Äú¿ÉÒÔ¾èÖú£¬Ö§³ÖÎÒÃǵĹ«ÒæÊÂÒµ¡£

1Ôª 10Ôª 50Ôª





ÈÏÖ¤Â룺  ÑéÖ¤Âë,¿´²»Çå³þ?Çëµã»÷Ë¢ÐÂÑéÖ¤Âë ±ØÌî



  ÇóÖª ÎÄÕ ÎÄ¿â Lib ÊÓÆµ iPerson ¿Î³Ì ÈÏÖ¤ ×Éѯ ¹¤¾ß ½²×ù Modeler   Code  
»áÔ±   
 
   
 
 
     
   
 ¶©ÔÄ
  ¾èÖú
´úÂëÆÀÉóϵͳ ReviewBoard ºÍ Gerrit
 
×÷Õߣº°ÁÑ©Áè·å À´Ô´£º²©¿ÍÔ° ·¢²¼ÓÚ 2015-04-30
  15950  次浏览      28
 

²»ÂÛÊǹ«Ë¾ÀﻹÊǹ«Ë¾Í⣬Õý¾­µÄ¶àÈ˺Ï×÷¿ª·¢×îºÃÒª¾­³£×ö´úÂëÆÀÉó£¬Æä±ØÒªÐÔ²»ÓÃÎÒ¶à˵£¬µ«ÊÇÈçºÎ×ö´úÂëÆÀÉóȷʵ¸öÍ·´óµÄÊÂÇ飬ÎÒ¸öÈËÊǷdz£·´¶ÔÀ­Ò»Æ±ÈËÈ¥»áÒéÊÒ¿ªÍ¶Ó°ÒÇÒ»ÐÐÐн²µÄ£¬Ì«ÀË·Ñ×ÊÔ´ºÍʱ¼äÁË¡£

Å׿ªÆÀÉóµÄ»ý¼«ÐÔ²»Ì¸£¬ÎÒ¾õµÃ´úÂëÆÀÉóÓ¦ÊÇ¿ÉÒÔËæÊ±·¢ÆðËæÊ±½áÊøµÄ£¬ÓʼþÊǸöºÜ²»´íµÄÔØÌ壬ÕâÔÚ¿ªÔ´½çÒѾ­Ó¡Ö¤ÁË¡£µ«ÊÇÓʼþÀï·¢²¹¶¡È·Êµ²»¹»Õýʽ£¬ÐèÒªÖÚÈ˼«¸ßµÄÈÈÇéºÍ×Ô¾õ£¬ÁíÍâÓʼþµÄʱÑӱȽϴ󣬴¿Îı¾diff ¸ñʽºÜ¶àÈ˽ÓÊܲ»ÁË¡£

ÎÒÒÔǰÕûÁËÒ»Ì×ö»öºµÄ½Å±¾£¬½â¾öÁÙʱ¿âºÍÕýʽ¿âµÄ×Ô¶¯Ìá½»ÎÊÌ⣺

    auto fetch       manually push
Õýʽ¿â --------> ÁÙʱ¿â <--------+
| <-------- |
| auto push |
| |
+---------------> ¿ª·¢ÈËÔ±------+
manually fetch

¿ª·¢ÈËÔ±ÍùÁÙʱ¿âÉÏ×Ô¼ºµÄ¶ÀÁ¢·ÖÖ§ push£¬´¥·¢ GIT hook ·¢ËÍÓʼþ֪ͨ´ó¼Ò£¬ÓʼþÀïÄÚǶÁËÌá½»ÐÅÏ¢£¬È»ºóÁíÍâÒ»¸öÈ˻ظ´Í¨ÖªÓʼþ£¬ÔÚÓʼþ¿ªÍ·Ìí¼Ó[COMMIT]£¬ÁÙʱ¿âËùÔÚ»úÆ÷ÉÏÓиö¶¨Ê±ÈÎÎñÊÕÈ¡Óʼþ£¬Óöµ½±êÌâÒÔ[COMMIT] ¿ªÍ·µÄÓʼþ¾ÍÈ¥ÓʼþÄÚÈÝÀïÕÒÌá½»ÐÅÏ¢£¬²¢×Ô¶¯ push µ½Õýʽ¿âÀï¡£

Õâô¸ãµÄÄ¿µÄÒ»ÊÇÈÃÕýʽ¿â°²È«µã£¬ÒòΪ´ó¼Ò GIT ÓõIJ»ÊǺÜÊìÁ·£¬¶þÊÇÔö¼ÓµãÌá½»ÑÓʱ£¬ËäÈ»´ó¼Ò²¢²»ÕæµÄÆÀÉ󣬵«ÖÁÉÙÿһ¸öÐ޸ĻáÓÐÁ½¸öÈË¡°¹Ø×¢¡±£¨ÆäʵÊÇÇ£Éæ¶øÒÑ£¬ºÜÉÙÓÐÈËÕæµÄ¿´ÐÞ¸ÄÄÚÈÝ£©¡£Õâ¸ö¶«Î÷Ì«¹ýÓÚÀíÏ뻯ÁË£¬±»È˱§Ô¹µÄ×î´óÎÊÌâÊÇÌá½»ÑÓʱ£¨ÆäʵҲ¾Í°ëСʱ×óÓÒ£©¡£µ±È»£¬Ò²Óм¸´Îȷʵ±ÜÃâÁË´íÎóµÄÌá½»¡£

µ«ÔÚ¹«Ë¾ÀïÓʼþÍùÍùÌ«¶à£¬´¦ÀíºÜµÍЧ£¬»¹ÊÇÓиö Web ½çÃæ¸üÓѺøüʵʱµã£¬Õâ·½Ãæ¿ªÔ´µÄ¶ÀÁ¢¿ÉÔËÐвúÆ·×îΪ֪ÃûµÄ¸ÃÊô ReviewBoard ºÍGerrit ÁË¡£»¹Óиö Rietveld£¬ËãÊÇ Gerrit µÄǰ±²£¬Python Ö®¸¸Õë¶Ô Subversion ×öµÄ£¬Ê¹ÓÃÁË Google App Engine µÄ·þÎñ£¬ÓÐÈ˸øËü´òÁ˲¹¶¡ÒÔÖ§³ÖÔÚ±¾µØµ¥»úÔËÐУ¬µ«ÖÕÊÇÔÚ Google Ö®ÍâʹÓò»¹ã¡£

ReviewBoard µÄ½çÃæ¼ò½àƯÁÁ£¬ÎÒͦϲ»¶µÄ£¬µ«ÎÒ˾ÓÃµÄ 1.5 µÄ°æ±¾Æµ·±¹Òµô£¬²»ÖªµÀÐ嵀 1.6 ºÃµãû£¬½çÃæÉϵ¹ÊÇÓÖÓиĽø£¬ÌرðÊÇ¿ÉÒÔÔÚ comment À↑ issue µÄ×ö·¨ºÜÓд´Òâ¡£×¢ÒâÕâ¸ö²¢²»ÊÇÕæµÄÔÚ BUG ¹ÜÀíϵͳÀ↑һ¸ö BUG£¬¶øÊÇÔÚ ReviewBoard Àï×öÒ»¸öÀàËÆFIXME µÄ±ê¼Ç¡£

ReviewBoard µÄ°²×°ºÜÈÝÒ×£¬¹Ù·½Îĵµ×öµÄͦºÃ£¬ÎÒÔÚÓʼþÅäÖÃÀ│¿ÇÁËÏ£¬ÎÒµÄ Exim 4 Ö»¸øÅäÖÃÁË GSSAPI ºÍ DIGEST-MD5 ÈÏÖ¤·½Ê½£¬Ç°Õ߸øÓû§£¬ºóÕ߸øÐèÒª·¢ÓʼþµÄ·þÎñ£¬±ÈÈç RoundCube¡¢ReviewBoard¡¢Gerrit£¬µ«ÊDZ¯´ßµÄÊÇ ReviewBoard ʹÓÃµÄ Python smtplib ¿âÖ»Ö§³Ö CRAM-MD5¡¢LOGIN£¬°³ÕÛÌÚÁ˺ü¸Ì죬×îºóÔÚqunshan@newsmth µÄ´óÁ¦°ïÖúÏ£¬ÖÕÓÚ¸ã³öÒ»¸ö´ÕºÏ¿ÉÓõÄÖ§³ÖDIGEST-MD5 µÄ smtplib.py£¬´úÂë¼û https://gist.github.com/2679719 £¬µ«×îºóÎÒ»¹ÊǾö¶¨Èà Exim 4 Ö§³Ö CRAM-MD5 ÈÏÖ¤µÃÁË£¬·´ÕýÓÐ SSL ±£»¤¡£

Õâ¸ö¹ý³ÌÖÐÓиöСЦ»°£¬ÕÛÌÚ ReviewBoard Óʼþ·¢ËÍʱ£¬ÎÒ·¢ÏÖÓÐʱºò¿ÉÒԳɹ¦£¬ºÜÊǾªÑÈ£¬×îºó·¢ÏÖ Web ½çÃæ±£´æ Email ÉèÖÃʱ smtp ÃÜÂëÓÐʱ±£´æÎª¿Õ£¬Ò²¾ÍÊÇ smtp ÃÜÂëûָ¶¨Ê±¿ÉÒÔ·¢Ëͳɹ¦£¬Ô­À´´Ëʱ ReviewBoard ѹ¸ù²»»áÏò Exim ·¢ËÍ AUTHÖ¸Áî×öÈÏÖ¤£¬¶ø Exim4 ¾ÓȻҲÀֺǺǵÄͬÒâ·¢ËÍÁË£¬¾ªÁËÎÒ°ëÉíÀ亹£¡

Exim Õâô×ö¿ÉÄÜÊÇ SMTP ЭÒéÀúÊ·ÉϺܿª·Å£¬ÒÔ¼°¾ÖÓòÍøÄڱȽϰ²È«µÄÔµ¹Ê£¬µ«ÊÇÎÒ»¹ÊÇÆ«Ö´µÄµ£ÐÄij¸ö·Ã¿Í½ø¹«Ë¾ºó²å¸öÍøÏ߾ͿÉÒÔÀûÓÃExim ¿ñ·¢Óʼþ£¬ËùÒÔ¾Í×öÁËÏÞÖÆ£¬±ØÐè STARTTLS ²¢ÇÒÈÏÖ¤Á˲ÅÄÜ·¢Óʼþ£º

$ cat /etc/exim4/conf.d/acl/30_exim4-config_check_mail

### acl/30_exim4-config_check_mail
#################################

# This access control list is used for every MAIL command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_mail:
  require
    message = no AUTH given before MAIL command
    authenticated = *
    message = no STARTTLS given before MAIL command
    encrypted = *

  .ifdef CHECK_MAIL_HELO_ISSUED
  deny
    message = no HELO given before MAIL command
    condition = ${if def:sender_helo_name {no}{yes}}
  .endif

  accept

ReviewBoard ÁíÒ»¸öÎÊÌâÊDz»Ö§³Ö HTTP ÈÏÖ¤£¬Ô­ÒòÊÇReviewBoard ʹÓÃµÄ Django¿ò¼ÜµÄ¾É°æ±¾¶ÔÕâ¸öÖ§³Ö²»Á¦£¬Ð°æ Django Ã²ËÆÖ§³ÖÁË£¬µ« ReviewBoard »¹ÐèÒª×ö¶îÍ⹤×÷²ÅÄÜÅäºÏ£¬±ÈÈç×Ô¶¯´´½¨ ReviewBoard ÀïµÄÓû§£¬±ÈÈçÈ¥µôµÇ¼¡¢×¢²á¡¢×¢ÏúÁ´½ÓµÈµÈ£¬ÓÐÈËÌáÁ˲¹¶¡³öÀ´£¬»¹Ã»ÊÕ¼£¬ÎÒÒ²²»Çå³þÊDz»ÊǸĵÄÍ걸£¬ÎÒ²»¶® Python£¬ÔÝÇÒ²»ÕÛÌÚÁË¡£

½ÓÏÂÀ´ÊǰÑÍæÏ Gerrit£¬ÕâØËµÄÎĵµÐ´µÄÒ²ºÜÔÞ£¨¿ªÔ´µÄ¶«Î÷ÎĵµÐ´µÄºÃµÄÕæ²»¶à¼û£©£¬°²×°ÊǺܼòµ¥ÁË£¬ÔçÆÚµÄ Gerrit ¾Ý˵ÊÇÓà Python дµÄ£¬ÔÚ GIT Ö÷Á¦¿ª·¢ÕßÒÔ¼° jgit ÏîÄ¿·¢ÆðÈË Shawn O. Pearce ¼ÓÈë Google ºó¾Í¸ÄÓà Java дÁË£¬±àÒëºÃµÄ Gerrit ¾ÍÊÇÒ»¸ö war °ü£¬¿ÉÒÔ·ÅÈë Servlet ÈÝÆ÷ÀïÔËÐУ¬Ò²¿ÉÒÔjava -jar gerrit.war Ö±½ÓÓÃÄÚÖÃµÄ Jetty£¬Ì«ÌùÐÄÁË¡£Shawn ÊǸöºÜÇڷܵÄÈË£¬Óà Java ÖØÐÂʵÏÖÁË GIT ºËÐŦÄÜ£¬Gerrit ÄÚÖà Web server¡¢SSH server£¬»¹ÓÐÒ»¸ö Prolog ÓïÑÔ½âÊÍÆ÷¡£¡£¡£¡£

Gerrit ÀïÆÀÉóÁ÷³Ì·ÖÈý¸ö½×¶Î£¬¿ÉÒÔ·Ö±ðÈò»Í¬½ÇɫִÐУº

review: ÈËÈâɨÃè´úÂëÓÐÎÞÎÊÌâ

verify: ±àÒë¡¢²âÊÔ£¬¿ÉÒÔÓà Jenkins µÄ Gerrit Trigger ²å¼þ×Ô¶¯³ö·¢

submit: Ìá½»´úÂëµ½Õýʽ·ÖÖ§ÉÏ£¬Ã²ËÆÓÉÈË´¥·¢£¬Gerrit À´Ö´ÐÐ

ÔÚʹÓà Gerrit ʱ£¬²»ÒªÍü¼Ç°Ñ commit-msg hook ×°ÉÏ£ºhttp://gerrit-documentation.googlecode.com/svn/Documentation/2.3/user-changeid.html#_creation

ÓÉÓÚÎÒÏë°Ñ°²×°¹ý³Ì×Ô¶¯»¯£¬ËùÒÔÔÚÖ´ÐÐ java -jar gerrit.war init ʱ¿Ä°íÁËÏ£¬Õâ¸ö init ÃüÁîÓиö --batch Ñ¡Ï±íʾÔڷǽ»»¥×´Ì¬ÏÂʱ init»áÓÃĬÈÏÅäÖô´½¨Ò»¸ö Gerrit site£¬±ÈÈçʹÓà H2 Êý¾Ý¿â£¬Õâ²»ÊÇÎÒÆÚÍûµÄ£¬ÎÒÏ£ÍûËüÓà PostgreSQL Êý¾Ý¿â£¬ËäÈ»´´½¨Íê site ºó¿ÉÒÔÐÞ¸ÄSITE_DIR/etc/gerrit.config£¬µ«ÎÒµ£ÐÄ init ʱ»á³õʼ»¯Êý¾Ý¿âʲôµÄ£¬²»ÊÇÔÚ gerrit.config ¼òµ¥¸ÄÏÂÅäÖþÍÄÜÇл»Êý¾Ý¿âµÄ¡£ ÓÚÊÇÎÒ°Ñ init ½»»¥Ê½ÔËÐÐʱµÄ´ð°¸Ð´ÈëÎļþÀÏëͨ¹ý¹ÜµÀ´«¸ø java -jar gerrit.war init£¬Ã»Ïëµ½ÒÁÅжÏÁËÊäÈëÊÇ·ñÖÕ¶Ë£¬·¢ÏÖ²»ÊÇÖն˾ÍÖ±½Ó×ß --batch ģʽÁË£¬ÕæÊÇ×Ô×ö´ÏÃ÷¡£¡£¡£ÕÛÌÚÁË»á empty (http://empty.sf.net)¡¢expect¡¢socat ºó·ÅÆúÁË£¬»¹ÊÇÀÏʵ½»»¥Ê½°²×°°É£¬·´Õý²»»áƵ·±ÖØ×°¡£ ÏÂÃæÊÇÎÒÊäÈëµÄÎÊÌâ´ð°¸£¬@@...@@ ±ê¼Ç´¦ÐèÒªÌæ»»³ÉÕæµÄÃÜÂ룬ÔÚÖ´ÐÐ init ֮ǰҪÏÈ´´½¨ºÃgerrit Êý¾Ý¿âÒÔ¼° gerrit ϵͳÕË»§¡¢gerrit ÓʼþÕË»§£º

### Gerrit Code Review 2.3
# Create '/srv/gerrit/site'      [Y/n]?
y

### Git Repositories
# Location of Git repositories   [git]:
git

### SQL Database
# Database server type           [H2/?]:
postgresql

# Server hostname                [localhost]:
localhost

# Server port                    [(POSTGRESQL default)]:
5432

# Database name                  [reviewdb]:
gerrit

# Database username              [gerrit]:
gerrit

# gerrit's password              :
@@GERRIT_DB_PASSWORD@@

#               confirm password :
@@GERRIT_DB_PASSWORD@@

### User Authentication
# Authentication method          [OPENID/?]:
http

# Get username from custom HTTP header [y/N]?
y

# Username HTTP header           [SM_USER]:
X-Forwarded-User

# SSO logout URL                 :
https://sso.corp.example.com/logout

### Email Delivery
# SMTP server hostname           [localhost]:
smtp.corp.example.com

# SMTP server port               [(default)]:
25

# SMTP encryption                [NONE/?]:
tls

# SMTP username                  [gerrit]:
gerrit@corp.example.com

# gerrit's password              :
@@GERRIT_SMTP_PASSWORD@@

#               confirm password :
@@GERRIT_SMTP_PASSWORD@@

### Container Process
# Run as                         [gerrit]:
gerrit

# Java runtime                   [/usr/lib/jvm/java-6-openjdk-i386/jre]:
/usr/lib/jvm/default-java/jre

# Copy gerrit.war to /srv/gerrit/site/bin/gerrit.war [Y/n]?
y

### SSH Daemon
# Listen on address              [*]:
*
# Listen on port                 [29418]
2022

# Download and install it now [Y/n]?
y

### HTTP Daemon
# Behind reverse proxy           [y/N]
y

# Proxy uses SSL (https://)      [y/N]?
n

# Subdirectory on proxy server   [/]:
/

# Listen on address              [*]:
127.0.0.1

# Listen on port                 [8081]:
2080

ÔÚÕâ¸ö»Ø´ðÀïÓм¸¸öµØ·½ÊDZȽÏÌØÊâµÄ£¬Ò»ÊÇÓû§ÈÏÖ¤·½Ê½£¬ÓÉÓÚÎÒÊǰÑGerrit ·ÅÔÚ Apache ºóÃæ£¬Apache ʹÓà mod_auth_kerb ×öÓû§ÈÏÖ¤£¬ËùÒÔÕâÀïÎÒ¸ø Gerrit Ñ¡ÔñÁË http ÈÏÖ¤·½Ê½£¬Ä¬ÈÏÇé¿öÏ Gerrit httpÈÏÖ¤·½Ê½»áʹÓÃǰ¶Ë Web ·þÎñÆ÷´«¹ýÀ´µÄ Authorization HTTP Í·²¿£¬±ÈÈç "Authorization: Basic xxxxxx" »òÕß "Authorization: Digest xxxx"£¬¿ÉϧµÄÊÇ Gerrit ´úÂëûÓд¦Àí "Authorization: Negotiate xxxx" µÄÇé¿ö£¬ËùÒÔÐèÒªÔÚ Apache ÀïÓà mod_rewrite °Ñ REMOTE_USER ±äÁ¿×÷ΪX-Forwarded-User Í·²¿´«¸ø Gerrit£¬Õâ¸öÃû×Ö¿ÉÒÔËæ±ãÈ¡£¬µ«¸ù¾Ý GerritÎĵµËµ·¨£¬²»ÒªÖØÓà Authorization Í·²¿¡£

µÚ¶þ¸öÌØÊâµÄµØ·½ÊÇ SMTP encryption£¬ssl ±íʾֱ½ÓÒÔ ssl ·½Ê½Á¬½Ó£¬tls ±íʾÏÈÒÔ·Ç ssl ·½Ê½Á¬½Ó£¬È»ºóÓà STARTTLS Éý¼¶Îª ssl Á¬½Ó£¬ºóÒ»ÖÖ·½Ê½ÊÇÏÖÔÚ ssl Ó÷¨ÀïÍÆ¼öµÄ¡£Ê¹ÓÃÄÄÒ»ÖÖÈ¡¾öÓÚÄãµÄ smtp ·þÎñÆ÷ÅäÖã¬Ò»°ã ssl »áÓöÀÁ¢¶Ë¿Ú£¬tls µÄ»°Ö±½ÓÓñê×¼ SMTP 25 ¶Ë¿Ú¡£

µÚÈý¸öÌØÊâµÄµØ·½ÊÇ·´Ïò´úÀí£¬ÒòΪÎÒÒªÅäÖà Kerberos ͳһµÇ¼£¬ËùÒÔGerrit Ç°ÃæÓиö Apache ×ö·´Ïò´úÀí£¬ÕâÁ©ÎÒÅäÖÃÔÚͬһ̨»úÆ÷ÉÏ£¬ËùÒÔ²»Óà https¡£

ÔÚ java -jar gerrit.war init -d /srv/gerrit/site Ö´ÐÐÍêÖ®ºó£¬Ëü»áÌáʾÄã·ÃÎÊ http://127.0.0.1:2080/#/admin/projects/£¬µ«ÄãÓ¦¸Ã·ÃÎÊhttp://gerrit.corp.example.com/#/admin/projects/£¬ÕâÀïgerrit.corp.example.com ÊÇÎÒ¸ø gerrit ËùÔÚ»úÆ÷ÉèÖÃµÄ CNAME£¬Õâ¸öÇëÇó»á±» Apache µÄ gerrit virtual host ½Ø»ñ£¬×öÍê HTTP NegotiateÈÏÖ¤ºóת·¢¸øºǫ́µÄ Gerrit£¬Ò²¾ÍÊÇ http://127.0.0.1:2080/...£¬Ö±½ÓÇëÇó 2080 ¶Ë¿ÚÕâ¸öµØÖ·µÄ»°£¬Gerrit »á±¨´í˵ûÓÐ Authorization Í·²¿¡£

ÏÂÃæÊÇÎÒµÄ Apache gerrit ÐéÄâÖ÷»úÅäÖãº


    ServerName gerrit.corp.example.com
    ServerAdmin webmaster@corp.example.com
    DocumentRoot /nonexistent

    ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined

    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On

    
        Order deny,allow
        Allow from all
    

    
        AuthType Kerberos
        Require valid-user

        Order allow,deny
        Allow from all

        RewriteEngine On
        RewriteCond %{REMOTE_USER} (.+)
        RewriteRule .* - [E=RU:%1]
        RequestHeader set X-Forwarded-User %{RU}e
    

    ProxyPass   / http://127.0.0.1:2080/
    ProxyPassReverse  /  http://127.0.0.1:2080/

ÔÚÇëÇó http://gerrit.corp.example.com/#/admin/projects/ ʱ£¬Gerrit¿ÉÄܱ¨´í˵ÕÒ²»µ½ All-Projects£¬Ô­Òò²»Ã÷£¬½â¾ö°ì·¨ÊÇ°Ñ PostgreSQLÀïµÄ gerrit Êý¾Ý¿âɾ³ýÖØ½¨£¬ÔÙÖØÐ java -jar gerrit.war init¡£

û³öÆäËüÎÊÌâµÄ»°£¬Gerrit µÄ Web ½çÃæ¾ÍÕ¹ÏÖÔÚÄãÃæÇ°£¬ËüÒªÇóΪµ±Ç°Óû§×¢²áÒ»¸ö email Õʺţ¬µÚÒ»¸öµÇ¼µÄÓû§×Ô¶¯³ÉΪ¹ÜÀíÔ±£¬ºóÐøµÇ¼µÄÆäËüÓû§ÊÇÆÕͨȨÏ޵ġ£

Èç¹ûÄãÓÃµÄ SMTP ·þÎñÆ÷µÄ SSL Ö¤ÊéÊÇ×ÔÇ©ÃûµÄ£¬²¢ÇÒ¸úÎÒÒ»Ñù GerritʹÓà tls ·½Ê½Á¬½Ó SMTP ·þÎñÆ÷£¬µ½ÕâÀï»á¿¨¿Çһϡ£µÚÒ»¸öÎÊÌâÊÇsite/etc/gerrit.config ÀïĬÈÏûÓÐ sendemail.sslverify£¬ËüµÄֵĬÈÏÊÇ true£¬Õâ»áµ¼Ö javax.net.ssl ¼ì²é SMTP ·þÎñÆ÷µÄ SSL Ö¤ÊéÊÇ·ñÊÇ trusted µÄ£¬´ð°¸µ±È»ÊÇ·ñ£¬ÓÚÊÇ Gerrit Å×Òì³£ÁË£º

sun.security.validator.ValidatorException: PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

½â¾ö°ì·¨ÓÐÈçÏÂÕâЩ£º

ÔÚ /srv/gerrit/site/etc/gerrit.config Àï [sendemail] ÀïÌí¼Ó sslverify = false£¬ËäȻʹÓà openssl µÄ client ´ó¶àÊÇÕâ¸öµÂÐУ¬µ«ÎÒ¾õµÃ²»´óÊæ·þ£¬ËùÒÔûÓÃÕâ¸ö°ì·¨¡£

°Ñ SMTP ·þÎñÆ÷µÄ SSL Ö¤Êéµ¼Èë Java µÄ truststore À﹩ javax.net.ssl ʹÓá£

truststore ÊÇÖ»°üº¬¹«Ô¿µÄ keystore, keystore ÊÇ Java °²È«¿ò¼ÜÀïÓÃÀ´±£´æÖ¤Ê顢˽ԿµÈµÈµÄ¶«Î÷£¬×î³£ÓõÄÊÇ JKS ¸ñʽµÄ keystore Îļþ£¬±ÈÈç $JAVA_HOME/jre/lib/security/cacerts, $HOME/.keystore¡£truststore ±» Java Àà¿âÀïµÄ TrustManager ʹÓã¬keystore ±» Java Àà¿âÀïµÄ KeyManager ʹÓ㬵±È» TrustManager Ò²ÄÜÓà keystore¡£

ÔÚÕâ¸öÖ¤ÊéÑéÖ¤ÎÊÌâÉÏ£¬ÐèÒª¸ø TrustManager Ö¸¶¨Ò»¸ö truststore »òÕßkeystore£¬ÓÐÈýÖÖ°ì·¨£º

Èç¹û javax.net.ssl.trustStore ϵͳÊôÐÔÖ¸¶¨ÁË£¬¾ÍʹÓÃÕâ¸öϵͳÊôÐÔÖ¸¶¨µÄÄǸöÎļþµ±×÷ truststore£¬truststore µÄÃÜÂë´Ójavax.net.ssl.trustStorePasswordϵͳÊôÐÔ»ñÈ¡¡£ÍøÉÏÓв»ÉÙÎÄÕ»¹Ìáµ½ javax.net.ssl.keyStore ºÍ javax.net.ssl.keyStorePassword£¬Õâ¸öÖ»ÔÚ ssl server ¶Ë»òÕß ssl client ¶ËʹÓÃclient cert Ïò ssl serverÈÏÖ¤µÄÇé¿öϲÅÐèÒª¡£

Èç¹û javax.net.ssl.trustStore ÊôÐÔûָ¶¨»òÕßÎļþûÕÒµ½£¬ÔòʹÓà $JAVA_HOME/jre/lib/security/jssecacerts

Èç¹û jssecacerts ûÕÒµ½£¬ÔòʹÓà $JAVA_HOME/jre/lib/security/cacerts¡£

ÍøÉÏÓв»ÉÙÎÄÕ¶¼Ëµ°ÑÖ¤ÊéÖ±½Ó¼ÓÈë jssecacerts »òÕß cacerts ÖУ¬ÎÒÊǰ밲ȫƫִ¿ñ£¬¾õµÃ°ÑÒ»¸ö×Ô¼ºÍæµÄÖ¤Êé¼Ó½øÈ¥²»Ì«¿¿Æ×£¬ÁíÍâµ£ÐÄ Debian µÄÈí¼þ°üÉý¼¶»á×Ô¶¯¸üРcacerts£¨ÒÁÆäʵÊÇ·ûºÅÁ´½Óµ½ /etc/ssl/certs/java/cacertsÁË£¬ca-certificates °üµÄ /usr/sbin/update-ca-certificates »áͨ¹ýca-certificates-java °üµÄ /etc/ca-certificates/update.d/jks-keystore¸üÐÂËü£¬ÎĵµÓÐÌáµ½ local cert »áÒÀÈ»±£Áô£¬ÎÒûÊÔÑ飩¡£

ͨ¹ý·ÖÎö /srv/gerrit/site/bin/gerrit.sh Æô¶¯½Å±¾£¬ÒÁʹÓÃÁËJAVA_OPTIONS ±äÁ¿£¬²¢ÇÒ¶ÁÈ¡ /etc/default/gerritcodereview Îļþ£¬ËùÒÔ¿ÉÒÔÔÚ /etc/default/gerritcodereview ÀïдÈ룺

JAVA_OPTIONS="-Djavax.net.ssl.trustStore=/srv/gerrit/truststore \
-Djavax.net.ssl.trustStorePassword=changeit"

È»ºó /srv/gerrit/site/bin/gerrit.sh stop ÔÙ start ÖØÆô gerrit¡£(Ò²¿ÉÒÔ°ÑÕâ¸öÑ¡Ïî·ÅÔÚ /srv/gerrit/site/etc/gerrit.config µÄcontainer.javaOptions Àhttp://gerrit-documentation.googlecode.com/svn/Documentation/2.3/config-gerrit.html#_a_id_container_a_section_container)

/srv/gerrit/truststore ÊÇÕâôÉú³ÉµÄ£º

gerrit$ keytool -importcert -alias exim -file /etc/exim4/exim.crt \
-keystore /srv/gerrit/truststore -storepass changeit

Õâ¸ö truststore µÄÃÜÂëÊÇÎÞËùνµÄ£¬ÒòΪËüÀïͷûÓÐ˽Կ¡£ exim.crt ÊÇÓÃ/usr/share/doc/exim4/examples/exim-gencert Éú³ÉµÄ¡£

ÖØÆô Gerrit ºó£¬Ö¤ÊéÎÊÌâ½â¾öÁË£¬µÚÒ»´ÎµÇ¼ҪÇó×¢²áÓÊÏäµÄ¶Ô»°¿òҲûÁË£¬Õâʱ¿ÉÒÔµã»÷ÓÒÉÏ½ÇµÄ settings Á´½Ó£¬ÔÚ contact information ÄÇÒ»À¸Àï¡£¿ÉϧµÄÊÇÎÊÌâûÍ꣬ÊäÈëÓÊÏäµã»÷"Register New Email..."ºó£¬Gerrit Ò»Ö± Loading£¬/var/log/exim4/mainlog ÒÔ¼° /srv/gerrit/site/logs/error_log ÀïûÓдíÎóÐÅÏ¢£¬Gerrit Web Ò³Ãæ¾ÍÄÇôһֱ¹Ò×Å£¬Ö±µ½ exim4 ±¨¸æÁ¬½Ó³¬Ê±£¬°Ñ Gerrit·¢ÆðµÄ smtp Á´½Ó¶Ïµô¡£

»¨·ÑÁËÈý°ÙÄÔϸ°ûºó£¬°³ÖÕÓÚÕÒµ½Ô­Òò£¬ÊÇ Gerrit µÄ AuthSMTPClient.startTLS()ʵÏÖ¸ú SMTP ·þÎñÆ÷ÅäºÏÓÐÎÊÌ⣬ÕâÊÇÒ»¸ö SMTP STARTTLS »á»°£º

$ gsasl --smtp smtp.corp.example.com
Trying `gold.corp.example.com'...
220 gold.corp.example.com ESMTP Exim 4.77 Mon, 21 May 2012 14:46:43 +0800
EHLO [127.0.0.1]
250-gold.corp.example.com Hello localhost [127.0.0.1]
250-SIZE 10485760
250-PIPELINING
250-AUTH GSSAPI
250-STARTTLS
250 HELP
STARTTLS
220 TLS go ahead
EHLO [127.0.0.1]
250-gold.corp.example.com Hello localhost [127.0.0.1]
250-SIZE 10485760
250-PIPELINING
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250 HELP
AUTH GSSAPI
....

¿ÉÒÔ¿´µ½ÔÚ STARTTLS Ö®ºó£¬Exim ²»»áÔٴη¢ËÍ banner ÁË£º220 gold.corp.example.com ESMTP Exim 4.77 Mon, 21 May 2012 14:46:43 +0800

ÏÂÃæÊÇ Gerrit AuthSMTPClient µÄ´úÂ룬ÒÁÔÚ org.apache µÄÃüÃû¿Õ¼äÁ˲åÁ˸ö AuthSMTPClient À࣬ÊÔͼ¸ø apache commons-net 2.2 µÄ SMTPClientÔö¼Ó STARTTLS Ö§³Ö£ºhttp://code.google.com/p/gerrit/source/browse/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java?name=stable-2.3

public boolean startTLS(final String hostname, final int port, final boolean verify)
throws SocketException, IOException {
if (sendCommand("STARTTLS") != 220) {
return false;
} _socket_ = sslFactory(verify).createSocket(_socket_, hostname, port, true);
_connectAction_();
return true;
}

ÊÂÇ黵ÔÚ _connectAction_() ÀÕâ¸öÔÚ AuthSMTPClient µÄ¸¸Àà SMTPClientµÄ¸¸Àà SMTP Àï»áÔÚÈ¥¶ÁÈ¡ SMTP ·þÎñÆ÷µÄ banner ÐÅÏ¢£¬ÓÚÊÇ startTLS() ¾Í¹ÒÔÚÕâ¸öµØ·½ÉµµÈÖ±µ½ SMTP ·þÎñÆ÷Ìß¿ªËü¡£¡£¡£¡£ÈËÉú²»ÈçÒâÊÂʮ֮°Ë¾Å°¡¡£¡£¡£

http://www.rfc-editor.org/rfc/rfc2487.txt
5.2 Result of the STARTTLS Command
Upon completion of the TLS handshake, the SMTP protocol is reset to
the initial state (the state in SMTP after a server issues a 220
service ready greeting).

´ÓÕâ¸öÃèÊö¿´£¬SMTP server ÊDz»Ó¦¸ÃÔÙ·¢Ò»´Î banner µÄ¡£ÔÚ AuthSMTPClient.startTLS()´î¸ö²¹¶¡ºó(http://code.google.com/p/gerrit/issues/detail?id=1397)£¬STARTTLS ˳ÀûÍê³É£¬¿ªÊ¼ SMTP ÈÏÖ¤£¬×¢Òâ apache commons-net 2.2 Ö»Ö§³Ö CRAM-SHA1, CRAM-MD5, LOGIN, PLAINÕ⼸ÖÖ£¬²»Ö§³Ö DIGEST-MD5£¬»¹ºÃÎÒÇ°ÃæÎªÁËReviewBoard´ò¿ªÁË Exim4 µÄ CRAM-MD5 ÈÏÖ¤Ö§³Ö¡£

Õâ¿é´úÂë¸Ð¾õ±È½Ïö»öº£¬²»ÖªµÀÊDz»ÊÇʵÏÖÓÐȱÏÝ£¬ËùÒÔ apache commons-netÍøÕ¾É졄 2.x ϵÁдÓÏÂÔØÒ³ÃæÉ¾³ýÁË£¬Ö»ÓÐ 1.x ºÍ 3.x ϵÁС£¡£¡£²»ÖªµÀGoogle ÄǰïÈËΪʲôûתÏò±ê×¼µÄ JavaMail API¡£

Èç¹û Gitweb ÒѾ­°²×°ÁË£¬ÄÇô Gerrit ×Ô¶¯¼¯³É Gitweb£¬±ê×¼°²×°Çé¿öÏÂɶ¶¼²»ÓÃÅäÖã¬ÔÚ Gerrit Web UI ÉÏÿ¸ö²¹¶¡ÅÔ±ßÓÐ gitweb µÄÁ´½Ó£¬Ï൱Ï൱µÄºÃÓá£Gerrit Îĵµ»¹Éù³ÆÄܸú cgit ¼¯³É£¬ÎÒûʵÑé¹ý¡£ÓÉÓÚ Gerrit »á¶¯Ì¬µÄÔÚ/srv/gerrit/.gerritcodereview/tmp/gerrit..../ ÏÂÉú³É gitweb_config.perl£¬ÓÐÕâ¸öÎļþºó /usr/lib/cgi-bin/gitweb.cgi ¾Í²»»á¶ÁÈ¡ /etc/gitweb.conf ÁË¡£

Gerrit »¹ÄÜͨ¹ý commentlink ºÍ trackingid ¸úÍⲿµÄ Bug ¸ú×Ùϵͳ¼¯³É£¬²Î¿¼£ºhttp://gerrit-documentation.googlecode.com/svn/Documentation/2.3/config-gerrit.html

Gerrit Ö±½ÓʹÓà jgit ¿âÖ±½Ó¹ÜÀí´úÂë¿â£¬Èç¹ûÓÐÍⲿµÄ GIT ¿â£¬±ÈÈç±»Gitolite ¹ÜÀíµÄ£¬ÓÐÁ½¸ö°ì·¨ÈÃÌá½»µ½ Gerrit µÄÐÞ¸ÄҲɢ²¥µ½Íⲿ GIT ¿âÀ

ʹÓà Gerrit µÄ Git replication ÌØÐÔ£¬Gerrit ±³µØÀï°ÑÐÞ¸Ä git push µ½Íⲿ¿âÀÕâ¸ö°ì·¨»áÓÐÑÓ³Ù¡£ ²Î¿¼£ºhttp://gerrit-documentation.googlecode.com/svn/Documentation/2.3/config-replication.html
´´½¨Íⲿ¿âµÄ·ûºÅÁ´½Óµ½ /srv/gerrit/site/git/ À±ÈÈç ln -s /srv/git/repositories/testing.git /srv/gerrit/site/git/testing.git£¬ÐèҪעÒâÎļþȨÏÞ¡£ ²Î¿¼£ºhttp://gerrit-documentation.googlecode.com/svn/Documentation/2.3/project-setup.html#_manual_creation£¬Õâ¸öÎĵµ²»ÊÇ˵´´½¨·ûºÅÁ´½ÓµÄ£¬ÎÒÖ»ÊDz²â¿ÉÐС£

Ò»·¬ÅäÖᢶÁÎĵµÏÂÀ´£¬¸Ð¾õ Gerrit ÕæÊÇ GIT Óû§¾Ó¼Ò°ì¹«±Ø±¸Á¼Æ·£¬ÕâôºÃµÄÍæÒâ¾ÓÈ»ÊÇ¿ªÔ´µÄ£¬Ì«ÔÞÁË£¡

   
15950 ´Îä¯ÀÀ       28
Ïà¹ØÎÄÕÂ

Éî¶È½âÎö£ºÇåÀíÀôúÂë
ÈçºÎ±àд³öÓµ±§±ä»¯µÄ´úÂë
ÖØ¹¹-ʹ´úÂë¸ü¼ò½àÓÅÃÀ
ÍŶÓÏîÄ¿¿ª·¢"±àÂë¹æ·¶"ϵÁÐÎÄÕÂ
Ïà¹ØÎĵµ

ÖØ¹¹-¸ÄÉÆ¼ÈÓдúÂëµÄÉè¼Æ
Èí¼þÖØ¹¹v2
´úÂëÕû½àÖ®µÀ
¸ßÖÊÁ¿±à³Ì¹æ·¶
Ïà¹Ø¿Î³Ì

»ùÓÚHTML5¿Í»§¶Ë¡¢Web¶ËµÄÓ¦Óÿª·¢
HTML 5+CSS ¿ª·¢
ǶÈëʽC¸ßÖÊÁ¿±à³Ì
C++¸ß¼¶±à³Ì
×îл¼Æ»®
DeepSeek´óÄ£ÐÍÓ¦Óÿª·¢ 6-12[ÏÃÃÅ]
È˹¤ÖÇÄÜ.»úÆ÷ѧϰTensorFlow 6-22[Ö±²¥]
»ùÓÚ UML ºÍEA½øÐзÖÎöÉè¼Æ 6-30[±±¾©]
ǶÈëʽÈí¼þ¼Ü¹¹-¸ß¼¶Êµ¼ù 7-9[±±¾©]
Óû§ÌåÑé¡¢Ò×ÓÃÐÔ²âÊÔÓëÆÀ¹À 7-25[Î÷°²]
ͼÊý¾Ý¿âÓë֪ʶͼÆ× 8-23[±±¾©]

WEBÓ¦ÓóÌÐòUIÄ£°æ´úÂë±àд
C# ±àÂë¹æ·¶ºÍ±à³ÌºÃϰ¹ß
ʲôÊÇ·ÀÓùÐÔ±à³Ì
ÉÆÓÚ·ÀÊØ-½¡×³´úÂëµÄ·ÀÓùÐÔ
Visual C++±à³ÌÃüÃû¹æÔò
JavaScript³ÌÐò±àÂë¹æ·¶


Éè¼ÆÄ£Ê½Ô­ÀíÓëÓ¦ÓÃ
´ÓÐèÇó¹ý¶Éµ½Éè¼Æ
Èí¼þÉè¼ÆÔ­ÀíÓëʵ¼ù
ÈçºÎ±àд¸ßÖÊÁ¿´úÂë
µ¥Ôª²âÊÔ¡¢Öع¹¼°³ÖÐø¼¯³É
Èí¼þ¿ª·¢¹ý³ÌÖ¸ÄÏ


ijȫÇòÖªÃûͨÐŹ«Ë¾ ´úÂëÕû½à
ºáºÓµç»ú ÈçºÎ±àд¸ßÖÊÁ¿´úÂë
ij֪Ãû½ðÈÚÈí¼þ·þÎñÉÌ ´úÂëÆÀÉó
¶«Èí¼¯ÍÅ ´úÂëÖØ¹¹
ij½ðÈÚÈí¼þ·þÎñÉÌ ¼¼ÊõÎĵµ
Öдïµçͨ Éè¼ÆÄ£Ê½Ô­ÀíÓëʵ¼ù
·¨¹úµçÐÅ ¼¼ÊõÎĵµ±àдÓë¹ÜÀí