cf0e568c89
If you have many thousands of repos and users, neatly organised into
groups, etc., the normal gitolite fails. (It actually runs out of
memory very fast while doing the "compile" when you push the config, due
to the number of combinations of repo/user being stored in the hash!)
This commit series will stop doing that if you set $GL_BIG_CONFIG = 1 in
the rc file.
Some notes:
- deny rules will still work but somewhat differently -- now they must
be placed all together in one place to work like before. Ask me for
details if you need to know before I get done with the docs
- I've tested most of the important features, but not every single
nuance
- the update hook may be a tad less efficient now; we can try and
tweak it later if needed but it shouldn't really hurt anything
significantly even now
- docs have not been written yet
231 lines
8.2 KiB
Plaintext
231 lines
8.2 KiB
Plaintext
# paths and configuration variables for gitolite
|
|
$GL_BIG_CONFIG = 1;
|
|
|
|
# please read comments before editing
|
|
|
|
# this file is meant to be pulled into a perl program using "do" or "require".
|
|
|
|
# You do NOT need to know perl to edit the paths; it should be fairly
|
|
# self-explanatory and easy to maintain perl syntax :-)
|
|
|
|
# --------------------------------------
|
|
# Do not uncomment these values unless you know what you're doing
|
|
# $GL_PACKAGE_CONF = "";
|
|
# $GL_PACKAGE_HOOKS = "";
|
|
|
|
# --------------------------------------
|
|
|
|
# --------------------------------------
|
|
|
|
# this is where the repos go. If you provide a relative path (not starting
|
|
# with "/"), it's relative to your $HOME. You may want to put in something
|
|
# like "/bigdisk" or whatever if your $HOME is too small for the repos, for
|
|
# example
|
|
|
|
$REPO_BASE="repositories";
|
|
|
|
# the default umask for repositories is 0077; change this if you run stuff
|
|
# like gitweb and find it can't read the repos. Please note the syntax; the
|
|
# leading 0 is required
|
|
|
|
$REPO_UMASK = 0077; # gets you 'rwx------'
|
|
# $REPO_UMASK = 0027; # gets you 'rwxr-x---'
|
|
# $REPO_UMASK = 0022; # gets you 'rwxr-xr-x'
|
|
|
|
# part of the setup of gitweb is a variable called $projects_list (please see
|
|
# gitweb documentation for more on this). Set this to the same value:
|
|
|
|
$PROJECTS_LIST = $ENV{HOME} . "/projects.list";
|
|
|
|
# --------------------------------------
|
|
|
|
# I see no reason anyone may want to change the gitolite admin directory, but
|
|
# feel free to do so. However, please note that it *must* be an *absolute*
|
|
# path (i.e., starting with a "/" character)
|
|
|
|
# gitolite admin directory, files, etc
|
|
|
|
$GL_ADMINDIR=$ENV{HOME} . "/.gitolite";
|
|
|
|
# --------------------------------------
|
|
|
|
# templates for location of the log files and format of their names
|
|
|
|
# I prefer this template (note the %y and %m placeholders)
|
|
# it produces files like `~/.gitolite/logs/gitolite-2009-09.log`
|
|
|
|
$GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y-%m.log";
|
|
|
|
# other choices are below, or you can make your own -- but PLEASE MAKE SURE
|
|
# the directory exists and is writable; gitolite won't do that for you (unless
|
|
# it is the default, which is "$GL_ADMINDIR/logs")
|
|
|
|
# $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y-%m-%d.log";
|
|
# $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y.log";
|
|
|
|
# --------------------------------------
|
|
|
|
# Please DO NOT change these three paths
|
|
|
|
$GL_CONF="$GL_ADMINDIR/conf/gitolite.conf";
|
|
$GL_KEYDIR="$GL_ADMINDIR/keydir";
|
|
$GL_CONF_COMPILED="$GL_ADMINDIR/conf/gitolite.conf-compiled.pm";
|
|
|
|
# --------------------------------------
|
|
|
|
# if git on your server is on a standard path (that is
|
|
# ssh git@server git --version
|
|
# works), leave this setting as is. Otherwise, choose one of the
|
|
# alternatives, or write your own
|
|
|
|
$GIT_PATH="";
|
|
# $GIT_PATH="/opt/bin/";
|
|
|
|
# --------------------------------------
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
# SECURITY SENSITIVE SETTINGS
|
|
#
|
|
# Settings below this point may have security implications. That
|
|
# usually means that I have not thought hard enough about all the
|
|
# possible ways to crack security if these settings are enabled.
|
|
|
|
# Please see details on each setting for specifics, if any.
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
# --------------------------------------
|
|
# ALLOW REPO ADMIN TO SET GITCONFIG KEYS
|
|
#
|
|
# Gitolite allows you to set git repo options using the "config" keyword; see
|
|
# conf/example.conf for details and syntax.
|
|
#
|
|
# However, if you are in an installation where the repo admin does not (and
|
|
# should not) have shell access to the server, then allowing him to set
|
|
# arbitrary repo config options *may* be a security risk -- some config
|
|
# settings may allow executing arbitrary commands.
|
|
#
|
|
# You have 3 choices. By default $GL_GITCONFIG_KEYS is left empty, which
|
|
# completely disables this feature (meaning you cannot set git configs from
|
|
# the repo config).
|
|
|
|
$GL_GITCONFIG_KEYS = "";
|
|
|
|
#
|
|
# The second choice is to give it a space separated list of settings you
|
|
# consider safe. (These are actually treated as a set of regular expression
|
|
# patterns, and any one of them must match). For example:
|
|
# $GL_GITCONFIG_KEYS = "core\.logAllRefUpdates core\..*compression";
|
|
# allows repo admins to set one of those 3 config keys (yes, that second
|
|
# pattern matches two settings from "man git-config", if you look)
|
|
#
|
|
# The third choice (which you may have guessed already if you're familiar with
|
|
# regular expressions) is to allow anything and everything:
|
|
# $GL_GITCONFIG_KEYS = ".*";
|
|
|
|
# --------------------------------------
|
|
# EXTERNAL COMMAND HELPER -- HTPASSWD
|
|
|
|
# security note: runs an external command (htpasswd) with specific arguments,
|
|
# including a user-chosen "password".
|
|
|
|
# if you want to enable the "htpasswd" command, give this the absolute path to
|
|
# whatever file apache (etc) expect to find the passwords in.
|
|
|
|
$HTPASSWD_FILE = "";
|
|
|
|
# Look in doc/3 ("easier to link gitweb authorisation with gitolite" section)
|
|
# for more details on using this feature.
|
|
|
|
# --------------------------------------
|
|
# EXTERNAL COMMAND HELPER -- RSYNC
|
|
|
|
# security note: runs an external command (rsync) with specific arguments, all
|
|
# presumably filled in correctly by the client-side rsync.
|
|
|
|
# base path of all the files that are accessible via rsync. Must be an
|
|
# absolute path. Leave it undefined or set to the empty string to disable the
|
|
# rsync helper.
|
|
|
|
$RSYNC_BASE = "";
|
|
|
|
# $RSYNC_BASE = "/home/git/up-down";
|
|
# $RSYNC_BASE = "/tmp/up-down";
|
|
|
|
# --------------------------------------
|
|
# EXTERNAL COMMAND HELPER -- SVNSERVE
|
|
|
|
# security note: runs an external command (svnserve) with specific arguments,
|
|
# as specified below. %u is substituted with the username.
|
|
|
|
# This setting allows launching svnserve when requested by the ssh client.
|
|
# This allows using the same SSH setup (hostname/username/public key) for both
|
|
# SVN and git access. Leave it undefined or set to the empty string to disable
|
|
# svnserve access.
|
|
|
|
$SVNSERVE = "";
|
|
# $SVNSERVE = "/usr/bin/svnserve -r /var/svn/ -t --tunnel-user=%u";
|
|
|
|
# --------------------------------------
|
|
# ALLOW REPO CONFIG TO USE WILDCARDS
|
|
|
|
# security note: this used to in a separate "wildrepos" branch. You can
|
|
# create repositories based on wild cards, give "ownership" to the specific
|
|
# user who created it, allow him/her to hand out R and RW permissions to other
|
|
# users to collaborate, etc. This is powerful stuff, and I've made it as
|
|
# secure as I can, but it hasn't had the kind of rigorous line-by-line
|
|
# analysis that the old "master" branch had.
|
|
|
|
# This has now been rolled into master, with all the functionality gated by
|
|
# this variable. Set this to 1 if you want to enable the wildrepos features.
|
|
# Please see doc/4-wildcard-repositories.mkd for details.
|
|
|
|
$GL_WILDREPOS = 0;
|
|
|
|
# --------------------------------------
|
|
# ALLOW SETPERMS TO OVERRIDE gitolite.conf
|
|
|
|
# A user can be given permissions to use a "wildcard created" repo using the
|
|
# "setperms" command run by the creator. However, if that same user is also
|
|
# explicitly listed in the config file as having a specific permission, and if
|
|
# that permission is different from what was specified using `setperms`, there
|
|
# is a conflict.
|
|
|
|
# Default behaviour is to let the config file permissions override the
|
|
# "setperms" permissions, but if you want it the other way, set this to 1.
|
|
|
|
$GL_SETPERMS_OVERRIDES_CONFIG = 0;
|
|
|
|
# --------------------------------------
|
|
# HOOK CHAINING
|
|
|
|
# by default, the update hook in every repo chains to "update.secondary".
|
|
# Similarly, the post-update hook in the admin repo chains to
|
|
# "post-update.secondary". If you're fine with the defaults, there's no need
|
|
# to do anything here. However, if you want to use different names or paths,
|
|
# change these variables
|
|
|
|
# $UPDATE_CHAINS_TO = "hooks/update.secondary";
|
|
# $ADMIN_POST_UPDATE_CHAINS_TO = "hooks/post-update.secondary";
|
|
|
|
# --------------------------------------
|
|
# ADMIN DEFINED COMMANDS
|
|
|
|
# WARNING: Use this feature only if (a) you really really know what you're
|
|
# doing or (b) you really don't care too much about security. Please read
|
|
# doc/admin-defined-commands.mkd for details.
|
|
|
|
# $GL_ADC_PATH = "";
|
|
|
|
# --------------------------------------
|
|
# per perl rules, this should be the last line in such a file:
|
|
1;
|
|
|
|
# Local variables:
|
|
# mode: perl
|
|
# End:
|
|
# vim: set syn=perl:
|