initial commit of file from CVS for smeserver-gitweb on Thu Oct 9 11:47:34 AEDT 2025

root/etc/e-smith/db/configuration/defaults/git/GitWeb

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/templates/etc/e-smith/web/common/gitweb/home_text.html/10HomeText

@@ -0,0 +1,24 @@
+{
+  # Setup the home link
+  # Allow override with: config setprop git SystemName <name>
+  #              and/or: config setprop git DomainName <name>
+  # Otherwise default to the primary system domain
+ 
+  use esmith::ConfigDB;
+
+  my $config_db = esmith::ConfigDB->open_ro() or
+    die "Couldn't open ConfigDB\n";
+
+  my $SystemName = $git\{'SystemName'\} || $config_db->get("SystemName")->value;
+  my $DomainName = $git\{'DomainName'\} || $config_db->get("DomainName")->value;
+  my $GitWebHomeLink = $SystemName . "." . $DomainName . "/git"; 
+
+  $OUT  = "";
+  $OUT .= "<div class=\"page_nav\">\n";
+  $OUT .= "  Cloning a repository:\n";
+  $OUT .= "  <pre>\n";
+  $OUT .= "    <code>git clone " . "https://" . $GitWebHomeLink . "/foo.git</code>\n";
+  $OUT .= "  </pre>\n";
+  $OUT .= "  <a href=\"https://nobody\@" . $GitWebHomeLink . "\?reqauth=1\">Force Authentication</a> to see private repositories.\n";
+  $OUT .= "</div>\n";
+}

root/etc/e-smith/templates/etc/e-smith/web/common/gitweb/home_text.html/template-begin

@@ -0,0 +1 @@
+<!-- begin home_text.html -->

root/etc/e-smith/templates/etc/e-smith/web/common/gitweb/home_text.html/template-end

@@ -0,0 +1 @@
+<!-- end of home_text.html -->

root/etc/e-smith/templates/etc/gitweb.conf/00Intro

@@ -0,0 +1,7 @@
+
+# The gitweb config file is a fragment of perl code. You can set variables
+# using "our $variable = value"; text from "#" character until the end of a
+# line is ignored. See perlsyn(1) man page for details.
+#
+# See /usr/share/doc/gitweb-*/README and /usr/share/doc/gitweb-*/INSTALL for
+# more details and available configuration variables.

root/etc/e-smith/templates/etc/gitweb.conf/10ProjectRoot

@@ -0,0 +1,9 @@
+
+# Set the path to git projects.  This is an absolute filesystem path which will
+# be prepended to the project path. The use of the environment variable
+# GITWEB_PROJECTROOT allows the webserver to redirect the Gitweb view
+# to user home directories that may be used to keep personal Git
+# repositories.
+
+our $projectroot = $ENV\{'GITWEB_PROJECTROOT'\} || "/home/e-smith/files/git";
+

root/etc/e-smith/templates/etc/gitweb.conf/15HomeLink

@@ -0,0 +1,20 @@
+{
+  # Setup the home link
+  # Allow override with: config setprop git SystemName <name>
+  #              and/or: config setprop git DomainName <name>
+  # Otherwise it default to the primary system and domain name
+ 
+  use esmith::ConfigDB;
+
+  my $config_db = esmith::ConfigDB->open_ro() or
+    die "Couldn't open ConfigDB\n";
+
+  my $SystemName = $git\{'SystemName'\} || $config_db->get("SystemName")->value;
+  my $DomainName = $git\{'DomainName'\} || $config_db->get("DomainName")->value;
+  my $GitWebHomeLink = $SystemName . "." . $DomainName . "/git"; 
+
+  $OUT = "\n";
+  $OUT .= "# Home Link:\n";
+  $OUT .= "\$home_link = \"" . "https://" . $GitWebHomeLink . "\"\;\n";
+  $OUT .= "\$home_link_str = \"" . $GitWebHomeLink . "\"\;\n";
+}

root/etc/e-smith/templates/etc/gitweb.conf/15URI

@@ -0,0 +1,12 @@
+
+# base URI
+$my_uri    = "/git/";
+# URI of stylesheets
+@stylesheets = ("/git/gitweb.css");
+# URI of GIT logo (72x27 size)
+$logo = "/git/git-logo.png";
+# URI of GIT favicon, assumed to be image/png type
+$favicon = "/git/git-favicon.png";
+# URI of gitweb.js (JavaScript code for gitweb)
+$javascript = "/git/gitweb.js";
+

root/etc/e-smith/templates/etc/gitweb.conf/17HomeText

@@ -0,0 +1,3 @@
+
+# Included at top of home page
+$home_text = "/etc/e-smith/web/common/gitweb/home_text.html";

root/etc/e-smith/templates/etc/gitweb.conf/20BaseUrl

@@ -0,0 +1,19 @@
+{
+  # Setup the base URL
+  # Allow override with: config setprop git SystemName <name>
+  #              and/or: config setprop git DomainName <name>
+  # Otherwise it default to the primary system and domain name
+
+  use esmith::ConfigDB;
+
+  my $config_db = esmith::ConfigDB->open_ro() or
+    die "Couldn't open ConfigDB\n";
+
+  my $SystemName = $git\{'SystemName'\} || $config_db->get("SystemName")->value;
+  my $DomainName = $git\{'DomainName'\} || $config_db->get("DomainName")->value;
+  my $GitWebBaseUrl = "https://" . $SystemName . "." . $DomainName . "/git"; 
+
+  $OUT = "";
+  $OUT .= "# Base URL:\n";
+  $OUT .= "\$base_url = \"" . $GitWebBaseUrl . "\"\;\n";
+}

root/etc/e-smith/templates/etc/gitweb.conf/21CloneUrl

@@ -0,0 +1,19 @@
+{
+  # Setup the base URL
+  # Allow override with: config setprop git SystemName <name>
+  #              and/or: config setprop git DomainName <name>
+  # Otherwise it default to the primary system and domain name
+
+  use esmith::ConfigDB;
+
+  my $config_db = esmith::ConfigDB->open_ro() or
+    die "Couldn't open ConfigDB\n";
+
+  my $SystemName = $git\{'SystemName'\} || $config_db->get("SystemName")->value;
+  my $DomainName = $git\{'DomainName'\} || $config_db->get("DomainName")->value;
+  my $GitWebBaseUrl = "https://" . $SystemName . "." . $DomainName . "/git";
+
+  $OUT  = "";
+  $OUT .= "# Set the list of git base URLs to fetch project from\n";
+  $OUT .= "\@git_base_url_list = \"" . $GitWebBaseUrl . "\"\;\n\n";
+}

root/etc/e-smith/templates/etc/gitweb.conf/22LocalIPAddress

@@ -0,0 +1,13 @@
+{
+  # Retrieve the server local IP address
+  use esmith::NetworksDB;
+
+  my $networks_db = esmith::NetworksDB->open_ro() or
+    die "Could not open the NetworksDB";
+
+  # Get server private IP address and mask for access to the local network only
+  my $network_setting = $networks_db->local_access_spec('private');
+
+  $OUT .= "# The server local IP address and mask\n";
+  $OUT .= "\$local_network_setting = \"" . $network_setting . "\"\;\n";
+}

root/etc/e-smith/templates/etc/gitweb.conf/25SiteName

@@ -0,0 +1,19 @@
+{
+  # Setup the site name
+  # Allow override with: config setprop git SystemName <name>
+  #              and/or: config setprop git DomainName <name>
+  # Otherwise it default to the primary system and domain name
+
+  use esmith::ConfigDB;
+
+  my $config_db = esmith::ConfigDB->open_ro() or
+    die "Couldn't open ConfigDB\n";
+
+  my $SystemName = $git\{'SystemName'\} || $config_db->get("SystemName")->value;
+  my $DomainName = $git\{'DomainName'\} || $config_db->get("DomainName")->value;
+  my $GitWebSiteName = $SystemName . "." . $DomainName;
+
+  $OUT = "";
+  $OUT .= "# Site Name:\n";
+  $OUT .= "\$site_name = \"" . $GitWebSiteName . "\"\;\n";
+}

root/etc/e-smith/templates/etc/gitweb.conf/27ProjectListWidth

@@ -0,0 +1,3 @@
+
+# Length of the project description column in the webpage.
+$projects_list_description_width = 200;

root/etc/e-smith/templates/etc/gitweb.conf/30FeatureBlameView

@@ -0,0 +1,8 @@
+
+# Enable the 'blame' blob view, showing the last commit that modified
+# each line in the file. This can be very CPU-intensive. Disabled by default
+$feature\{'blame'\}\{'default'\} = [1];
+
+# Allow projects to override the default setting via git config file.
+# Example: gitweb.blame = 0|1;
+$feature\{'blame'\}\{'override'\} = 1;

root/etc/e-smith/templates/etc/gitweb.conf/31FeaturePathInfo

@@ -0,0 +1,4 @@
+
+# Use clean URLs
+$feature\{'pathinfo'\}\{'default'\} = [0];
+

root/etc/e-smith/templates/etc/gitweb.conf/32FeatureSnapshotLink

@@ -0,0 +1,12 @@
+
+# Disable the 'snapshot' link, providing a compressed archive of any tree. This
+# can potentially generate high traffic if you have large project. Enabled for
+# .tar.gz snapshots by default.
+
+# Value is a list of formats defined in %known_snapshot_formats that you wish
+# to offer.
+$feature\{'snapshot'\}\{'default'\} = ['zip', 'tgz'];
+
+# Allow projects to override the default setting via git config file.
+# Example: gitweb.snapshot = tbz2,zip; (use "none" to disable)
+$feature\{'snapshot'\}\{'override'\} = 1;

root/etc/e-smith/templates/etc/gitweb.conf/34FeatureAvatar

@@ -0,0 +1,3 @@
+
+$feature\{'avatar'\}\{'default'\} = ['gravatar'];  
+$feature\{'avatar'\}\{'override'\} = 1;

root/etc/e-smith/templates/etc/gitweb.conf/36FeatureHighlight

@@ -0,0 +1,5 @@
+
+$feature\{'highlight'\}\{'default'\} = [1];
+$feature\{'highlight'\}\{'override'\} = 1;
+
+ 

root/etc/e-smith/templates/etc/gitweb.conf/38FeatureGrepSearch

@@ -0,0 +1,10 @@
+
+# Disable grep search, which will list the files in currently selected tree
+# containing the given string. This can be potentially CPU-intensive, of
+# course. Enabled by default.
+$feature\{'grep'\}\{'default'\} = [1];
+
+# Allow projects to override the default setting via git config file.
+# Example: gitweb.grep = 0|1;
+$feature\{'grep'\}\{'override'\} = 1;
+

root/etc/e-smith/templates/etc/gitweb.conf/40FeaturePickaxeSearch

@@ -0,0 +1,9 @@
+
+# Disable the pickaxe search, which will list the commits that modified a given
+# string in a file. This can be practical and quite faster alternative to
+# 'blame', but still potentially CPU-intensive. Enabled by default.
+$feature{'pickaxe'}{'default'} = [1];
+
+# Allow projects to override the default setting via git config file.
+# Example: gitweb.pickaxe = 0|1;
+$feature\{'pickaxe'\}\{'override'\} = 1;

root/etc/e-smith/templates/etc/gitweb.conf/42PreventXSS

@@ -0,0 +1,4 @@
+
+# Allow the use of README.html in repository directories as we trust the submitters of our repositories.
+$prevent_xss = 0;
+

root/etc/e-smith/templates/etc/gitweb.conf/52AuthError

@@ -0,0 +1,25 @@
+
+####
+# Authentication Error Magic:
+sub auth_error \{
+  my $status = shift;
+  my $error = esc_html(shift);
+
+  my $headers = \{ -type => $content_type,
+                  -charset => 'utf-8',
+                  -status => $status \};
+  $headers->\{"WWW-Authenticate"\} = 'Basic realm="Git Repositories"' if ($status =~ /^401/);
+                    
+  print $cgi->header($headers);
+  git_header_html(undef, undef, -no_http_header => 1);
+  print "<div class=\"index_include\"><br /><br />";
+  print "$status - <b>Error:</b> $error";
+  print "<br />";
+  if ($cgi->param("reqauth") && $status =~ /^401/) \{
+    print '<a href="?">Click here</a> to retry without authentication<br />';
+  \}
+  print "</div>";
+  git_footer_html();
+  goto DONE_GITWEB;
+\};
+

root/etc/e-smith/templates/etc/gitweb.conf/60ExportAuthHook

@@ -0,0 +1,158 @@
+####
+# Password Check - Returns 0 when password validated OK, or !0 otherwise
+#
+
+sub trypass \{
+   my $userid= $_[0];
+   my $passwd= $_[1];
+
+   # Find the pwauth program. It is in a different location in SME8 and SME9
+   if( -f "/usr/bin/pwauth" ) \{
+     $pwauth_path= "/usr/bin/pwauth";
+   \}
+   elsif( -f "/usr/lib/httpd/modules/pwauth" ) \{
+     $pwauth_path= "/usr/lib/httpd/modules/pwauth";
+   \}
+   else \{
+     $pwauth_path = "";
+   \}
+
+   open PWAUTH, "|$pwauth_path" or die("Could not run $pwauth_path");
+   print PWAUTH "$userid\n$passwd\n";
+   close PWAUTH;
+   return $?;
+\}
+
+####
+# Install a export authorisation hook to ensure Gitweb only list thise projects that the user
+# is authorised to see.
+#                               local_unauthorised internet_unauthorised local_authorised internet_authorised
+# internet anonymous pull                Yes                Yes                Yes
+# local    anonymous pull                Yes                No                 Yes
+# internet && authorised pull            Yes                No                 Yes
+# local    && authorised pull            Yes                No                 Yes
+
+use esmith::GitDB;
+use MIME::Base64;
+use NetAddr::IP;
+
+$export_auth_hook = sub \{
+  my $isindex = 0;
+  my $projectdir = shift;
+
+  our $cgi;
+
+  # If "reqauth" parameter is set, send back a 401 if there's no auth
+  if ($cgi->param("reqauth") and not defined $ENV\{"HTTP_AUTHORIZATION"\}) \{
+    auth_error("401 Unauthorized",
+               "You wanted to provide authorization, so I asked for it.");
+  \}
+
+  # Don't allow hidden .git dirs (like the toplevel one)
+  return 0 if ($projectdir =~ m-/.git-);
+
+  if ($action =~ m/^(?:opml|project_list|project_index)$/) \{
+    # They're viewing an index.
+
+	# If gitweb-noindex is in the repo, disallow it now.
+	return 0 if (-e "$projectdir/gitweb-noindex");
+
+    $isindex = 1;
+  \}
+
+  # Check authorisation
+
+  my $repository_view_allowed = 0;
+  my $internet_access_allowed = 0;
+  my $host_request_allowed    = 0; # Will be 1 when the view is allowed based on the current host address and 'allow_access_from' setting
+  my $anonymous_pull          = 0; # Will be 1 when the repository does not require pull authorisation
+  my $authorised_repository_view_allowed = 0; # Will be 1 when the authorised user has pull permissions on the repository
+  my $pull_users              = '';
+
+  # Retrieve project properties from DB
+
+  if($projectdir =~ (/(.*?)\.git/)) \{
+    my $projectname = basename($1);
+
+    # Retrieve project properties from database
+    my $git_db = esmith::GitDB->open_ro() or
+      auth_error( "500 Internal Error", "Could not open the Git repository database! Does the web server have permission to read the git database file?" );
+
+    my $repository = $git_db->get($projectname) or
+      auth_error( "500 Internal Error", "The git repository '$projectname' does not seem to exist in the repository database!" );
+
+    my %properties = $repository->props;
+
+    # Check if the request is from a local IP address for this host
+    my @network_set = split(/ /, $local_network_setting );
+ 
+    for my $cur_network (@network_set) \{
+      	$cur_network = "$cur_network/255.255.255.255" unless $cur_network =~ /[0-9.]*\/[0-9.]*/;
+ 
+        # Get server private IP address and mask for access to the local
+	# network  only
+	my @network_setting = split(/\//, $cur_network );
+	
+	# Check if the REMOTE_ADDR is within the range of the
+	# 'private' address  for this server
+	my $remote_addr = NetAddr::IP->new( $ENV{'REMOTE_ADDR'} );
+	if( $remote_addr->within( new NetAddr::IP @network_setting[0],   @network_setting[1] ) ) \{
+		return 1; # EXIT LOCAL HOST -> REPOSITORY VIEW ALLOWED
+	\}
+     \}
+
+    # See if internet access is allowed on this repository.
+    if ($properties\{'allow_access_from'\}) \{
+      if ($properties\{'allow_access_from'\} eq 'internet') \{
+        $internet_access_allowed = 1;
+      \}
+    \}
+
+    # See if anonymous pull is allowed on this repository.
+    if( ($properties\{'pull_groups'\} eq '') && ($properties\{'pull_users'\} eq '') ) \{
+      $anonymous_pull = 1;
+    \}
+
+    if( $internet_access_allowed && $anonymous_pull ) \{
+      return 1;  # EXIT INTERNET ACCESS WITH ANONYMOUS PULL -> REPOSITORY VIEW ALLOWED
+    \}
+
+    # For the remaining access from the internet, we need an authorised user
+    # that is allowed to either pull or push this repository.
+
+    # Check if we have:
+    # a) a user that is listed in the repository pull or push permissions
+    # b) valid credentials i.e password can be validated.
+    if( $ENV\{'HTTP_AUTHORIZATION'\} ) \{
+      my @http_authorisation = split(/ /, $ENV\{'HTTP_AUTHORIZATION'\} );
+      my @http_digest = split( /:/, decode_base64( @http_authorisation[1] ) );
+
+      # See who the effective users are for this repository. The AccountsDB needs
+      # to have world read permissions to allow this to work.
+      my @pulled_user_groups;
+      for my $ggroup (split(',',$properties\{'pull_groups'\}))
+      \{
+	my ($name,$passwd,$gid,$members)=getgrnam($ggroup);
+	push @pulled_user_groups , split(' ',$members);
+      \}
+      push @pulled_user_groups, split(',',$properties\{'pull_users'\});
+      @pulled_user_groups = do \{ my %seen; grep \{ !$seen\{$_\}++ \} @pulled_user_groups \};
+
+      if( @http_digest[0] ~~ @pulled_user_groups ) \{
+        # USER IN AUTHORISED LIST -> CHECK PASSWORD
+        if( trypass( @http_digest[0], @http_digest[1] ) == 0 ) \{
+          return 1;  # EXIT USER IS AUTHORISED -> REPOSITORY VIEW ALLOWED
+        \} else \{
+          auth_error( "401 Unauthorized", "Permission denied" );
+        \}
+      \} else \{
+        return 0; # EXIT USER NOT IN AUTHORISED LIST -> DENY REPOSITORY VIEW
+      \}
+    \} else \{
+      return 0; # EXIT NO AUTHORISATION SUPPLIED -> DENY REPOSITORY VIEW
+    \}
+  \}
+
+  # Not reached. No access.
+  return 0;
+\};

root/etc/e-smith/templates/etc/gitweb.conf/70GravatarURL

@@ -0,0 +1,11 @@
+
+####
+# Override gravatar function so we can use https, and choose a default
+sub gravatar_url \{
+    my $email = lc shift;
+    my $size = shift;
+    $avatar_cache\{$email\} ||=
+        "https://secure.gravatar.com/avatar/" .
+        Digest::MD5::md5_hex($email) . "?d=mm&s=";
+    return $avatar_cache\{$email\} . $size;
+\}

root/etc/e-smith/templates/etc/gitweb.conf/template-begin

@@ -0,0 +1,19 @@
+#------------------------------------------------------------
+#             *** DO NOT MODIFY THIS FILE! ***
+#
+# This is the configuration file for GitWeb. 
+#
+# It is updated automatically by the SME Server software. 
+#
+# To modify copy the required template fragment from 
+# /etc/e-smith/templates/etc/gitweb.conf into
+# /etc/e-smith/templates-custom/etc/gitweb.conf and 
+# modify it there. 
+#
+# The use "expand-template /etc/gitweb.conf"  
+#
+# For more information, see http://wiki.contribs.org/Template_Tutorial
+#
+# Copyright (C) 2012 Marco Hess <marco.hess@through-ip.com>
+#------------------------------------------------------------
+

root/etc/e-smith/web/common/gitweb/home_text.html

@@ -0,0 +1 @@
+This text is in /etc/e-smith/web/common/gitweb/home_text.html