpspushurl is defined)
525 ## ----------------------------------------------------
528 # path to root certificate (undef to use automatic root cert)
529 # this certificate is made available for easy download and should be whatever
530 # the root certificate is for the https certificate being used by the web server
531 our $rootcert = undef;
533 # The certificate to sign user push client authentication certificates with (undef for auto)
534 # The automatically generated certificate should always be fine
535 our $clientcert = undef;
537 # The private key for $clientcert (undef for auto)
538 # The automatically generated key should always be fine
539 our $clientkey = undef;
541 # The client certificate chain suffix (a pemseq file to append to user client certs) (undef for auto)
542 # The automatically generated chain should always be fine
543 # This suffix will also be appended to the $mobusercert before making it available for download
544 our $clientcertsuffix = undef;
546 # The mob user certificate signed by $clientcert (undef for auto)
547 # The automatically generated certificate should always be fine
548 # Not used unless $mob is set to 'mob'
549 # The $clientcertsuffix will be appended before making $mobusercert available for download
550 our $mobusercert = undef;
552 # The private key for $mobusercert (undef for auto)
553 # The automatically generated key should always be fine
554 # Not used unless $mob is set to 'mob'
555 our $mobuserkey = undef;
557 # Server alt names to embed in the auto-generated girocco_www_crt.pem certificate.
558 # The common name (CN) in the server certificate is the host name from $httpspushurl.
559 # By default no server alt names are embedded (not even the host from $httpspushurl).
560 # If the web server configuration is not using this auto-generated server certificate
561 # then the values set here will have no impact and this setting can be ignored.
562 # To embed server alternative names, list each (separated by spaces). The names
563 # may be DNS names, IPv4 addresses or IPv6 addresses (NO surrounding '[' ']' please).
564 # If ANY DNS names are included here be sure to also include the host name from
565 # the $httpspushurl or else standards-conforming clients will fail with a host name
566 # mismatch error when they attempt to verify the connection.
567 #our $wwwcertaltnames = 'example.com www.example.com git.example.com 127.0.0.1 ::1';
568 our $wwwcertaltnames = undef;
570 # The key length for automatically generated RSA private keys (in bits).
571 # These keys are then used to create the automatically generated certificates.
572 # If undef or set to a value less than 2048, then 2048 will be used.
573 # Set to 3072 to generate more secure keys/certificates. Set to 4096 (or higher) for
574 # even greater security. Be warned that setting to a non-multiple of 8 and/or greater
575 # than 4096 could negatively impact compatibility with some clients.
576 # The values 2048, 3072 and 4096 are expected to be compatible with all clients.
577 # Note that OpenSSL has no problem with > 4096 or non-multiple of 8 lengths.
578 # See also the $min_key_length setting above to restrict user key sizes.
579 # This value is also used when generating the ssh_host_rsa_key for the chroot jail sshd.
580 # RECOMMENDED VALUE: 3072
581 our $rsakeylength = undef;
585 ## -------------
586 ## URL addresses
587 ## -------------
590 # URL of the gitweb.cgi script (must be in pathinfo mode). If the sample
591 # apache.conf configuration is used, the trailing "/w" is optional.
592 our $gitweburl = "https://repo.or.cz";
594 # URL of the extra gitweb files (CSS, .js files, images, ...)
595 our $gitwebfiles = "https://repo.or.cz";
597 # URL of the Girocco CGI web admin interface (Girocco cgi/ subdirectory)
598 # e.g. reguser.cgi, edituser.cgi, regproj.cgi, editproj.cgi etc.
599 our $webadmurl = "https://repo.or.cz";
601 # URL of the Girocco CGI bundles information generator (Girocco cgi/bundles.cgi)
602 # If the sample apache.conf configuration is used, the trailing "/b" is optional.
603 # This is different from $httpbundleurl. This URL lists all available bundles
604 # for a project and returns that as an HTML page.
605 our $bundlesurl = "https://repo.or.cz";
607 # URL of the Girocco CGI html templater (Girocco cgi/html.cgi)
608 # If mod_rewrite is enabled and the sample apache.conf configuration is used,
609 # the trailing "/h" is optional when the template file name ends in ".html"
610 # (which all the provided ones do).
611 our $htmlurl = "https://repo.or.cz";
613 # HTTP URL of the repository collection (undef if N/A)
614 # If the sample apache.conf configuration is used, the trailing "/r" is optional.
615 our $httppullurl = "https://repo.or.cz";
617 # HTTP URL of the repository collection when fetching a bundle (undef if N/A)
618 # Normally this will be the same as $httppullurl, but note that the bundle
619 # fetching logic is located in git-http-backend-verify so whatever URL is
620 # given here MUST end up running the git-http-backend-verify script!
621 # For example, if we're fetching the 'clone.bundle' for the 'girocco.git'
622 # repository, the final URL will be "$httpbundleurl/girocco.git/clone.bundle"
623 # If the sample apache.conf configuration is used, the trailing "/r" is optional.
624 # This is different from $bundlesurl. This URL fetches a single Git-format
625 # .bundle file that is only usable with the 'git bundle' command.
626 our $httpbundleurl = "https://repo.or.cz";
628 # HTTPS push URL of the repository collection (undef if N/A)
629 # If this is defined, the openssl command must be available
630 # The sample apache.conf configuration requires mod_ssl, mod_authn_anon and
631 # mod_rewrite be enabled to support https push operations.
632 # Normally this should be set to $httppullurl with http: replaced with https:
633 # If the sample apache.conf configuration is used, the trailing "/r" is optional.
634 our $httpspushurl = "https://repo.or.cz";
636 # Git URL of the repository collection (undef if N/A)
637 # (You need to set up git-daemon on your system, and Girocco will not
638 # do this particular thing for you.)
639 our $gitpullurl = "git://repo.or.cz";
641 # Pushy SSH URL of the repository collection (undef if N/A)
642 # Note that the "/$jailreporoot" portion is optional and will be automatically
643 # added if appropriate when omitted by the client so this URL can typically
644 # be made the same as $gitpullurl with git: replaced with ssh:
645 our $pushurl = "ssh://repo.or.cz";
647 # URL of gitweb of this Girocco instance (set to undef if you're not nice
648 # to the community)
649 our $giroccourl = "$Girocco::Config::gitweburl/girocco.git";
653 ## -------------------
654 ## Web server controls
655 ## -------------------
658 # If true then non-smart HTTP access will be disabled
659 # There's normally no reason to leave non-smart HTTP access enabled
660 # since downloadable bundles are provided. However, in case the
661 # non-smart HTTP access is needed for some reason, this can be set to undef or 0.
662 # This affects access via http: AND https: and processing of apache.conf.in.
663 # Note that this setting does not affect gitweb, ssh: or git: URL access in any way.
664 # RECOMMENDED VALUE: 1
665 our $SmartHTTPOnly = 1;
667 # If true, the https <VirtualHost ...> section in apache.conf.in will be
668 # automatically enabled when it's converted to apache.conf by the conversion
669 # script. Do NOT enable this unless the required Apache modules are present
670 # and loaded (mod_ssl, mod_rewrite, mod_authn_anon) AND $httpspushurl is
671 # defined above otherwise the server will fail to start (with various errors)
672 # when the resulting apache.conf is used.
673 our $TLSHost = 1;
675 # If true, the information about configuring a Git client to trust
676 # a Girocco-generated TLS root will be suppressed presuming that some other
677 # means (such as LetsEncrypt.org) has been used to generate a TLS web
678 # certificate signed by a pre-trusted root. This does NOT affect the
679 # information on how to configure https push certificates as those are still
680 # required in order to push over https regardless of what web server certificate
681 # may be in use.
682 # RECOMMENDED VALUE: 0 (for girocco-generated root & server certificates)
683 # RECOMMENDED VALUE: 1 (for LetsEncrypt etc. generated server certificates)
684 our $pretrustedroot = 1;
688 ## ------------------------
689 ## Lighttpd server controls
690 ## ------------------------
693 # Of course, the lighttp.conf.in file can be edited directly, but these
694 # settings allow it to contain conditional sections that show how the
695 # various configurations can be achieved.
697 # If lighttpd will not be used, these settings can be ignored.
699 # N.B. The lighttpd.conf.in file MUST be edited if lighttpd should listen
700 # on ports other than 80 (http) and 443 (https)
702 # If true, the lighttpd.conf.in file will be processed into a lighttpd.conf
703 # file that tries very hard to be a complete, standalone configuration file for
704 # a lighttpd server. In other words, it will set things in the lighttpd global
705 # configuration that would not be needed (or safe) if it were being included
706 # to provide only a "virtual host" configuration.
707 # RECOMMENDED VALUE: 0 (for use as an included "virtual host" configuration)
708 # RECOMMENDED VALUE: 1 (for use as a standalone configuration file)
709 our $lighttpd_standalone = 0;
711 # Only applicable if $lighttpd_standlone has been set to a true value,
712 # otherwise this setting has no effect.
713 # If true, the parts of the standalone lighttpd configuration that would
714 # require privileges (e.g. log file, pid file, etc.) will be redirected to
715 # "unprivileged" locations and neither the username nor groupname settings
716 # will be set. Otherwise "standard" locations and so forth will be used
717 # (such as /var/run, /var/log etc.). Note that this will NOT change the
718 # ports lighttpd attempts to listen on -- edit lighttpd.conf.in to do that
719 # and note that the port numbers will likely need to be changed in order to
720 # run in unprivileged mode (e.g. to 8080 and 8443).
721 # RECOMMENDED_VALUE: 0 (if running privileged as $lighttpd_standalone)
722 # RECOMMENDED_VALUE: 1 (if running unprivileged as $lighttpd_standalone)
723 our $lighttpd_unprivileged = 0;
725 # If true, listen only to the loopback interface (i.e. 127.0.0.1/::1)
726 # Otherwise allow incoming connections from anywhere
727 # RECOMMENDED_VALUE: 0 (for an externally accessible girocco web interface)
728 # RECOMMENDED_VALUE: 1 (for a localhost-accessible-only girocco web interface)
729 our $lighttpd_loopback_only = 0;
731 # This will be ignored unless $lighttpd_standalone is a false value
732 # See the copious comments in lighttpd.conf.in (search for TLSHost)
733 # RECOMMENDED_VALUE: 0 (if !$lighttpd_standalone but no other TLS hosts)
734 # RECOMMENDED_VALUE: 1 (if !$lighttpd_standalone and other TLS hosts are present)
735 our $lighttpd_tls_virtualhost = 1;
739 ## ------------------------
740 ## Some templating settings
741 ## ------------------------
744 # Legal warning (on reguser and regproj pages)
745 our $legalese = <<EOT;
746 <p>By submitting this form, you are confirming that you will mirror or push
747 only free software and redistributing it will not violate any law
748 of Czech Republic.
749 <sup class="sup"><span><a href="/about.html">(more details)</a></span></sup>
750 </p>
753 # Pre-configured mirror sources (set to undef for none)
754 # Arrayref of name - record pairs, the record has these attributes:
755 # label: The label of this source
756 # url: The template URL; %1, %2, ... will be substituted for inputs
757 # desc: Optional VERY short description
758 # link: Optional URL to make the desc point at
759 # inputs: Arrayref of hashref input records:
760 # label: Label of input record
761 # suffix: Optional suffix
762 # If the inputs arrayref is undef, single URL input is shown,
763 # pre-filled with url (probably empty string).
764 our $mirror_sources = [
766 label => 'Anywhere',
767 url => '',
768 desc => 'Any HTTP/Git/rsync pull URL - bring it on!',
769 inputs => undef
772 label => 'GitHub',
773 url => 'https://github.com/%1/%2.git',
774 desc => 'GitHub Social Code Hosting',
775 link => 'https://github.com/',
776 inputs => [ { label => 'User:' }, { label => 'Project:', suffix => '.git' } ]
779 label => 'GitLab',
780 url => 'https://gitlab.com/%1/%2.git',
781 desc => 'Engulfed the Green and Orange Boxes',
782 link => 'https://gitlab.com/',
783 inputs => [ { label => 'User:' }, { label => 'Project:', suffix => '.git' } ]
786 label => 'Bitbucket',
787 url => 'https://bitbucket.org/%1/%2.git',
788 desc => 'Embraced the best DVCS',
789 link => 'https://bitbucket.org/',
790 inputs => [ { label => 'User:' }, { label => 'Project:', suffix => '.git' } ]
794 # You can customize the gitweb interface widely by editing
795 # gitweb/gitweb_config.perl
799 ## -------------------
800 ## Permission settings
801 ## -------------------
804 # Girocco needs some way to manipulate write permissions to various parts of
805 # all repositories; this concerns three entities:
806 # - www-data: the web interface needs to be able to rewrite few files within
807 # the repository
808 # - repo: a user designated for cronjobs; handles mirroring and repacking;
809 # this one is optional if not $mirror
810 # - others: the designated users that are supposed to be able to push; they
811 # may have account either within chroot, or outside of it
813 # There are several ways how to use Girocco based on a combination of the
814 # following settings.
816 # (Non-chroot) UNIX user the CGI scripts run on; note that if some non-related
817 # untrusted CGI scripts run on this account too, that can be a big security
818 # problem and you'll probably need to set up suexec (poor you).
819 # This must always be set.
820 our $cgi_user = 'www-data';
822 # (Non-chroot) UNIX user performing mirroring jobs; this is the user who
823 # should run all the daemons and cronjobs and
824 # the user who should be running make install (if not root).
825 # This must always be set.
826 our $mirror_user = 'repo';
828 # (Non-chroot) UNIX group owning the repositories by default; it owns whole
829 # mirror repositories and at least web-writable metadata of push repositories.
830 # If you undefine this, all the data will become WORLD-WRITABLE.
831 # Both $cgi_user and $mirror_user should be members of this group!
832 our $owning_group = 'repo';
834 # Whether to use chroot jail for pushing; this must be always the same
835 # as $manage_users.
836 # TODO: Gitosis support for $manage_users and not $chrooted?
837 our $chrooted = $manage_users;
839 # How to control permissions of push-writable data in push repositories:
840 # * 'Group' for the traditional model: The $chroot/etc/group project database
841 # file is used as the UNIX group(5) file; the directories have gid appropriate
842 # for the particular repository and are group-writable. This works only if
843 # $chrooted so that users are put in the proper groups on login when using
844 # SSH push. Smart HTTPS push does not require a chroot to work -- simply
845 # run "make install" as the non-root $mirror_user user, but leave
846 # $manage_users and $chrooted enabled.
847 # * 'ACL' for a model based on POSIX ACL: The directories are coupled with ACLs
848 # listing the users with push permissions. This works for both chroot and
849 # non-chroot setups, however it requires ACL support within the filesystem.
850 # This option is BASICALLY UNTESTED, too. And UNIMPLEMENTED. :-)
851 # * 'Hooks' for a relaxed model: The directories are world-writable and push
852 # permission control is purely hook-driven. This is INSECURE and works only
853 # when you trust all your users; on the other hand, the attack vectors are
854 # mostly just DoS or fully-traceable tinkering.
855 our $permission_control = 'Group';
857 # Path to alternate screen multiuser acl file (see screen/README, undef for none)
858 our $screen_acl_file = undef;
860 # Reserved project name and user name suffixes.
862 # Note that with personal mob branches enabled, a user name can end up being a
863 # file name after having a 'mob.' prefix added or a directory name after having
864 # a 'mob_' prefix added. If there is ANY possibility that a file with a
865 # .suffix name may need to be served by the web server, lc(suffix) SHOULD be in
866 # this hash! Pre-existing project names or user names with a suffix in this
867 # table can continue to be used, but no new projects or users can be created
868 # that have a suffix (case-insensitive) listed here.
869 our %reserved_suffixes = (
870 # Entries must be lowercase WITHOUT a leading '.'
871 bmp => 1,
872 bz2 => 1,
873 cer => 1,
874 cgi => 1,
875 crt => 1,
876 css => 1,
877 dmg => 1,
878 fcgi => 1,
879 gif => 1,
880 gz => 1,
881 htm => 1,
882 html => 1,
883 ico => 1,
884 jp2 => 1,
885 jpeg => 1,
886 jpg => 1,
887 jpg2 => 1,
888 js => 1,
889 mp3 => 1,
890 mp4 => 1,
891 pdf => 1,
892 pem => 1,
893 php => 1,
894 png => 1,
895 sig => 1,
896 shtml => 1,
897 svg => 1,
898 svgz => 1,
899 tar => 1,
900 text => 1,
901 tgz => 1,
902 tif => 1,
903 tiff => 1,
904 txt => 1,
905 xbm => 1,
906 xht => 1,
907 xhtml => 1,
908 xz => 1,
909 zip => 1,
914 ## -------------------
915 ## Size limit settings
916 ## -------------------
919 # If this is set to a non-zero value, whenever a receive-pack, mirror fetch
920 # or clone runs, git will be run with a UL_SETFSIZE value set to this value.
922 # The limit is not active while performing garbage collection or other
923 # maintenance tasks.
925 # If git attempts to create a file larger than this limit, it will receive a
926 # SIGXFSZ signal which will cause git to terminate.
928 # Note that if the actual value of UL_GETFSIZE at runtime is already less than
929 # the value set here, then that value will be silently used instead.
931 # The value represents the maximum file size allowed in units of 512-byte blocks
932 # and must be <= 2147483647 (which represents a size of 1 TiB less 512 bytes).
934 our $max_file_size512 = 8388608; # 4 GiB
936 # If this is set to a non-zero value, after an otherwise successful clone,
937 # if the repository contains more than this many objects, the clone will
938 # be considered to fail.
940 # This setting only takes effect after an otherwise successful clone which
941 # means that if $max_file_size512 is non-zero that the resulting clone did
942 # not exceed the file size limit if it fails this check.
944 our $max_clone_objects = 9999999;
948 ## -------------------------
949 ## sendmail.pl configuration
950 ## -------------------------
953 # Full information on available sendmail.pl settings can be found by running
954 # ../bin/sendmail.pl -v -h
956 # These settings will only be used if $sendmail_bin is set to 'sendmail.pl'
958 # sendmail.pl host name
959 #$ENV{'SENDMAIL_PL_HOST'} = 'localhost'; # localhost is the default
961 # sendmail.pl port name
962 #$ENV{'SENDMAIL_PL_PORT'} = '25'; # port 25 is the default
964 # sendmail.pl nc executable
965 #$ENV{'SENDMAIL_PL_NCBIN'} = "$chroot/bin/nc.openbsd"; # default is nc found in $PATH
967 # sendmail.pl nc options
968 # multiple options may be included, e.g. '-4 -X connect -x 192.168.100.10:8080'
969 #$ENV{'SENDMAIL_PL_NCOPT'} = '-4'; # force IPv4, default is to allow IPv4 & IPv6
973 ## -------------------------
974 ## Obscure Tuneable Features
975 ## -------------------------
978 # Throttle classes configured here override the defaults for them that
979 # are located in taskd/taskd.pl. See comments in that file for more info.
980 our @throttle_classes = ();
982 # Any tag names listed here will be allowed even if they would otherwise not be.
983 # Note that @allowed_tags takes precedence over @blocked_tags.
984 our @allowed_tags = (qw( ));
986 # Any tag names listed here will be disallowed in addition to the standard
987 # list of nonsense words etc. that are blocked as tags.
988 our @blocked_tags = (qw( ));
990 # Case folding tags
991 # If this setting is true, then tags that differ only in case will always use
992 # the same-cased version. If this setting is enabled and the tag is present in
993 # @allowed_tags (or the embedded white list in Util.pm) then the case of the
994 # tag will match the white list entry otherwise it will be all lowercased.
995 # If this setting is disabled (false) tags are used with their case left as-is.
996 # RECOMMENDED VALUE: 1 (true)
997 our $foldtags = 1;
999 # If there are no more than this many objects, then all deltas will be
1000 # recomputed when gc takes place. Note that this does not affect any
1001 # fast-import created packs as they ALWAYS have their deltas recomputed.
1002 # Also when combining small packs, if the total object count in the packs
1003 # to be combined is no more than this then the new, combined pack will have
1004 # its deltas recomputed during the combine operation.
1005 # Leave undef to use the default (which should generally be fine).
1006 # Lowering this from the default can increase disk use.
1007 # Values less than 1000 * number of CPU cores will be silently ignored.
1008 # The "girocco.redelta" config item can be used to modify this behavior on
1009 # a per-repository basis. See the description of it in gc.sh.
1010 our $new_delta_threshold = undef;
1012 # This setting is irrelevant unless foreign vcs mirrors that use git fast-import
1013 # are enabled (e.g. $mirror_darcs, $mirror_bzr or $mirror_hg -- $mirror_svn does
1014 # NOT use git fast-import and is not affected by this setting).
1015 # The packs generated by git fast-import are very poor quality. For this reason
1016 # they ALWAYS have their deltas recomputed at some point. Normally this is
1017 # delayed until the next full (or mini) gc takes place. For this reason a full
1018 # gc is always scheduled immediately after a fresh mirror clone completes.
1019 # However, in the case of normal mirror updates, several git fast-import created
1020 # packs may exist as a result of changes fetched during the normal mirror update
1021 # process. These packs will persist (with their git fast-import poor quality)
1022 # until the next full (or mini) gc triggers. The bad deltas in these update
1023 # packs could be sent down to clients who fetch updates before the next gc
1024 # triggers. To reduce (i.e. practically eliminate) the likelihood of this
1025 # occurring, this setting can be changed to a false (0 or undef) value in which
1026 # case after each mirror update of a git fast-import mirror, any newly created
1027 # git fast-import packs (as a result of the mirror update running) will have
1028 # their deltas recomputed shortly thereafter instead of waiting for the next gc.
1029 # Recomputing deltas immediately (almost immediately) will result in an extra
1030 # redeltification step (with associated CPU cost) that would otherwise not
1031 # occur and, in some cases (mainly large repositories), could ultimately result
1032 # in slightly less efficient deltas being retained.
1033 # RECOMMENDED VALUE: 1
1034 our $delay_gfi_redelta = 1;
1036 # If this is set to a true value, then core.packedGitWindowSize will be set
1037 # to 1 MiB (the same as if Git was compiled with NO_MMAP set). If this is NOT
1038 # set, core.packedGitWindowSize will be set to 32 MiB (even on 64-bit) to avoid
1039 # memory blowout. If your Git was built with NO_MMAP set and will not work
1040 # without NO_MMAP set, you MUST set this to a true value!
1041 our $git_no_mmap = undef;
1043 # If set to a true value, the "X-Girocco: $gitweburl" header included in all
1044 # Girocco-generated emails will be suppressed.
1045 our $suppress_x_girocco = undef;
1047 # Number of days to keep reflogs around
1048 # May be set to a value between 1 and 30 (inclusive)
1049 # The default of one day should normally suffice unless there's a need to
1050 # support a "Where's the undo? WHERE IS THE UNDO?!!!" option ;)
1051 our $reflogs_lifetime = 7;
1053 # The pack.window size to use with git upload-pack
1054 # When Git is creating a pack to send down to a client, if it needs to send
1055 # down objects that are deltas against objects it is not sending and that it
1056 # does not know the client already has, it must undelta and recompute deltas
1057 # for those objects. This is the remote's "Compressing objects" phase the
1058 # client sees during a fetch or clone. If this value is unset, the normal
1059 # Git default of 10 will be used for the window size during these operations.
1060 # This value may be set to a number between 2 and 50 inclusive to change the
1061 # window size during upload pack operations. A window size of 2 provides the
1062 # fastest response at the expense of less efficient deltas for the objects
1063 # being recompressed (meaning more data to send to the client). A window
1064 # size of 5 typically reduces the compression time by almost half and is
1065 # usually nearly as fast as a window size of 2 while providing better deltas.
1066 # A window size of 50 will increase the time spent in the "Compressing objects"
1067 # phase by as much as 5 times but will produce deltas similar to those that
1068 # Girocco generates when it performs garbage collection.
1069 # RECOMMENDED VALUE: undef or 5
1070 our $upload_pack_window = 5;
1072 # If this is true then remote fetching of refs/stash and refs/tgstash will
1073 # be allowed. Git does not allow single-level ref names to be pushed so the
1074 # only way they could get in there is if a linked working tree (or, gasp, a
1075 # non-bare Girocco repository) created them or they arrived via a non-clean
1076 # mirror fetch. The client almost certainly does not want to see them.
1077 # Unless this config item is true they will also be left out of the bundle too.
1078 # Since both stash and tgstash are used with their ref logs and there's no way
1079 # for a remote to fetch ref logs, the "log --walk-reflogs" feature could not be
1080 # used with them by a remote that fetched them anyway.
1082 # NOTE: The reason this doesn't just control all single-level refs is that the
1083 # "hideRefs" configuration mechanism isn't flexible enough to hide all
1084 # single-level refs without knowing their names. In addition, it hides the
1085 # entire refs hierarchy so refs/stash/foo will also be hidden along with
1086 # refs/stash, but Git doesn't actually support ref names that introduce a
1087 # directory/file confict (aka D/F conflict) and "refs/stash" represents an
1088 # official Git ref name therefore any refs/stash/... names really aren't
1089 # allowed in the first place so it's no problem if they're incidentally hidden
1090 # along with refs/stash itself.
1092 # NOTE: Git 1.8.2 or later is required to actually hide the refs from fetchers
1093 # over the "git:" protocol and Git 2.3.5 or later is required to properly hide
1094 # them over the smart "http:" protocol (Girocco will not attempt to "hide" them
1095 # on a smart HTTP fetch if Git is < 2.3.5 to avoid Git bugs.) They will never
1096 # be hidden via the non-smart HTTP fetch or any other non-smart protocols that
1097 # also make use of the $gitdir/info/refs file as they are not excluded from it.
1098 # Nor will they be hidden when accessed via any non-Girocco mechanism.
1099 # They will, however, always be excluded from the primary (aka .bitmap) pack
1100 # and bundle no matter what version of Git is used unless this is set to a
1101 # true value. It's only the server's Git version that matters when hiding refs.
1103 # RECOMMENDED VALUE: undef or 0
1104 our $fetch_stash_refs = undef;
1106 # When set to a true value, Girocco will attempt to pick up ref changes made
1107 # outside of Girocco itself and process them using the usual Girocco
1108 # notification mechanism. Git lacks any "post-ref-change" hook capability that
1109 # could facilitate this prior to the introduction of the reference-transation
1110 # hook in Git v2.28.0. This feature is primarily intended to detect running
1111 # of "git fetch" in linked working trees of a Girocco repository. In many
1112 # cases after running a command Git runs "git gc --auto". With the correct
1113 # encouragement we can always induce Git to run our pre-auto-gc hook at that
1114 # time. "git fetch" invokes "git gc --auto" after the fetch. Girocco needs
1115 # to do additional maintenance to make this work properly so do not enable this
1116 # unless it's really needed. Additionally, there are a number of commands
1117 # (such as "git commit") that do not invoke "git gc --auto". Even with this
1118 # enabled, additional hooks for post-rewrite and post-checkout
1119 # would really be needed to catch more things and even then there are some
1120 # Git commands that would never be caught ("git filter-branch",
1121 # "git update-ref", "git reset", etc.) so this is hardly a complete solution.
1122 # But it WILL catch "git fetch" changes although the hashes it uses for the
1123 # "old" ref values may not be all that recent, the new ref values will be.
1124 # When this is false, the hack is completely disabled.
1125 # When this is true, the hack is enabled by default for all repositories,
1126 # but can be controlled on an individual repository basis by setting the
1127 # girocco.autogchack value explicitly to true (enable) or false (disable).
1128 # If this is set to the special value "mirror" then it will behave as true
1129 # for mirrors and false for non-mirrors thereby completely eliminating any
1130 # overhead for push projects but detecting external "git fetch"s for mirrors.
1131 # If this is enabled for a project, any third party script/tool can trigger
1132 # the Girocco ref notification mechanism simply by making a ref change and
1133 # then running "git gc --auto --quiet" on the project. In a capitulation to
1134 # use of linked working trees, Girocco installs a post-commit hook that will
1135 # trigger these notifications as well when this is enabled.
1136 our $autogchack = 0;
1138 # When set to a true value the initial setting for core.hooksPath will point
1139 # to the repository's own hooks directory instead of $reporoot/_global/hooks.
1140 # Due to the unfortunate implementation of core.hooksPath, Girocco must always
1141 # ensure the value gets set in each repository's config file. Normally it
1142 # just sets it to $reporoot/_global/hooks and that's that. However, the
1143 # update-all-config script will also tolerate it pointing at the repository's
1144 # own hooks directory -- Girocco maintains symbolic links in there to the
1145 # global hooks to make sure they get run when using older versions of Git;
1146 # therefore that setting is basically equivalent. The difference is that
1147 # repository-specific hooks can be added when hooksPath is pointing at the
1148 # repository's hooks directory but not when it's pointing at _global/hooks.
1149 # A repository's setting can be changed manually (and it will stick), but
1150 # sometimes it may be desirable to always just default to pointing at the
1151 # repository's own hooks directory from the start. Perhaps linked working
1152 # trees will be in use and software that needs to set repository-specific hooks
1153 # will be in use. If $autogchack has been set to true this may very likely be
1154 # the case.
1155 our $localhooks = 0;
1157 # If this is set to a true value changes to single-level refs (e.g. refs/stash)
1158 # will be passed through to the notification machinery.
1159 # Usually this is NOT wanted, especially when linked working trees are being
1160 # used with the repository.
1161 # However, in the unlikely event that changes to such ref names should NOT be
1162 # ignored, this value may be set to any true value.
1163 # RECOMMENDED VALUE: 0
1164 our $notify_single_level = 0;
1166 # If this is set to a non-empty value it will become the default value for
1167 # all repositories' girocco.notifyHook value.
1168 # Whenever taskd.pl receives a batch of ref changes for processing, it first
1169 # sends them off to any configured "girocco.notifyHook" (same semantics as
1170 # a post-receive hook except it also gets four command-line arguments like
1171 # so: cat ref-changes | notifyhook $projname $user $linecount $contextlinecount
1172 # There is no default notify hook, but each repository may set its own by
1173 # setting the `girocco.notifyHook` config value which will be eval'd by the
1174 # shell (like $GIT_EDITOR is) with the current directory set to the
1175 # repository's git-dir and the changes on standard input.
1176 # Note that normal notification processing does not take place until after
1177 # this command (if it's not null) gets run (regardless of its result code).
1178 our $default_notifyhook = undef;
1180 # UNIX group owning the repositories' htmlcache subdirectory
1181 # If not defined defaults to $owning_group
1182 # If gitweb access is provided but only on a read-only basis, then setting
1183 # this to a group to which Both $cgi_user and $mirror_user belong will still
1184 # allow summary page caching.
1185 # $mirror_user should always belong to this group
1186 our $htmlcache_owning_group = undef;
1188 # UNIX group owning the repositories' ctags subdirectory
1189 # If not defined defaults to $owning_group
1190 # If gitweb access is provided but only on a read-only basis, then setting
1191 # this to a group to which Both $cgi_user and $mirror_user belong will still
1192 # allow tags to be added to the repository in gitweb (provided that feature
1193 # is enabled in gitweb/gitweb_config.perl).
1194 # $mirror_user should always belong to this group
1195 our $ctags_owning_group = undef;
1197 # When using pack bitmaps and computing data to send to clients over a fetch,
1198 # having pack.writeBitmapHashCache set to true produces better deltas (thereby
1199 # potentially reducing the amount of data that needs to be sent). However, old
1200 # JGit does not understand this extra data, so if JGit needs to use the bitmaps
1201 # generated when Girocco runs Git, this setting needs to be set to a true value
1202 # so that the hash cache is excluded when Git generates the bitmaps thereby
1203 # making them compatible with JGit prior to JGit v3.5.0 released in late 2014.
1204 # Note that changes to this setting will not take effect until the next time
1205 # gc is scheduled to run on a project and then only if gc actually takes place.
1206 # Use the $basedir/toolbox/make-all-gc-eligible.sh script to force all projects
1207 # to actually do a gc the next time they are scheduled for one.
1208 # (Note that Git version 2.22.0, released 2019-06-07, enabled the HashCache by
1209 # default since it post dates the JGit v3.5.0 release by approximately 5 years
1210 # [that corresponds to a setting of undef or 0 here].)
1211 # RECOMMENDED VALUE: undef or 0
1212 our $jgit_compatible_bitmaps = 0;
1214 # Set the default value of receive.maxInputSize
1215 # This is only effective for receives (aka an incoming push) and causes the
1216 # push to abort if the incoming pack (which is generally thin and does not
1217 # have any index) exceeds this many bytes in size (a 'k', 'm' or 'g' suffix
1218 # may be used on the value). If undef or set to 0 there is no limit. This
1219 # limit is only effective when Girocco is running Git v2.11.0 or later.
1220 our $max_receive_size = undef;
1222 # Suppress git: and ssh: log messages
1223 # Access via http: and/or https: provides logging of the project being
1224 # cloned/fetched/pushed to. There is normally no such logging for access
1225 # via ssh: and/or git: protocols. However, Girocco intercepts those
1226 # accesses to perform sanity and permision checks and also logs the request
1227 # to the system log at that time. By setting this value to any true
1228 # value, that logging of git: and ssh: git activity will be suppressed.
1229 # RECOMMENDED VALUE: 0
1230 our $suppress_git_ssh_logging = 0;
1232 # Select the sshd to be installed into the chroot
1233 # If set this MUST be an absolute path
1234 # Ignored unless a chroot is actually being created
1235 # Leaving this undef will find sshd in "standard" system locations and
1236 # is the recommended value. Only set this if you need to override the
1237 # "standard" sshd for some reason.
1238 # RECOMMENDED VALUE: undef
1239 our $sshd_bin = undef;
1241 # Allow any git-daemon host
1242 # If set to a true value, then the extra "host=" parameter received
1243 # by git-daemon (if present) will be ignored. If the $gitpullurl value
1244 # is undefined or does not start with "git://<hostname>" then any host
1245 # will be allowed by default.
1246 # RECOMMENDED VALUE: undef
1247 our $git_daemon_any_host = undef;
1249 # Restrict git-daemon host names
1250 # If $git_daemon_any_host is any false value (or undef) AND this
1251 # value is set to a space-separated list of host names WITHOUT any
1252 # port numbers, then the "host=" parameter MUST be provided by
1253 # a git daemon client AND it must match one of the names in this
1254 # all-lowercase, space-separated list. Note that IPv6 literal
1255 # addresses MUST NOT be enclosed in brackets. If this value is
1256 # empty or undef it will default to the hostname extracted from
1257 # $gitpullurl if that is set plus several variants of localhost.
1258 # Note, do NOT terminate DNS names with a final "." or they will
1259 # never match!
1260 # EXAMPLE:
1261 # our $git_daemon_host_list = "foo.example.com localhost ::1 127.0.0.1";
1262 our $git_daemon_host_list = undef;
1264 # Shared repository setting
1265 # This is the value to set the core.sharedRepository value to in
1266 # each repository. If this is changed, running update-all-config
1267 # will update each project to the new value.
1268 # By default (if this is left undef) it will be set to 'all' (which
1269 # corresponds to a core.sharedRepository value of '2').
1270 # This makes it so repositories are group-writable and world readable.
1271 # If set to the more restrictive 'group' (which corresponds to a
1272 # core.sharedRepository value of '1'), repositories will still typically
1273 # be world readable as umask 002 is used in most places. However, if
1274 # worktrees are in use and the user has a umask that excludes other
1275 # read permissions, repositories might become only partially world
1276 # readable. This only matters when they are being served by a user
1277 # (such as git-daemon running as 'nobody') that does not have group
1278 # or owner read permission to the repository.
1279 # See the `git help init` output for the possible values of the
1280 # `--shared` option for allowed settings of this value.
1281 # Note that if an explicit octal value is used, any execute bits will
1282 # be removed and u+rw will always be added and there are no promises
1283 # that files will not end up group readable/writable anyway.
1284 # RECOMMENDED VALUE: undef
1285 our $git_shared_repository_setting = undef;
1288 ## ------------------------
1289 ## Sanity checks & defaults
1290 ## ------------------------
1293 # A separate, non-installed module handles the checks and defaults
1294 require Girocco::Validator;