From bac5cba029aebec55df758a3c18e8edcf684af1f Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Tue, 26 Mar 2013 11:35:04 +0100 Subject: [PATCH] Correction : vm_hosted : gitweb. --- README | 5 +++ TODO | 3 ++ etc/gitolite | 2 +- etc/nginx/site.d/gitweb-tls/local.conf | 4 +-- etc/nginx/site.d/gitweb/site.conf | 29 +++++++++-------- etc/nginx/site.d/lhc-remorque/configure.sh | 9 +++--- etc/nginx/site.d/lhc-remorque/ikiwiki.setup | 36 ++++++++++----------- etc/sv/git-daemon/configure.sh | 7 +++- etc/sv/git-daemon/run | 7 ++-- etc/sv/gitweb/configure.sh | 23 +++++++------ vm_hosted | 2 +- vm_remote | 12 ++++--- 12 files changed, 79 insertions(+), 60 deletions(-) diff --git a/README b/README index 35fa2fc..f9aa543 100644 --- a/README +++ b/README @@ -54,3 +54,8 @@ TASK: générer une autorité de certification et un sous-certificat TLS % random=/dev/urandom gpg_options="-r $USER@ -r $SOME_OTHER_USER@" lib/tool/openssl/make etc/openssl/heureux-cyclage.org % random=/dev/urandom gpg_options="-r $USER@ -r $SOME_OTHER_USER@" lib/tool/openssl/make etc/openssl/*.heureux-cyclage.org % lib/tool/openssl/check etc/openssl/* +TASK: gérer gitolite + % cd etc/gitolite + % vim conf/gitolite.conf + % git commit + % ../../vm_remote gitolite_push diff --git a/TODO b/TODO index c5df437..db25539 100644 --- a/TODO +++ b/TODO @@ -12,3 +12,6 @@ - bind9/nsd (DNS auth) : configurer - ferm/shorewall (pare-feu) : configurer - agendav +- sympa +- openerp : runit + squelette +- gitolite : rationalisation des adresses de notification dans hooks.mailinglist diff --git a/etc/gitolite b/etc/gitolite index dd0f4ab..d1e9e89 160000 --- a/etc/gitolite +++ b/etc/gitolite @@ -1 +1 @@ -Subproject commit dd0f4ab2b20259d1e280760d31dd78285b7cc329 +Subproject commit d1e9e89a11de56575f61e71923446d024989a7b8 diff --git a/etc/nginx/site.d/gitweb-tls/local.conf b/etc/nginx/site.d/gitweb-tls/local.conf index 01c1542..9bc6201 100644 --- a/etc/nginx/site.d/gitweb-tls/local.conf +++ b/etc/nginx/site.d/gitweb-tls/local.conf @@ -1,5 +1,5 @@ listen 443; include /etc/nginx/conf.d/ssl.conf; -ssl_certificate /etc/nginx/x509.d/lhc-git-tls/crt.pem; -ssl_certificate_key /etc/nginx/x509.d/lhc-git-tls/key.pem; +ssl_certificate /etc/nginx/x509.d/gitweb-tls/crt.pem; +ssl_certificate_key /etc/nginx/x509.d/gitweb-tls/key.pem; ssl_session_timeout 5m; diff --git a/etc/nginx/site.d/gitweb/site.conf b/etc/nginx/site.d/gitweb/site.conf index e056493..d27614c 100644 --- a/etc/nginx/site.d/gitweb/site.conf +++ b/etc/nginx/site.d/gitweb/site.conf @@ -13,20 +13,21 @@ location ~ /\. { deny all; log_not_found off; } -location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx)) { - # NOTE: static repo files for cloning over HTTP - root /home/git/pub; - } -location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { - # NOTE: requests that need to go to git-http-backend - root /home/git/pub; - include /etc/nginx/conf.d/fastcgi.conf; - fastcgi_param GIT_HTTP_EXPORT_ALL ""; - fastcgi_param GIT_PROJECT_ROOT /home/git/pub; - fastcgi_param PATH_INFO $uri; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - } +# NOTE: commenté car exporte tous les dépôts indistinctement +#location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { +# # NOTE: requests that need to go to git-http-backend +# root /home/git/pub; +# fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; +# include /etc/nginx/conf.d/fastcgi.conf; +# fastcgi_param GIT_HTTP_EXPORT_ALL ""; +# fastcgi_param GIT_PROJECT_ROOT /home/git/pub; +# fastcgi_param PATH_INFO $uri; +# fastcgi_pass unix:/run/spawn-fcgi/gitweb; +# } +#location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx)) { +# # NOTE: static repo files for cloning over HTTP +# root /home/git/pub; +# } location @gitweb { root /usr/share/gitweb; fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; diff --git a/etc/nginx/site.d/lhc-remorque/configure.sh b/etc/nginx/site.d/lhc-remorque/configure.sh index 8e07c61..e8b451d 100644 --- a/etc/nginx/site.d/lhc-remorque/configure.sh +++ b/etc/nginx/site.d/lhc-remorque/configure.sh @@ -28,9 +28,10 @@ sudo install -d -m 2770 -o wiki-"$site" -g wiki-"$site" \ sudo install -d -m 2770 -o wiki-"$site" -g wiki-"$site" \ /home/lhc/var/ikiwiki/remorque sudo install -d -m 2750 -o wiki-"$site" -g git \ - /home/git/hooks/remorque + /home/git/hooks/lhc \ + /home/git/hooks/lhc/remorque sudo install -m 3771 -o git -g git /dev/stdin \ - /home/git/pub/remorqueatelier.git/hooks/post-update <<-EOF + /home/git/pub/lhc/remorque.git/hooks/post-update <<-EOF #!/bin/sh -efux # The cd below is why we must use this script. @@ -40,7 +41,7 @@ sudo install -m 3771 -o git -g git /dev/stdin \ # "E: Failed to change to directory '...': Permission denied" cd / - exec /home/git/hooks/remorque/post-update.ikiwiki + exec /home/git/hooks/lhc/remorque/post-update.ikiwiki EOF if sudo test -d /home/lhc/var/ikiwiki/remorque/.git @@ -49,7 +50,7 @@ if sudo test -d /home/lhc/var/ikiwiki/remorque/.git else sudo -u wiki-"$site" \ git clone \ - git@localhost:remorqueatelier \ + git@localhost:lhc/remorque \ /home/lhc/var/ikiwiki/remorque/git set +f sudo mv -i \ diff --git a/etc/nginx/site.d/lhc-remorque/ikiwiki.setup b/etc/nginx/site.d/lhc-remorque/ikiwiki.setup index d5645a8..ff3f348 100644 --- a/etc/nginx/site.d/lhc-remorque/ikiwiki.setup +++ b/etc/nginx/site.d/lhc-remorque/ikiwiki.setup @@ -1,7 +1,7 @@ #!/usr/bin/perl use IkiWiki::Setup::Standard { - wikiname => 'Remorque Atelier', + wikiname => 'Remorque', adminemail => 'admin+lhc-remorque@heureux-cyclage.org', adminuser => [qw{ julm @@ -18,13 +18,13 @@ use IkiWiki::Setup::Standard { #prefsurl => "https://$ENV{site}/cgi/ikiwiki.cgi", #cgi_wrapper => 'cgi/ikiwiki.cgi', #cgi_wrappermode => '02750', - cgiauthurl => "https://remorque.heureux-cyclage.org/auth/cgi/ikiwiki.cgi", - httpauth_pagespec => '!*/Discussion and !tmp', - anonok_pagespec => '*/Discussion or tmp', - locked_pages => '(user(git) and * and !*/Discussion and !tmp) and !*/Discussion', + cgiauthurl => "https://remorque.heureux-cyclage.org/cgi/ikiwiki.cgi", + #httpauth_pagespec => '!*/discussion and !tmp', + #anonok_pagespec => '*/discussion or tmp', + locked_pages => '(user(git) and * and !*/discussion and !tmp) and !*/discussion', rcs => "git", - historyurl => "/git/?p=remorqueatelier.git;a=history;f=[[file]]", - diffurl => "/git/?p=remorqueatelier.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]]", + #historyurl => "/git/?p=lhc/remorque.git;a=history;f=[[file]]", + #diffurl => "/git/?p=lhc/remorque.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]]", gitorigin_branch => "origin", gitmaster_branch => "master", wrappers => [ @@ -33,17 +33,17 @@ use IkiWiki::Setup::Standard { , wrappermode => "00750" } , { post_commit => 1 - , wrapper => "/home/git/hooks/remorque/post-update.ikiwiki" + , wrapper => "/home/git/hooks/lhc/remorque/post-update.ikiwiki" , wrappermode => "06750" , wrapper_background_command => "" } # , { post_commit => 1 - # , wrapper => "/home/git/pub/remorqueatelier/hooks/post-receive.iki" + # , wrapper => "/home/git/pub/lhc/remorque/hooks/post-receive.iki" # , wrappermode => "06750" # , wrapper_background_command => "" # } # , { test_receive => 1 - # , wrapper => "/home/git/pub/remorqueatelier.git/hooks/pre-receive.iki" + # , wrapper => "/home/git/pub/lhc/remorque.git/hooks/pre-receive.iki" # , wrappermode => "06750" # } ], @@ -96,7 +96,7 @@ use IkiWiki::Setup::Standard { prefix_directives => 1, indexpages => 0, discussion => 1, - discussionpage => 'Discussion', + discussionpage => 'discussion', html5 => 0, sslcookie => 1, default_pageext => 'mdwn', @@ -108,7 +108,7 @@ use IkiWiki::Setup::Standard { hardlink => 0, umask => 002, #wrappergroup => 'ikiwiki', - #libdir => '/home/lhc/var/ikiwiki/remorqueatelier/.ikiwiki', + #libdir => '/home/lhc/var/ikiwiki/lhc/remorque/.ikiwiki', libdir => '', ENV => {}, #include => '^\\.htaccess$', @@ -116,7 +116,7 @@ use IkiWiki::Setup::Standard { #wiki_file_chars => '-[:alnum:]+/.:_@’()&', wiki_file_chars => '-[:alnum:]+/.:_', allow_symlinks_before_srcdir => 1, - #htmlscrubber_skip => '!*/Discussion', + #htmlscrubber_skip => '!*/discussion', #rss => 0, atom => 1, #allowrss => 0, @@ -129,7 +129,7 @@ use IkiWiki::Setup::Standard { #openid_realm => '', #openid_cgiurl => '', #openidsignup => 'http://myopenid.com/', - account_creation_password => 'w3_sh411_0v3rc0m3', + #account_creation_password => 'w3_sh411_0v3rc0m3', password_cost => 8, #tohighlight => '.c .h .cpp .pl .py Makefile:make', #multimarkdown => 0, @@ -138,7 +138,7 @@ use IkiWiki::Setup::Standard { # or (mimetype(application/pdf) and maxsize(2mb) # )', #virus_checker => 'clamdscan -', - #comments_pagespec => 'blog/* and !*/Discussion', + #comments_pagespec => 'blog/* and !*/discussion', #comments_closed_pagespec => 'blog/controversial or blog/flamewar', #comments_pagename => '', #comments_allowdirectives => 0, @@ -147,8 +147,8 @@ use IkiWiki::Setup::Standard { #getsource_mimetype => 'text/plain; charset=utf-8', #mirrorlist => {}, repositories => - [ "git://git.heureux-cyclage.org/remorqueatelier.git" - , "git\@git.heureux-cyclage.org:remorqueatelier.git" + [ "git://git.heureux-cyclage.org/lhc/remorque.git" + , "git\@git.heureux-cyclage.org:lhc/remorque.git" ], omega_cgi => '/usr/lib/cgi-bin/omega/omega', search_pagespec => '* and !recentchanges/*', @@ -156,7 +156,7 @@ use IkiWiki::Setup::Standard { #websetup_unsafe => [], #websetup_show_unsafe => 1, #archivebase => 'archives', - #archive_pagespec => 'posts/* and !*/Discussion', + #archive_pagespec => 'posts/* and !*/discussion', #directive_description_dir => 'ikiwiki/directive', #teximg_dvipng => '', #teximg_prefix => '\\documentclass{article} diff --git a/etc/sv/git-daemon/configure.sh b/etc/sv/git-daemon/configure.sh index 5260f91..a56f6ac 100644 --- a/etc/sv/git-daemon/configure.sh +++ b/etc/sv/git-daemon/configure.sh @@ -3,7 +3,7 @@ rule adduser git-daemon\ --disabled-login \ --disabled-password \ --group \ - --home /home/git/pub \ + --home /home/git/daemon \ --shell /bin/false \ --system rule adduser log-git-daemon\ @@ -17,3 +17,8 @@ sudo adduser git-daemon git-data sudo adduser log-git log-git-daemon sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \ /home/git/log/"$sv" +sudo install -d -m 770 -o git -g "$sv" \ + /home/git/daemon +sudo ln -fns \ + ../pub \ + /home/git/daemon/git.$vm_domainname diff --git a/etc/sv/git-daemon/run b/etc/sv/git-daemon/run index 3af0062..d0086a2 100755 --- a/etc/sv/git-daemon/run +++ b/etc/sv/git-daemon/run @@ -5,10 +5,7 @@ eval "home=~$sv" exec /usr/bin/chpst \ -u "$sv":"$sv":git-data \ /usr/lib/git-core/git-daemon \ - --base-path="$home" \ - --interpolated-path=/home/git/srv/%H%D \ + --interpolated-path="$home"/%H%D \ --reuseaddr \ --user-path=pub/git \ - --verbose \ - -- \ - "$home" + --verbose diff --git a/etc/sv/gitweb/configure.sh b/etc/sv/gitweb/configure.sh index cd6faa7..84c846f 100644 --- a/etc/sv/gitweb/configure.sh +++ b/etc/sv/gitweb/configure.sh @@ -18,19 +18,18 @@ sudo adduser fcgi-"$sv" git-data sudo install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ /home/www/log/"$sv"/spawn-fcgi sudo install -d -m 2750 -o git -g fcgi-"$sv" \ - /etc/gitweb \ - /etc/gitweb/cgi + /etc/gitweb sudo ln -fns /etc/gitweb /home/git/etc/gitweb sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \ - /home/git/etc/gitweb/gitweb.conf <<-EOF + /etc/gitweb/gitweb.conf <<-EOF \$commit_oneline_message_width = 70; - \$default_projects_order = 'age'; + \$default_projects_order = 'project'; \$default_text_plain_charset = 'UTF-8'; @diff_opts = (); \$favicon = "static/git-favicon.png"; + \$feature{'highlight'}{'default'} = [1]; \$git_temp = "/run/shm/tmp/gitweb"; - \$home_footer = "/etc/gitweb/cgi/home-footer.cgi.inc"; - \$home_header = "/etc/gitweb/cgi/home-header.cgi.inc"; + \$home_text = "/etc/gitweb/home_text.html"; \$home_link = "/"; \$home_link_str = 'dépôts'; \$home_th_age = 'activité'; @@ -45,10 +44,14 @@ sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \ \$projects_list_description_width = 42; \$projects_list_owner_width = 15; \$search_str = "Filtre :"; - \$site_footer = "/etc/gitweb/cgi/site-footer.bin"; - \$site_header = undef; + \$site_footer = "/etc/gitweb/site_footer.html"; + \$site_header = "/etc/gitweb/site_header.html"; \$site_name = "git.$vm_domainname"; - \$space_to_nbsp = 0; @stylesheets = ("static/gitweb.css");# - \$untabify_tabstop = 2; + EOF +sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \ + /etc/gitweb/home_text.html <<-EOF +

Forge logicielle publique de l'Heureux Cyclage

+

Pour récupérer un dépôt public :

+ 
git clone git://git.heureux-cyclage.org/<projet>
EOF diff --git a/vm_hosted b/vm_hosted index 9a0e5a4..11dd8bb 100755 --- a/vm_hosted +++ b/vm_hosted @@ -546,7 +546,7 @@ rule_gitolite_configure () { \$GL_CONF = "\$GL_ADMINDIR/conf/gitolite.conf"; \$GL_CONF_COMPILED = "\$GL_ADMINDIR/conf/gitolite.conf.pm"; #\$GL_GET_MEMBERSHIPS_PGM = "/usr/local/bin/expand-ldap-user-to-groups" - \$GL_GITCONFIG_KEYS = "hooks\\..* repo\\..*"; + \$GL_GITCONFIG_KEYS = "gitweb\\..* hooks\\..*"; #\$GL_HOSTNAME = "git.$vm_domainname"; # NOTE: read doc/mirroring.mkd COMPLETELY before setting this. #\$GL_HTTP_ANON_USER = "mob"; diff --git a/vm_remote b/vm_remote index 0fa0165..41de663 100755 --- a/vm_remote +++ b/vm_remote @@ -1,6 +1,10 @@ #!/bin/sh set -e -f ${DRY_RUN:+-n} -u -tool=$(cd "${0%/*}"; cd -) +tool=$0 +while test -L "$tool" + do tool=$(readlink "$tool") + done +tool=${tool%/*} . "$tool"/lib/rule.sh . "$tool"/etc/vm.sh @@ -98,7 +102,7 @@ rule_apache2_key_send () { do conf=${conf#"$tool"/etc/nginx/site.d/} local site=${conf%/key_send} rule _x509_site_key_decrypt \ - "$(cat "$tool"/etc/apache2/site.d/"$site"/key_send)" | + "$(cat "$tool"/etc/apache2/site.d/"$site"/x509_host)" | rule ssh -l root ' \ sudo install -d -m 770 -o '"$user"' -g '"$user"' \ /etc/apache2 \ @@ -146,10 +150,10 @@ rule_nginx_configure () { for conf in "$tool"/etc/nginx/site.d/*/site.conf do conf=${conf#"$tool"/etc/nginx/site.d/} local site="${conf%/site.conf}" - if test -f "$tool"/etc/nginx/site.d/"$site"/key_send + if test -f "$tool"/etc/nginx/site.d/"$site"/x509_host then rule _x509_site_key_decrypt \ - "$(cat "$tool"/etc/nginx/site.d/"$site"/key_send)" | + "$(cat "$tool"/etc/nginx/site.d/"$site"/x509_host)" | rule ssh -l root ' \ sudo install -d -m 770 -o root -g root \ /etc/nginx \ -- 2.20.1