From 98f05df545b9c20ddf2af44a079985d950ff2830 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 17 Jun 2014 09:10:37 -0400
Subject: [PATCH] Merge pull request #200 from davido/patch-4
---
src/main/distrib/data/gitblit.properties | 364 +++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 302 insertions(+), 62 deletions(-)
diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index 6168f41..65fe41e 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -83,7 +83,7 @@
#
# SINCE 1.3.0
# RESTART REQUIRED
-git.daemonBindInterface = localhost
+git.daemonBindInterface =
# port for serving the Git Daemon service. <= 0 disables this service.
# On Unix/Linux systems, ports < 1024 require root permissions.
@@ -92,6 +92,52 @@
# SINCE 1.3.0
# RESTART REQUIRED
git.daemonPort = 9418
+
+# The port for serving the SSH service. <= 0 disables this service.
+# On Unix/Linux systems, ports < 1024 require root permissions.
+# Recommended value: 29418
+#
+# SINCE 1.5.0
+# RESTART REQUIRED
+git.sshPort = 29418
+
+# Specify the interface for the SSH daemon to bind its service.
+# You may specify an ip or an empty value to bind to all interfaces.
+# Specifying localhost will result in Gitblit ONLY listening to requests to
+# localhost.
+#
+# SINCE 1.5.0
+# RESTART REQUIRED
+git.sshBindInterface =
+
+# Specify the SSH key manager to use for retrieving, storing, and removing
+# SSH keys.
+#
+# Valid key managers are:
+# com.gitblit.transport.ssh.FileKeyManager
+#
+# SINCE 1.5.0
+git.sshKeysManager = com.gitblit.transport.ssh.FileKeyManager
+
+# Directory for storing user SSH keys when using the FileKeyManager.
+#
+# SINCE 1.5.0
+git.sshKeysFolder= ${baseFolder}/ssh
+
+# SSH backend NIO2|MINA.
+#
+# The Apache Mina project recommends using the NIO2 backend.
+#
+# SINCE 1.5.0
+git.sshBackend = NIO2
+
+# Number of threads used to parse a command line submitted by a client over SSH
+# for execution, create the internal data structures used by that command,
+# and schedule it for execution on another thread.
+#
+# SINCE 1.5.0
+git.sshCommandStartThreads = 2
+
# Allow push/pull over http/https with JGit servlet.
# If you do NOT want to allow Git clients to clone/push to Gitblit set this
@@ -130,6 +176,16 @@
#
# SINCE 0.9.0
git.onlyAccessBareRepositories = false
+
+
+# Specify the list of acceptable transports for pushes.
+# If this setting is empty, all transports are acceptable.
+#
+# Valid choices are: GIT HTTP HTTPS SSH
+#
+# SINCE 1.5.0
+# SPACE-DELIMITED
+git.acceptedPushTransports = HTTP HTTPS SSH
# Allow an authenticated user to create a destination repository on a push if
# the repository does not already exist.
@@ -214,6 +270,11 @@
#
# SINCE 1.4.0
git.createRepositoriesShared = false
+
+# Directory for gitignore templates used during repository creation.
+#
+# SINCE 1.6.0
+git.gitignoreFolder = ${baseFolder}/gitignore
# Enable JGit-based garbage collection. (!!EXPERIMENTAL!!)
#
@@ -381,6 +442,33 @@
# Common unit suffixes of k, m, or g are supported.
# Documentation courtesy of the Gerrit project.
#
+#
+# NOTE: The importance of JGit's streamFileTreshold AND Git's bigFileThreshold
+# ISSUE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=394078
+#
+# "core.bigFileThreshold
+#
+# Files larger than this size are stored deflated, without
+# attempting delta compression. Storing large files without
+# delta compression avoids excessive memory usage, at the
+# slight expense of increased disk usage.
+#
+# Default is 512 MiB on all platforms.
+# This should be reasonable for most projects as source code and other
+# text files can still be delta compressed,
+# but larger binary media files won't be."
+# -- Git documentation
+#
+# If streamFileTreshold < bigFileTreshold you _may_ spend alot of time waiting
+# for push and/or fetch to complete. It may even look hung.
+#
+# Until the issue is resolved gracefully, a workaround is to configure
+# bigFileThreshold < streamFileTreshold AND then repack the repository.
+#
+# e.g. from the repository folder with Gitblit NOT running:
+# git config core.bigFileTreshold 40m
+# git gc --aggressive
+#
# SINCE 1.0.0
# RESTART REQUIRED
git.streamFileThreshold = 50m
@@ -401,6 +489,140 @@
# SINCE 1.0.0
# RESTART REQUIRED
git.packedGitMmap = false
+
+# Validate all received (pushed) objects are valid.
+#
+# SINCE 1.5.0
+git.checkReceivedObjects = true
+
+# Validate all referenced but not supplied objects are reachable.
+#
+# If enabled, Gitblit will verify that references to objects not contained
+# within the received pack are already reachable through at least one other
+# reference advertised to clients.
+#
+# This feature is useful when Gitblit doesn't trust the client to not provide a
+# forged SHA-1 reference to an object, in an attempt to access parts of the DAG
+# that they aren't allowed to see and which have been hidden from them via the
+# configured AdvertiseRefsHook or RefFilter.
+#
+# Enabling this feature may imply at least some, if not all, of the same functionality
+# performed by git.checkReceivedObjects.
+#
+# SINCE 1.5.0
+git.checkReferencedObjectsAreReachable = true
+
+# Set the maximum allowed Git object size.
+#
+# If an object is larger than the given size the pack-parsing will throw an exception
+# aborting the receive-pack operation. The default value, 0, disables maximum
+# object size checking.
+#
+# SINCE 1.5.0
+git.maxObjectSizeLimit = 0
+
+# Set the maximum allowed pack size.
+#
+# A pack exceeding this size will be rejected. The default value, -1, disables
+# maximum pack size checking.
+#
+# SINCE 1.5.0
+git.maxPackSizeLimit = -1
+
+# Use the Gitblit patch receive pack for processing contributions and tickets.
+# This allows the user to push a patch using the familiar Gerrit syntax:
+#
+# git push <remote> HEAD:refs/for/<targetBranch>
+#
+# NOTE:
+# This requires git.enableGitServlet = true AND it requires an authenticated
+# git transport connection (http/https) when pushing from a client.
+#
+# Valid services include:
+# com.gitblit.tickets.FileTicketService
+# com.gitblit.tickets.BranchTicketService
+# com.gitblit.tickets.RedisTicketService
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+tickets.service =
+
+# Globally enable or disable creation of new bug, enhancement, task, etc tickets
+# for all repositories.
+#
+# If false, no tickets can be created through the ui for any repositories.
+# If true, each repository can control if they allow new tickets to be created.
+#
+# NOTE:
+# If a repository is accepting patchsets, new proposal tickets can be created
+# regardless of this setting.
+#
+# SINCE 1.4.0
+tickets.acceptNewTickets = true
+
+# Globally enable or disable pushing patchsets to all repositories.
+#
+# If false, no patchsets will be accepted for any repositories.
+# If true, each repository can control if they accept new patchsets.
+#
+# NOTE:
+# If a repository is accepting patchsets, new proposal tickets can be created
+# regardless of the acceptNewTickets setting.
+#
+# SINCE 1.4.0
+tickets.acceptNewPatchsets = true
+
+# Default setting to control patchset merge through the web ui. If true, patchsets
+# must have an approval score to enable the merge button. This setting can be
+# overriden per-repository.
+#
+# SINCE 1.4.0
+tickets.requireApproval = false
+
+# The case-insensitive regular expression used to identify and close tickets on
+# push to the integration branch for commits that are NOT already referenced as
+# a patchset tip.
+#
+# SINCE 1.5.0
+tickets.closeOnPushCommitMessageRegex = (?:fixes|closes)[\\s-]+#?(\\d+)
+
+# Specify the location of the Lucene Ticket index
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+tickets.indexFolder = ${baseFolder}/tickets/lucene
+
+# Define the url for the Redis server.
+#
+# e.g. redis://localhost:6379
+# redis://:foobared@localhost:6379/2
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+tickets.redis.url =
+
+# The number of tickets to display on a page.
+#
+# SINCE 1.4.0
+tickets.perPage = 25
+
+# The folder where plugins are loaded from.
+#
+# SINCE 1.5.0
+# RESTART REQUIRED
+# BASEFOLDER
+plugins.folder = ${baseFolder}/plugins
+
+# The registry of available plugins.
+#
+# SINCE 1.5.0
+plugins.registry = http://plugins.gitblit.com/plugins.json
+
+# Number of threads used to handle miscellaneous tasks in the background.
+#
+# SINCE 1.6.0
+# RESTART REQUIRED
+execution.defaultThreadPoolSize = 1
#
# Groovy Integration
@@ -501,7 +723,7 @@
#
# SINCE 1.2.1
# RESTART REQUIRED
-fanout.bindInterface = localhost
+fanout.bindInterface =
# port for serving the Fanout PubSub service. <= 0 disables this service.
# On Unix/Linux systems, ports < 1024 require root permissions.
@@ -554,6 +776,16 @@
#
# SINCE 0.5.0
web.allowCookieAuthentication = true
+
+# Allow deletion of non-empty repositories. This is enforced for all delete vectors.
+#
+# SINCE 1.6.0
+web.allowDeletingNonEmptyRepositories = true
+
+# Setting to include personal repositories in the main repositories list.
+#
+# SINCE 1.6.0
+web.includePersonalRepositories = false
# Config file for storing project metadata
#
@@ -680,6 +912,14 @@
#
# SINCE 0.5.0
web.allowAdministration = true
+
+# Setting to disable rendering the top-level navigation header which includes
+# the login form, top-level links like dashboard, repositories, search, etc.
+# This setting is only useful if you plan to embed Gitblit within another page
+# or system.
+#
+# SINCE 1.4.0
+web.hideHeader = false
# Allows rpc clients to list repositories and possibly manage or administer the
# Gitblit server, if the authenticated account has administrator permissions.
@@ -1147,6 +1387,7 @@
# Enable/disable global regex substitutions (i.e. shared across repositories)
#
# SINCE 0.5.0
+# DEPRECATED 1.4.0 (migrate to bugtraq instead)
regex.global = true
# Example global regex substitutions
@@ -1189,6 +1430,11 @@
# use SMTPs flag
mail.smtps = false
+
+# use STARTTLS flag
+#
+# SINCE 1.6.0
+mail.starttls = false
# if your smtp server requires authentication, supply the credentials here
#
@@ -1352,6 +1598,12 @@
# SINCE 1.3.0
realm.windows.allowGuests = false
+# Allow user accounts belonging to the BUILTIN\Administrators group to be
+# Gitblit administrators.
+#
+# SINCE 1.4.0
+realm.windows.permitBuiltInAdministrators = true
+
# The default domain for authentication.
#
# If specified, this domain will be used for authentication UNLESS the supplied
@@ -1403,6 +1655,15 @@
#
# SINCE 1.0.0
realm.ldap.password = password
+
+# Bind pattern for Authentication.
+# Allow to directly authenticate an user without LDAP Searches.
+#
+# e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain
+#
+# SINCE 1.5.0
+realm.ldap.bindpattern =
+
# Delegate team membership control to LDAP.
#
@@ -1465,14 +1726,15 @@
# Query pattern to use when searching for an empty team. This may be any valid
# LDAP query expression, including the standard (&) and (|) operators.
#
-#default: (&(objectClass=group)(!(member=*)))
+# default: (&(objectClass=group)(!(member=*)))
# SINCE 1.4.0
realm.ldap.groupEmptyMemberPattern = (&(objectClass=group)(!(member=*)))
# LDAP users or groups that should be given administrator privileges.
#
# Teams are specified with a leading '@' character. Groups with spaces in the
-# name can be entered as "@team name".
+# name can be entered as "@team name". This setting only applies when using
+# LDAP to maintain team memberships.
#
# e.g. realm.ldap.admins = john @git_admins "@git admins"
#
@@ -1502,50 +1764,49 @@
# SINCE 1.0.0
realm.ldap.email = email
-# Defines the cache period to be used when caching LDAP queries. This is currently
-# only used for LDAP user synchronization.
-#
-# Must be of the form '<long> <TimeUnit>' where <TimeUnit> is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS'
-# default: 2 MINUTES
-#
-# RESTART REQUIRED
-realm.ldap.ldapCachePeriod = 2 MINUTES
-
-# Defines whether to synchronize all LDAP users into the backing user service
-#
-# Valid values: true, false
-# If left blank, false is assumed
-realm.ldap.synchronizeUsers.enable = false
-
-# Defines the period to be used when synchronizing users from ldap. This is currently
-# only used for LDAP user synchronization.
-#
-# Must be of the form '<long> <TimeUnit>' where <TimeUnit> is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS'
-# <long> is at least the value from realm.ldap.ldapCachePeriod if lower the value from realm.ldap.ldapCachePeriod is used.
-# default: 5 MINUTES
-#
-# RESTART REQUIRED
-# SINCE 1.4.0
-realm.ldap.synchronizeUsers.ldapSyncPeriod = 5 MINUTES
-
-# Defines whether to delete non-existent LDAP users from the backing user service
-# during synchronization. depends on realm.ldap.synchronizeUsers.enable = true
-#
-# Valid values: true, false
-# If left blank, true is assumed
-realm.ldap.synchronizeUsers.removeDeleted = true
-
# Attribute on the USER record that indicate their username to be used in gitblit
# when synchronizing users from LDAP
# if blank, Gitblit will use uid
# For MS Active Directory this may be sAMAccountName
+#
+# SINCE 1.0.0
realm.ldap.uid = uid
+# Defines whether to synchronize all LDAP users and teams into the user service
+#
+# Valid values: true, false
+# If left blank, false is assumed
+#
+# SINCE 1.4.0
+realm.ldap.synchronize = false
+
+# Defines the period to be used when synchronizing users and teams from ldap.
+#
+# Must be of the form '<long> <TimeUnit>' where <TimeUnit> is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS'
+
+# default: 5 MINUTES
+#
+# RESTART REQUIRED
+# SINCE 1.4.0
+realm.ldap.syncPeriod = 5 MINUTES
+
+# Defines whether to delete non-existent LDAP users from the user service
+# during synchronization. depends on realm.ldap.synchronize = true
+#
+# Valid values: true, false
+# If left blank, true is assumed
+#
+# SINCE 1.4.0
+realm.ldap.removeDeletedUsers = true
+
# URL of the Redmine.
+#
+# SINCE 1.2.0
realm.redmine.url = http://example.com/redmine
#
-# Server Settings
+# Gitblit GO Server Settings
+# The following settings only affect the integrated GO variant.
#
# The temporary folder to decompress the embedded gitblit webapp.
@@ -1555,13 +1816,9 @@
# BASEFOLDER
server.tempFolder = ${baseFolder}/temp
-# Use Jetty NIO connectors. If false, Jetty Socket connectors will be used.
-#
-# SINCE 0.5.0
-# RESTART REQUIRED
-server.useNio = true
-
-# Specify the maximum number of concurrent http/https worker threads to allow.
+# Specify the maximum number of concurrent http/https Jetty worker
+# threads to allow. This setting does not affect other threaded
+# daemons and components of Gitblit.
#
# SINCE 1.3.0
# RESTART REQUIRED
@@ -1590,14 +1847,6 @@
# RESTART REQUIRED
server.httpsPort = 8443
-# Port for serving an Apache JServ Protocol (AJP) 1.3 connector for integrating
-# Gitblit GO into an Apache HTTP server setup. <= 0 disables this connector.
-# Recommended value: 8009
-#
-# SINCE 0.9.0
-# RESTART REQUIRED
-server.ajpPort = 0
-
# Automatically redirect http requests to the secure https connector.
#
# This setting requires that you have configured server.httpPort and server.httpsPort.
@@ -1625,15 +1874,6 @@
# SINCE 0.5.0
# RESTART REQUIRED
server.httpsBindInterface =
-
-# Specify the interface for Jetty to bind the AJP connector.
-# You may specify an ip or an empty value to bind to all interfaces.
-# Specifying localhost will result in Gitblit ONLY listening to requests to
-# localhost.
-#
-# SINCE 0.9.0
-# RESTART REQUIRED
-server.ajpBindInterface = localhost
# Alias of certificate to use for https/SSL serving. If blank the first
# certificate found in the keystore will be used.
--
Gitblit v1.9.1