SIP Router - GIT Repository - Generic Settings

Mail Notifications

The central git repository can send email notifications whenever a contributor pushes commits into it. The mailing script is in $GIT_REPO/hooks/mail and it is called from $GIT_REPO/hooks/update. The notifications can be configured from the repository. To enable mail notifications you have to set mailNotifications to true in the hooks section:

[hooks]
    mailNotification = true

After that you need to configure the sender and recipient email addresses and a link to gitweb. These parameters belong to section mail:

[mail]
    envelopeSender = admin@sip-router.org
    recipient = admin@sip-router.org
    gitwebURL = http://git.sip-router.org/cgi-bin/gitweb.cgi

Parameter envelopeSender configures the sender address to be put in the message envelope. This is the email address that will receive delivery status notification and notifications of failures. This is not the email address that will be put in From header, the From header will be set to your name and email address which you configured in git and which appears in the commits.

Parameter recipient is the destination address, usually a development mailing list. Mail notifications can contain a link to gitweb in the body, configure gitwebURL with the URL to your gitweb if you want to have a link to gitweb in your email notifications.

The mapping of usernames to email addresses is done using a static file. The original commitlog script used a static address in From. I then modified the script to extract the author information from the commit object so that we can use it in From and people can reply to commitlog messages directly – reaching the author of the change. Unfortunately this did not work as I expected. A contributor might pull some changes from a private repository for somebody else and then the email address of that person would be in the author field and in From header of the commitlog, although the commit was done by somebody else. Then we tried to use the committer field from the commit object, but the result was the same, most of the time it contains the same email address as the author field.

It turned out that we couldn't use GIT_COMMITTER_NAME and GIT_COMMITTER_EMAIL environment variables in people's ~/.bashrc either to be used in From, because git executes the shell as non-interactive and non-login so the startup files are ignored when git executes commands and hooks on the server.

So I ended up adding a simple mapping file, it is in $GIT_DIR/email_map

format is

username=First Last <email>

You can define a catch-all rule in the mapping file which will be used whenever no matching username can be find if you replace the username with *:

*=root@localhost

and I added a new configuration option to the git config where you can specify with mapping file will be used for the repository:

[mail]
    envelopeSender = email_addr
    recipient = email_addr
    gitwebURL = http://git.sip-router.org/cgi-bin/gitweb.cgi
    emailMap = $GIT_DIR/email_map

The mailing script dies if it cannot translate a username to email address. It is also possible specify a static From address in the git confiuration file, i.e:

[mail]
    from=admin@sip-router.org

Then the static configuration takes precedence. Two more improvements to come are:

  • Update the cvs synchronization script so that we get notifications of commits from cvs.
  • Implement a new option which would allow us to explicitly set the list of branches that generate commit logs.

Branch ACLs

Write access to specific branches can be limited. This is implemented in the update hook. There are 2 files that control who can commit and on which branch:

  • $GIT_DIR/info/allowed-users : contains one branch pattern and a user pattern list on each line (the patterns are

regular expressions separated by white space). Empty lines and comments (lines starting with '#') are allowed. The branch rules evaluate in the order they are written in the file and they stop at the first match. If the username matches one of the user patterns on the first line matching the branch it will be allowed to commit, else if the branch matched it will be denied and if no branch pattern matched it depends on the acl.defaultPolicy config variable.

# Example:
# Format: branch_pattern user_pattern_list
# All the patterns are regular expressions, separated by whitespace
# A branch patter starting with a '+' has a special meaning: on that branch
# non-fast-forwards are allowed.
# The pattern evaluation stops on first match (so all user allowed to commit
# on some branch should be listed on the same line)

# original ser branches are read only (only root is allowed to update them)
refs/heads/cvs-head     root

# everybody can do any change in tmp/* branches
+refs/heads/tmp/.*      .*

# everybody can commit on the master branch
refs/heads/master$      .*

# everybody can make any tag
refs/tags/.*            .*
  • $GIT_DIR/info/allowed-groups : same as above but uses unix group names instead of usernames. It's evaluated only if no match

was found in $GIT_DIR/info/allowed-users.

Config options:

  • acl.defaultPolicy : if set to "allow" and no rules match the branchname in the allowed-user or allowed-group files, the commit will be allowed. If set to any other value, it will be denied.
  • acl.usernameBranches : is set to "allow" commits to branches of the form ${username}/.* are allowed, even if access to them

is not explicitely allowed in the allowed-user file.

Example config acl section:

[acl]
        defaultPolicy = deny
        usernameBranches = allow

Changelog

  • 2008-08-21: Hook post-update made executable in the ser shared repository to make sure that git-update-info is run–the repository is published over HTTP.
  • 2008-08-19: Fixed links to stylesheets and images in gitweb
  • 2008-08-18: Automatically generated doxygen documentation
  • 2008-08-14: Mapping of usernames to email addresses added, support for catch-all mapping rule, commit logs from cvs sync script
  • 2008-08-13: Commitlogs installed and configured
  • 2008-08-12: CVS emulation enabled
  • 2008-08-11: gitweb working, repo available through http, git, and ssh
  • 2008-08-10: Automatic synchronization with cvs on berlios
  • 2008-08-09: Migrated to new host

Remember

  • When setting up a repository that should be available through HTTP (i.e. dumb server), it is necessary to do chmod +x repository/hooks/post-update. This makes sure that every time you push into the repository, git-update-info will be run.
  • Run git-repack and git-prune-packed from time to time in the repository.

Navigation

Wiki

Other

Personal Tools