git.typo3.org and gerrit.typo3.org both run on srv04.typo3.org
git is the user the git daemon runs as. It's home directory is at
gerrit is the user the gerrit software runs as. It's home directory is at
Gerrit replicates to the git server via ssh, so
/var/git/.ssh are important. On forge the
git user and it's home are important as well.
Permissions for replication are handled by two special permission groups "Forge Mirror" and "Git Mirror" (see etc/replication.config). Projects by default have proper permissions enabled. To disable replication for a (private) project one has to add a special Permission "Read Access/-1 no access" for both of these groups ("Forge Mirror" and "Git Mirror").
This is a read-only server offering the git protocol to access the repositores in
/var/git/repositories. A repository must contain the
git-daemon-export-ok file to be exported by the git daemon.
The configuration can be found in
/etc/sv/git-daemon/run, the daemon logs to
The daemon is managed with
sv, so use
sv down git-daemon and
svn up git-daemon to stop and start the service.
upload-archive is disabled and selectivly enabled in
TYPO3v4/Core.git/config (to allow git archive --remote for the packaking team)
The web interface to git is delivered with gitweb.
The gitweb configuration is in
The apache configuration is in
The Apache logs to
Gerrit is installed in
The Apache configuration is in
The Apache logs to
Gerrit pushes git changes to git.typo3.org and forge.typo3.org (in both cases using ssh to connect as the user
git), the data ends up in
/var/git/repositories. If you need to trigger sync manually, for example because some refs where updated manually, you can use gerrit
ssh -p29418 XXXXX@review.typo3.org gerrit replicate PROJECT/PATH to trigger the sync.
Custom Gerrit Version¶We are using a custom gerrit version, with some patches (CSS classes, not adding e-mail on cherry-pick, enabling anon access via http)
- This version (and diffs to the original version) can be found at http://github.com/typo3/gerrit/
- You can build the version by cloning it, and you need Maven 2. Then just run
tools/release.shand upload the resulting file.
Authentication against typo3.org¶
The Apache proxy serving gerrit authenticates against typo3.org using
/var/gerrit/typo3org-authentication.php. This calls
https://typo3.org/services/authenticate.php to authenticate the user.
Account/group sync with (forge.)typo3.org¶
Every 4 hours gerrit calls
(/var/gerrit/sync-accounts.php && /var/gerrit/sync-groups.php && cd /var/gerrit/review && bin/gerrit.sh restart) via cron.
This syncs accounts from typo3.org (by using
https://typo3.org/services/userinfo.php) and group memberships from Forge/redmine (by using
http://forge.typo3.org/services/projects/[projectid], which only works for public forge projects)
git repository repacking¶
Every two weeks gerrit repacks the git repositories using
srv04 system setup¶
Installed packages (not listing automated dependencies)¶
When installing packages pure recommendation dependencies have been unset in most cases. non-free was added to apt sources.
From local package (downloaded from backports)
$ sudo adduser --home /var/git --shell /bin/bash --group git --system
Adding system user `git' (UID 104) ...
Adding new group `git' (GID 107) ...
Adding new user `git' (UID 104) with group `git' ...
Creating home directory `/var/git' ...
$ sudo adduser --home /var/gerrit --shell /bin/bash --group gerrit --system
Adding system user `gerrit' (UID 105) ...
Adding new group `gerrit' (GID 108) ...
Adding new user `gerrit' (UID 105) with group `gerrit' ...
Creating home directory `/var/gerrit' ...