From 33d8d8b21c5586f1328c8c3e7f6049037ae5fd0d Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 04 Nov 2011 17:22:06 -0400
Subject: [PATCH] Moved SearchType enum to Constants
---
docs/01_setup.mkd | 251 +++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 218 insertions(+), 33 deletions(-)
diff --git a/docs/01_setup.mkd b/docs/01_setup.mkd
index eca0be2..0939d5a 100644
--- a/docs/01_setup.mkd
+++ b/docs/01_setup.mkd
@@ -1,37 +1,39 @@
## Gitblit WAR Setup
-1. Download [Gitblit WAR %VERSION%](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%) to the webapps folder of your servlet container.<br/>
+1. Download [Gitblit WAR %VERSION%](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%) to the webapps folder of your servlet container.
2. You may have to manually extract the WAR (zip file) to a folder within your webapps folder.
3. Copy the `WEB-INF/users.properties` file to a location outside the webapps folder that is accessible by your servlet container.
-4. The Gitblit webapp is configured through its `web.xml` file.<br/>
+4. The Gitblit webapp is configured through its `web.xml` file.
Open `web.xml` in your favorite text editor and make sure to review and set:
- <context-parameter> *git.repositoryFolder* (set the full path to your repositories folder)
- <context-parameter> *realm.userService* (set the full path to `users.properties`)
5. You may have to restart your servlet container.
6. Open your browser to <http://localhost/gitblit> or whatever the url should be.
-7. Click the *Login* link and enter the default administrator credentials: **admin / admin**<br/>
+7. Enter the default administrator credentials: **admin / admin** and click the *Login* button
**NOTE:** Make sure to change the administrator username and/or password!!
## Gitblit GO Setup
-1. Download and unzip [Gitblit GO %VERSION%](http://code.google.com/p/gitblit/downloads/detail?name=%GO%).<br/>
+1. Download and unzip [Gitblit GO %VERSION%](http://code.google.com/p/gitblit/downloads/detail?name=%GO%).
*Its best to eliminate spaces in the path name.*
-2. The server itself is configured through a simple text file.<br/>
+2. The server itself is configured through a simple text file.
Open `gitblit.properties` in your favorite text editor and make sure to review and set:
- *git.repositoryFolder* (path may be relative or absolute)
- *server.tempFolder* (path may be relative or absolute)
- - *server.httpBindInterface* and *server.httpsBindInterface*<br/>
- **https** is strongly recommended because passwords are insecurely transmitted form your browser/git client using Basic authentication!
+ - *server.httpPort* and *server.httpsPort*
+ - *server.httpBindInterface* and *server.httpsBindInterface*
+ **https** is strongly recommended because passwords are insecurely transmitted form your browser/git client using Basic authentication!
3. Execute `gitblit.cmd` or `java -jar gitblit.jar` from a command-line
-4. Wait a minute or two while all dependencies are downloaded and your self-signed *localhost* certificate is generated.<br/>Please see the section titled **Creating your own Self-Signed Certificate** to generate a certificate for *your hostname*.
-5. Open your browser to <http://localhost> or <https://localhost> depending on your chosen configuration.
-6. Click the *Login* link and enter the default administrator credentials: **admin / admin**<br/>
+4. Wait a minute or two while all dependencies are downloaded and your self-signed *localhost* certificate is generated.
+ Please see the section titled **Creating your own Self-Signed Certificate** to generate a certificate for *your hostname*.
+5. Open your browser to <http://localhost:8080> or <https://localhost:8443> depending on your chosen configuration.
+6. Enter the default administrator credentials: **admin / admin** and click the *Login* button
**NOTE:** Make sure to change the administrator username and/or password!!
### Creating your own Self-Signed Certificate
Gitblit GO automatically generates an ssl certificate for you that is bound to *localhost*.
-Remote Eclipse/EGit/JGit clients (<= 1.0.0) will fail to communicate using this certificate because JGit always verifies the hostname of the certificate, regardless of the *http.sslVerify=false* client-side setting.
+Remote Eclipse/EGit/JGit clients (<= 1.1.0) will fail to communicate using this certificate because JGit always verifies the hostname of the certificate, regardless of the *http.sslVerify=false* client-side setting.
The EGit failure message is something like:
@@ -44,7 +46,8 @@
2. Set *your hostname* into the *HOSTNAME* variable.
3. Execute the script.<br/>This will generate a new certificate and keystore for *your hostname* protected by *server.storePassword*.
-**NOTE:**<br/>If you use `makekeystore_jdk.cmd`, the certificate password AND the keystore password must match and must be set as *server.storePassword* or specified with the *storePassword* command-line parameter!
+**NOTE:**
+If you use `makekeystore_jdk.cmd`, the certificate password AND the keystore password must match and must be set as *server.storePassword* or specified with the *storePassword* command-line parameter!
Additionally, if you want to change the value of *server.storePassword* (recommended) you will have to generate a new certificate afterwards.
@@ -52,7 +55,7 @@
Gitblit uses [Apache Commons Daemon](http://commons.apache.org/daemon) to install and configure its Windows service.
1. Review the contents of the `installService.cmd`
-2. Set the *ARCH* value as appropriate for your installed Java Virtual Machine.<br/>
+2. Set the *ARCH* value as appropriate for your installed Java Virtual Machine.
3. Add any necessary *--StartParams* as enumerated below in **Command-Line Parameters**.
4. Execute the script.
@@ -61,6 +64,16 @@
**NOTE:**<br/>
If you change the name of the service from *gitblit* you must also change the name of `gitblitw.exe` to match the new service name otherwise the connection between the service and the utility is lost, at least to double-click execution.
+
+#### VM Considerations
+By default, the service installation script configures your Windows service to use your default JVM. This setup usually defaults to a client VM.<br/>
+If you have installed a JDK, you might consider using the `gitblitw.exe` utility to manually specify the *server* VM.
+
+1. Execute `gitblitw.exe`
+2. On the *Java* tab uncheck *Use default*.
+3. Manually navigate your filesystem and specify the server VM with the `...` button<br/><pre>
+Java Virtual Machine:
+C:\Program Files\Java\jre6\bin\server\jvm.dll</pre>
#### Command-Line Parameters
Command-Line parameters override the values in `gitblit.properties` at runtime.
@@ -77,7 +90,32 @@
**Example**
java -jar gitblit.jar --userService c:\myrealm.properties --storePassword something
-
+
+## Upgrading Gitblit
+Generally, upgrading is easy.
+
+Since Gitblit does not use a database the only files you have to worry about are your configuration file (`gitblit.properties` or `web.xml`) and possibly your `users.properties` file.
+
+Any important changes to the setting keys or default values will always be mentioned in the [release log](releases.html).
+
+### Upgrading Gitblit WAR
+1. Backup your `web.xml` file
+2. Delete currently deployed gitblit WAR
+3. Deploy new WAR and overwrite the `web.xml` file with your backup
+4. Review and optionally apply any new settings as indicated in the [release log](releases.html).
+
+### Upgrading Gitblit GO
+
+1. Backup your `gitblit.properties` file
+2. Backup your `users.properties` file *(if it is located in the Gitblit GO folder)*
+3. Unzip Gitblit GO to a new folder
+4. Overwrite the `gitblit.properties` file with your backup
+5. Overwrite the `users.properties` file with your backup *(if it was located in the Gitblit GO folder)*
+6. Review and optionally apply any new settings as indicated in the [release log](releases.html).
+
+#### Upgrading Windows Service
+You may need to delete your old service definition and install a new one depending on what has changed in the release.
+
## Gitblit Configuration
### Administering Repositories
@@ -94,7 +132,11 @@
accessRestriction = clone
isFrozen = false
showReadme = false
-
+ federationStrategy = FEDERATE_THIS
+ isFederated = false
+ skipSizeCalculation = false
+ federationSets =
+
#### Repository Names
Repository names must be unique and are CASE-SENSITIVE ON CASE-SENSITIVE FILESYSTEMS. The name must be composed of letters, digits, or `/ _ - .`<br/>
Whitespace is illegal.
@@ -113,42 +155,185 @@
username,password,role1,role2,role3...
#### Usernames
-Usernames must be unique and are case-insensitive.<br/>
+Usernames must be unique and are case-insensitive.
Whitespace is illegal.
#### Passwords
-User passwords are CASE-SENSITIVE and may be *plain* or *md5* formatted (see `gitblit.properties` -> *realm.passwordStorage*).
+User passwords are CASE-SENSITIVE and may be *plain*, *md5*, or *combined-md5* formatted (see `gitblit.properties` -> *realm.passwordStorage*).
#### User Roles
-There is only one actual *role* in Gitblit and that is *#admin* which grants administrative powers to that user. Administrators automatically have access to all repositories. All other *roles* are repository names. If a repository is access-restricted, the user must have the repository's name within his/her roles to bypass the access restriction. This is how users are granted access to a restricted repository.
+There are two actual *roles* in Gitblit: *#admin*, which grants administrative powers to that user, and *#notfederated*, which prevents an account from being pulled by another Gitblit instance. Administrators automatically have access to all repositories. All other *roles* are repository names. If a repository is access-restricted, the user must have the repository's name within his/her roles to bypass the access restriction. This is how users are granted access to a restricted repository.
## Authentication and Authorization Customization
Instead of maintaining a `users.properties` file, you may want to integrate Gitblit into an existing environment.
-You may use your own custom *com.gitblit.IUserService* implementation by specifying its fully qualified classname in the *realm.userService* setting.<br/>
+You may use your own custom *com.gitblit.IUserService* implementation by specifying its fully qualified classname in the *realm.userService* setting.
Your user service class must be on Gitblit's classpath and must have a public default constructor.
+
+%BEGINCODE%
+public interface IUserService {
+
+ /**
+ * Setup the user service.
+ *
+ * @param settings
+ * @since 0.7.0
+ */
+ @Override
+ public void setup(IStoredSettings settings) {
+ }
+
+ /**
+ * Does the user service support cookie authentication?
+ *
+ * @return true or false
+ */
+ boolean supportsCookies();
+
+ /**
+ * Returns the cookie value for the specified user.
+ *
+ * @param model
+ * @return cookie value
+ */
+ char[] getCookie(UserModel model);
+
+ /**
+ * Authenticate a user based on their cookie.
+ *
+ * @param cookie
+ * @return a user object or null
+ */
+ UserModel authenticate(char[] cookie);
+
+ /**
+ * Authenticate a user based on a username and password.
+ *
+ * @param username
+ * @param password
+ * @return a user object or null
+ */
+ UserModel authenticate(String username, char[] password);
+
+ /**
+ * Retrieve the user object for the specified username.
+ *
+ * @param username
+ * @return a user object or null
+ */
+ UserModel getUserModel(String username);
+
+ /**
+ * Updates/writes a complete user object.
+ *
+ * @param model
+ * @return true if update is successful
+ */
+ boolean updateUserModel(UserModel model);
+
+ /**
+ * Adds/updates a user object keyed by username. This method allows for
+ * renaming a user.
+ *
+ * @param username
+ * the old username
+ * @param model
+ * the user object to use for username
+ * @return true if update is successful
+ */
+ boolean updateUserModel(String username, UserModel model);
+
+ /**
+ * Deletes the user object from the user service.
+ *
+ * @param model
+ * @return true if successful
+ */
+ boolean deleteUserModel(UserModel model);
+
+ /**
+ * Delete the user object with the specified username
+ *
+ * @param username
+ * @return true if successful
+ */
+ boolean deleteUser(String username);
+
+ /**
+ * Returns the list of all users available to the login service.
+ *
+ * @return list of all usernames
+ */
+ List<String> getAllUsernames();
+
+ /**
+ * Returns the list of all users who are allowed to bypass the access
+ * restriction placed on the specified repository.
+ *
+ * @param role
+ * the repository name
+ * @return list of all usernames that can bypass the access restriction
+ */
+ List<String> getUsernamesForRepositoryRole(String role);
+
+ /**
+ * Sets the list of all uses who are allowed to bypass the access
+ * restriction placed on the specified repository.
+ *
+ * @param role
+ * the repository name
+ * @param usernames
+ * @return true if successful
+ */
+ boolean setUsernamesForRepositoryRole(String role, List<String> usernames);
+
+ /**
+ * Renames a repository role.
+ *
+ * @param oldRole
+ * @param newRole
+ * @return true if successful
+ */
+ boolean renameRepositoryRole(String oldRole, String newRole);
+
+ /**
+ * Removes a repository role from all users.
+ *
+ * @param role
+ * @return true if successful
+ */
+ boolean deleteRepositoryRole(String role);
+
+ /**
+ * @See java.lang.Object.toString();
+ * @return string representation of the login service
+ */
+ String toString();
+}
+%ENDCODE%
## Client Setup and Configuration
### Https with Self-Signed Certificates
You must tell Git/JGit not to verify the self-signed certificate in order to perform any remote Git operations.
-**NOTE:**<br/>
-The default self-signed certificate generated by Gitlbit GO is bound to *localhost*.<br/>
-If you are using Eclipse/EGit/JGit clients, you will have to generate your own certificate that specifies the exact hostname used in your clone/push url.<br/>
-You must do this because Eclipse/EGit/JGit (<= 1.0.0) always verifies certificate hostnames, regardless of the *http.sslVerify=false* client-side setting.
+**NOTE:**
+The default self-signed certificate generated by Gitlbit GO is bound to *localhost*.
+If you are using Eclipse/EGit/JGit clients, you will have to generate your own certificate that specifies the exact hostname used in your clone/push url.
+You must do this because Eclipse/EGit/JGit (<= 1.1.0) always verifies certificate hostnames, regardless of the *http.sslVerify=false* client-side setting.
-- Eclipse/EGit/JGit
+- **Eclipse/EGit/JGit**
1. Window->Preferences->Team->Git->Configuration
2. Click the *New Entry* button
- 3. <pre>Key = *http.sslVerify*
- Value = *false*</pre>
-- Command-line Git ([Git-Config Manual Page](http://www.kernel.org/pub/software/scm/git/docs/git-config.html))
- <pre>git config --global --bool --add http.sslVerify false</pre>
+ 3. <pre>Key = <em>http.sslVerify</em>
+Value = <em>false</em></pre>
+- **Command-line Git** ([Git-Config Manual Page](http://www.kernel.org/pub/software/scm/git/docs/git-config.html))
+<pre>git config --global --bool --add http.sslVerify false</pre>
### Cloning an Access Restricted Repository
-- Eclipse/EGit/JGit<br/>Nothing special to configure, EGit figures out everything.
- <pre>https://yourserver/git/your/repository</pre>
-- Command-line Git<br/>*My testing indicates that your username must be embedded in the url. YMMV.*
- <pre>https://username@yourserver/git/your/repository</pre>
-
\ No newline at end of file
+- **Eclipse/EGit/JGit**
+Nothing special to configure, EGit figures out everything.
+<pre>https://yourserver/git/your/repository</pre>
+- **Command-line Git**
+My testing indicates that your username must be embedded in the url. YMMV.
+<pre>https://username@yourserver/git/your/repository</pre>
\ No newline at end of file
--
Gitblit v1.9.1