Debian Gitweb server

After getting sick of GitHub's clunky closed-source interface, I decided to migrate my repositories to my own Debian-based server using the gitweb web interface.

Considering that I already have SSH access to the server, I only needed to provide read-only public access. As well as providing this access via the traditional 9418/tcp git protocol port, I wanted to provide access via HTTP too (I sometimes get caught behind firewalls which block 9418/tcp).

For vanity purposes, it was important that a single URL allowed both gitweb access and git cloning. Syntax highlighting for common programming languages is also a nice feature to have when migrating from github.

Finally, it was important that the configuration adhere where possible to the default Debian configuration files. I don't want the whole thing to fall apart when I upgrade to the next stable release!

The configuration below fulfils all the above requirements.

First, install git and apache if not installed:

apt-get install git gitweb git-daemon-sysvinit apache2 highlight

git-daemon-sysvinit is not available in Squeeze due to a dependency issue. You may either use git-daemon-run instead, compile this package yourself and relax the dependency, or else install the latest version of git from squeeze-backports.

Apache2 Virtual Host - /etc/apache2/sites-available/git.dereenigne.org:

<VirtualHost *:80>
ServerName git.dereenigne.org
DocumentRoot /usr/share/gitweb
SetEnv  GITWEB_CONFIG  /etc/gitweb.conf
SetEnv GIT_PROJECT_ROOT /var/cache/git

<Directory /usr/share/gitweb>
  Options FollowSymLinks +ExecCGI
  AddHandler cgi-script .cgi

  DirectoryIndex gitweb.cgi

  # Pretty gitweb URLs
  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^.* /gitweb.cgi/$0 [L,PT]
</Directory>

  # Enable git clone over HTTP
  ScriptAliasMatch \
          "(?x)^/(.*/(HEAD | \
          info/refs | \
          objects/(info/[^/]+ | \
          [0-9a-f]{2}/[0-9a-f]{38} | \
          pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
          git-(upload|receive)-pack))$" \
          /usr/lib/git-core/git-http-backend/$1
</VirtualHost>

Enable the apache2 site:

a2ensite /etc/apache2/sites-available/git.dereenigne.org

Edit /etc/gitweb.conf:

# path to git projects (.git)
$projectroot = "/var/cache/git";

@git_base_url_list = ("git://git.dereenigne.org", "http://git.dereenigne.org");

# directory to use for temp files
$git_temp = "/tmp";

$site_name = "git.dereenigne.org";

# require export flag
$export_ok = "git-daemon-export-ok";
$strict_export = 1;

# target of the home link on top of all pages
#$home_link = $my_uri || "/";

# html text to include at home page
#$home_text = "indextext.html";

# file with project list; by default, simply scan the projectroot dir.
#$projects_list = $projectroot;

# stylesheet to use
#$stylesheet = "gitweb.css";

# javascript code for gitweb
#$javascript = "gitweb.js";

# logo to use
#$logo = "git-logo.png";

# the 'favicon'
#$favicon = "git-favicon.png";

# enable git blame
$feature{'blame'}{'default'} = [1];

# enable pickaxe search
$feature{'pickaxe'}{'default'} = [1];

# enable snapshot downloads
$feature{'snapshot'}{'default'} = ['zip', 'tgz'];

# enable syntax highlighting
$feature{'highlight'}{'default'} = [1];

# enable pretty URLs
$feature{'pathinfo'}{'default'} = [1];

Edit /etc/default/git-daemon:

# Defaults for git-daemon initscript
# sourced by /etc/init.d/git-daemon
# installed at /etc/default/git-daemon by the maintainer scripts

#
# This is a POSIX shell fragment
#

GIT_DAEMON_ENABLE=true
GIT_DAEMON_USER=gitdaemon

GIT_DAEMON_BASE_PATH=/var/cache/git
GIT_DAEMON_DIRECTORY=/var/cache/git

# Additional options that are passed to the Daemon.
GIT_DAEMON_OPTIONS=""

Start the git daemon:

/etc/init.d/git-daemon start

To create a new project:

ssh myserver
mkdir /var/cache/git/myrepo.git
cd /var/cache/git/myrepo.git
git init --bare
echo "myrepo description" > description
touch git-daemon-export-ok

To push to this project:

git add remote myserver user@myserver:/var/cache/git/myrepo.git
git push myserver master

While this page is about Debian, the same commands can be used to set up a similar setup on Ubuntu.

Update Intel CPU Microcode

You are probably familiar with the terms firmware and drivers in the context of computer hardware, and the endless updating that they require. Most people associate these drivers and firmware updates with peripheral equipment such as graphic cards and DVD drives. You might not however be aware that you can also update the firmware on your CPU (firmware is called microcode in CPU speak).

These microcode updates are normally bundled in with BIOS updates. Given the fact that BIOS updates are inherently risky, motherboard manufacturers are reluctant to issue BIOS updates for anything other than major bugs. This means your microcode can become quite dated. Both Intel and AMD realise this and release standalone microcode updates.

If you are running Debian or Ubuntu and Intel CPU (there is a pretty good chance you are), you can use the intel-microcode and microcode.ctl packages to update your microcode. This will download the latest microcode for your CPU and apply the update automatically on each boot. This process does not apply the update permanently, and is completely reversible.

Periodically run

sudo update-intel-microcode

to download the latest microcode version from Intel.

I'm not aware of any analogous utility for Windows, but if anyone does, let me know in the comments. :-)

Monitor Sleep on Screen Lock

I lock my screen when I know I'm popping away from the computer for a few minutes. It therefore makes sense to place the screen(s) in sleep mode while I'm away.

On Linux, I use this handy script from a fellow called Marco. I've packaged it up for Debian and Ubuntu users to make it easier to install, and can be downloaded from here.

On Windows, I use this little program from a fellow called Kevin.

Create a keyboard shortcut to each and use that as your new lock screen shortcut. It makes a big difference if you use dual monitors like me. :-)

Aptitude List Recently Installed

Below is a grep one-liner to look through the logs and find out what was recently installed. Comes in handy if you can't remember what the exact name of that package you installed earlier was.

grep "install\ " /var/log/dpkg.log

This should give you a helpful output in the form below:

root@lambda:~# grep "install\ " /var/log/dpkg.log
2011-07-05 09:17:07 install libpam-modules-bin  1.1.3-2
2011-07-05 09:17:13 install libsane-common  1.0.22-4
2011-07-05 09:17:52 install libqzeitgeist0  0.7.0-1
2011-07-05 09:18:32 install libsane-extras-common  1.0.22.2
2011-07-05 21:55:06 install sendmail-base  8.14.4-2
2011-07-05 21:55:06 install sendmail-cf  8.14.4-2
2011-07-05 21:55:11 install sendmail-bin  8.14.4-2+b1
2011-07-05 21:55:24 install libpq5 9.0.3-1 9.0.4-1+b1
2011-07-05 21:55:24 install sensible-mda  8.14.4-2+b1
2011-07-05 21:55:25 install sendmail  8.14.4-2

You can also replace install with remove to view the recently removed files:

root@lambda:~# grep "remove\ " /var/log/dpkg.log
2011-07-05 09:16:42 remove liblchown-perl 1.01-1+b1 
2011-07-05 21:55:08 remove exim4-config 4.76-2 
2011-07-05 21:55:09 remove exim4-daemon-light 4.76-2 
2011-07-05 21:55:09 remove exim4-base 4.76-2 
2011-07-05 21:55:23 remove exim4 4.76-2