dereenigne.org

After getting sick of GitHub's clunky closed-source interface, I decided to migrate my repositories to my own Debian-based server using the gitweb web interface.

Considering that I already have SSH access to the server, I only needed to provide read-only public access. As well as providing this access via the traditional 9418/tcp git protocol port, I wanted to provide access via HTTP too (I sometimes get caught behind firewalls which block 9418/tcp).

For vanity purposes, it was important that a single URL allowed both gitweb access and git cloning. Syntax highlighting for common programming languages is also a nice feature to have when migrating from github.

Finally, it was important that the configuration adhere where possible to the default Debian configuration files. I don't want the whole thing to fall apart when I upgrade to the next stable release!

The configuration below fulfils all the above requirements.

First, install git and apache if not installed:

apt-get install git gitweb git-daemon-sysvinit apache2 highlight

git-daemon-sysvinit is not available in Squeeze due to a dependency issue. You may either use git-daemon-run instead, compile this package yourself and relax the dependency, or else install the latest version of git from squeeze-backports.

Apache2 Virtual Host - /etc/apache2/sites-available/git.dereenigne.org:

<VirtualHost *:80>
ServerName git.dereenigne.org
DocumentRoot /usr/share/gitweb
SetEnv  GITWEB_CONFIG  /etc/gitweb.conf
SetEnv GIT_PROJECT_ROOT /var/cache/git

<Directory /usr/share/gitweb>
  Options FollowSymLinks +ExecCGI
  AddHandler cgi-script .cgi

  DirectoryIndex gitweb.cgi

  # Pretty gitweb URLs
  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^.* /gitweb.cgi/$0 [L,PT]
</Directory>

  # Enable git clone over HTTP
  ScriptAliasMatch \
          "(?x)^/(.*/(HEAD | \
          info/refs | \
          objects/(info/[^/]+ | \
          [0-9a-f]{2}/[0-9a-f]{38} | \
          pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
          git-(upload|receive)-pack))$" \
          /usr/lib/git-core/git-http-backend/$1
</VirtualHost>

Enable the apache2 site:

a2ensite /etc/apache2/sites-available/git.dereenigne.org

Edit /etc/gitweb.conf:

# path to git projects (
.git)
$projectroot = "/var/cache/git";

@git_base_url_list = ("git://git.dereenigne.org", "http://git.dereenigne.org");

# directory to use for temp files
$git_temp = "/tmp";

$site_name = "git.dereenigne.org";

# require export flag
$export_ok = "git-daemon-export-ok";
$strict_export = 1;

# target of the home link on top of all pages
#$home_link = $my_uri || "/";

# html text to include at home page
#$home_text = "indextext.html";

# file with project list; by default, simply scan the projectroot dir.
#$projects_list = $projectroot;

# stylesheet to use
#$stylesheet = "gitweb.css";

# javascript code for gitweb
#$javascript = "gitweb.js";

# logo to use
#$logo = "git-logo.png";

# the 'favicon'
#$favicon = "git-favicon.png";

# enable git blame
$feature{'blame'}{'default'} = [1];

# enable pickaxe search
$feature{'pickaxe'}{'default'} = [1];

# enable snapshot downloads
$feature{'snapshot'}{'default'} = ['zip', 'tgz'];

# enable syntax highlighting
$feature{'highlight'}{'default'} = [1];

# enable pretty URLs
$feature{'pathinfo'}{'default'} = [1];

Edit /etc/default/git-daemon:

# Defaults for git-daemon initscript
# sourced by /etc/init.d/git-daemon
# installed at /etc/default/git-daemon by the maintainer scripts

#
# This is a POSIX shell fragment
#

GIT_DAEMON_ENABLE=true
GIT_DAEMON_USER=gitdaemon

GIT_DAEMON_BASE_PATH=/var/cache/git
GIT_DAEMON_DIRECTORY=/var/cache/git

# Additional options that are passed to the Daemon.
GIT_DAEMON_OPTIONS=""

Start the git daemon:

/etc/init.d/git-daemon start

To create a new project:

ssh myserver
mkdir /var/cache/git/myrepo.git
cd /var/cache/git/myrepo.git
git init --bare
echo "myrepo description" > description
touch git-daemon-export-ok

To push to this project:

git add remote myserver user@myserver:/var/cache/git/myrepo.git
git push myserver master

While this page is about Debian, the same commands can be used to set up a similar setup on Ubuntu.

My dvb-apps patches, which added initial Saorview scan files for the primary Irish DVB-T transmission sites, were accepted. They should be trickling down to the various Linux distributions soon.

http://linuxtv.org/hg/dvb-apps/rev/a69bb290c76d
http://linuxtv.org/hg/dvb-apps/rev/4b470f18079a

I found a handy ncurses based serial port debugger recently called statserial. It outputs the status of the serial control lines to the terminal.

Install with:

apt-get install statserial

Run with:

statserial /dev/ttyS0

Running Debian Testing means that I constantly have new packages pushed to my machine. While the majority of these changes cause no problems, occasionally there can be a few hiccups.

apt-listchanges is a useful package that shows any Debian NEWS files during package upgrades. It can also be configured to show the Debian changelogs too. It cleverly displays each changelog version since the version that was previously in Testing (bear in mind that not every package version in Sid reaches Testing).

To enable the changelog behaviour, run

dpkg-reconfigure apt-listchanges

as root, and change the type of notifications from news to both.

This will add an output similar to the one shown below when upgrading packages.

mtr (0.82-2) unstable; urgency=low

  * Add patch by Moritz Mühlenhoff to enable hardened build flags,
    closes: #654117.

 -- Robert Woodcock   Sun, 08 Jan 2012 08:05:30 -0800

chromium-browser (16.0.912.63~r113337-1) unstable; urgency=low

  [ Giuseppe Iuculano ]
  * New stable version:
    - Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to
      David Holloway of the Chromium development community.
    - Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
      Chrome Security Team (Inferno).
    - Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit
      to Aki Helin of OUSPG.
    - High CVE-2011-3907: URL bar spoofing with view-source. Credit
      to Luka Treiber of ACROS Security.
    - Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki
      Helin of OUSPG.
    - Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property
      array. Credit to Google Chrome Security Team (scarybeasts) and Chu.
    - Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling.
      Credit to Google Chrome Security Team (Cris Neckar).
    - High CVE-2011-3912: Use-after-free in SVG filters. Credit to
      Arthur Gerkis.
    - High CVE-2011-3913: Use-after-free in Range handling. Credit
      to Arthur Gerkis.
    - High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
      Credit to Sławomir Błażek.
    - High CVE-2011-3915: Buffer overflow in PDF font handling.
      Credit to Atte Kettunen of OUSPG.
    - Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to
      Google Chrome Security Team (Marty Barbella).
    - High CVE-2011-3904: Use-after-free in bidi handling. Credit to Google
      Chrome Security Team (Inferno) and miaubiz.
  * [5299644] Update patches for v16

  [ Michael Gilbert ]
  * [ce38c6a] depend on gyp >= r1119
  * [d4236b8] fix upstream channel naming in source readme
  * [3683f5d] refresh nss-workaround.patch and system_v8.patch
  * [4c18347] add myself to uploaders

 -- Giuseppe Iuculano   Sun, 01 Jan 2012 13:45:54 +0100

I discovered apg recently, a handy tool for generating secure passwords on the commandline.

user@host:~$ apg

Please enter some random data (only first 16 are significant)
(eg. your old password):>
Ujecabhytor3 (Uj-ec-ab-hyt-or-THREE)
yaxJant7 (yax-Jant-SEVEN)
eewIcIkheaj9 (eew-Ic-Ik-heaj-NINE)
GitAbpavhav7 (Git-Ab-pav-hav-SEVEN)
GrysAcksId8 (Grys-Acks-Id-EIGHT)
VurHocs1 (Vur-Hocs-ONE)

You can also pass a seed to apg via the commandline for use within scripts:

user@host:~$ apg -c date +%s
FiWaztyt
BykerWij
AndyewAbFa
Huoforea
enyuavhew
gaiwilcij