²»ÂÛÊǹ«Ë¾ÀﻹÊǹ«Ë¾Í⣬Õý¾µÄ¶àÈ˺Ï×÷¿ª·¢×îºÃÒª¾³£×ö´úÂëÆÀÉó£¬Æä±ØÒªÐÔ²»ÓÃÎÒ¶à˵£¬µ«ÊÇÈçºÎ×ö´úÂëÆÀÉóȷʵ¸öÍ·´óµÄÊÂÇ飬ÎÒ¸öÈËÊǷdz£·´¶ÔÀһƱÈËÈ¥»áÒéÊÒ¿ªÍ¶Ó°ÒÇÒ»ÐÐÐн²µÄ£¬Ì«ÀË·Ñ×ÊÔ´ºÍʱ¼äÁË¡£
Å׿ªÆÀÉóµÄ»ý¼«ÐÔ²»Ì¸£¬ÎÒ¾õµÃ´úÂëÆÀÉóÓ¦ÊÇ¿ÉÒÔËæÊ±·¢ÆðËæÊ±½áÊøµÄ£¬ÓʼþÊǸöºÜ²»´íµÄÔØÌ壬ÕâÔÚ¿ªÔ´½çÒѾӡ֤ÁË¡£µ«ÊÇÓʼþÀï·¢²¹¶¡È·Êµ²»¹»Õýʽ£¬ÐèÒªÖÚÈ˼«¸ßµÄÈÈÇéºÍ×Ô¾õ£¬ÁíÍâÓʼþµÄʱÑӱȽϴ󣬴¿Îı¾diff
¸ñʽºÜ¶àÈ˽ÓÊܲ»ÁË¡£
ÎÒÒÔǰÕûÁËÒ»Ì×ö»öºµÄ½Å±¾£¬½â¾öÁÙʱ¿âºÍÕýʽ¿âµÄ×Ô¶¯Ìá½»ÎÊÌ⣺
auto fetch manually push Õýʽ¿â --------> ÁÙʱ¿â <--------+ | <-------- | | auto push | | | +---------------> ¿ª·¢ÈËÔ±------+ manually fetch
|
¿ª·¢ÈËÔ±ÍùÁÙʱ¿âÉÏ×Ô¼ºµÄ¶ÀÁ¢·ÖÖ§ push£¬´¥·¢ GIT hook ·¢ËÍÓʼþ֪ͨ´ó¼Ò£¬ÓʼþÀïÄÚǶÁËÌá½»ÐÅÏ¢£¬È»ºóÁíÍâÒ»¸öÈ˻ظ´Í¨ÖªÓʼþ£¬ÔÚÓʼþ¿ªÍ·Ìí¼Ó[COMMIT]£¬ÁÙʱ¿âËùÔÚ»úÆ÷ÉÏÓиö¶¨Ê±ÈÎÎñÊÕÈ¡Óʼþ£¬Óöµ½±êÌâÒÔ[COMMIT]
¿ªÍ·µÄÓʼþ¾ÍÈ¥ÓʼþÄÚÈÝÀïÕÒÌá½»ÐÅÏ¢£¬²¢×Ô¶¯ push µ½Õýʽ¿âÀï¡£
Õâô¸ãµÄÄ¿µÄÒ»ÊÇÈÃÕýʽ¿â°²È«µã£¬ÒòΪ´ó¼Ò GIT ÓõIJ»ÊǺÜÊìÁ·£¬¶þÊÇÔö¼ÓµãÌá½»ÑÓʱ£¬ËäÈ»´ó¼Ò²¢²»ÕæµÄÆÀÉ󣬵«ÖÁÉÙÿһ¸öÐ޸ĻáÓÐÁ½¸öÈË¡°¹Ø×¢¡±£¨ÆäʵÊÇÇ£Éæ¶øÒÑ£¬ºÜÉÙÓÐÈËÕæµÄ¿´ÐÞ¸ÄÄÚÈÝ£©¡£Õâ¸ö¶«Î÷Ì«¹ýÓÚÀíÏ뻯ÁË£¬±»È˱§Ô¹µÄ×î´óÎÊÌâÊÇÌá½»ÑÓʱ£¨ÆäʵҲ¾Í°ëСʱ×óÓÒ£©¡£µ±È»£¬Ò²Óм¸´Îȷʵ±ÜÃâÁË´íÎóµÄÌá½»¡£
µ«ÔÚ¹«Ë¾ÀïÓʼþÍùÍùÌ«¶à£¬´¦ÀíºÜµÍЧ£¬»¹ÊÇÓиö Web ½çÃæ¸üÓѺøüʵʱµã£¬Õâ·½Ãæ¿ªÔ´µÄ¶ÀÁ¢¿ÉÔËÐвúÆ·×îΪ֪ÃûµÄ¸ÃÊô
ReviewBoard ºÍGerrit ÁË¡£»¹Óиö Rietveld£¬ËãÊÇ Gerrit µÄǰ±²£¬Python
Ö®¸¸Õë¶Ô Subversion ×öµÄ£¬Ê¹ÓÃÁË Google App Engine µÄ·þÎñ£¬ÓÐÈ˸øËü´òÁ˲¹¶¡ÒÔÖ§³ÖÔÚ±¾µØµ¥»úÔËÐУ¬µ«ÖÕÊÇÔÚ
Google Ö®ÍâʹÓò»¹ã¡£
ReviewBoard µÄ½çÃæ¼ò½àƯÁÁ£¬ÎÒͦϲ»¶µÄ£¬µ«ÎÒ˾ÓÃµÄ 1.5 µÄ°æ±¾Æµ·±¹Òµô£¬²»ÖªµÀÐ嵀 1.6
ºÃµãû£¬½çÃæÉϵ¹ÊÇÓÖÓиĽø£¬ÌرðÊÇ¿ÉÒÔÔÚ comment À↑ issue µÄ×ö·¨ºÜÓд´Òâ¡£×¢ÒâÕâ¸ö²¢²»ÊÇÕæµÄÔÚ
BUG ¹ÜÀíϵͳÀ↑һ¸ö BUG£¬¶øÊÇÔÚ ReviewBoard Àï×öÒ»¸öÀàËÆFIXME µÄ±ê¼Ç¡£
ReviewBoard µÄ°²×°ºÜÈÝÒ×£¬¹Ù·½Îĵµ×öµÄͦºÃ£¬ÎÒÔÚÓʼþÅäÖÃÀ│¿ÇÁËÏ£¬ÎÒµÄ Exim 4 Ö»¸øÅäÖÃÁË
GSSAPI ºÍ DIGEST-MD5 ÈÏÖ¤·½Ê½£¬Ç°Õ߸øÓû§£¬ºóÕ߸øÐèÒª·¢ÓʼþµÄ·þÎñ£¬±ÈÈç RoundCube¡¢ReviewBoard¡¢Gerrit£¬µ«ÊDZ¯´ßµÄÊÇ
ReviewBoard ʹÓÃµÄ Python smtplib ¿âÖ»Ö§³Ö CRAM-MD5¡¢LOGIN£¬°³ÕÛÌÚÁ˺ü¸Ì죬×îºóÔÚqunshan@newsmth
µÄ´óÁ¦°ïÖúÏ£¬ÖÕÓÚ¸ã³öÒ»¸ö´ÕºÏ¿ÉÓõÄÖ§³ÖDIGEST-MD5 µÄ smtplib.py£¬´úÂë¼û https://gist.github.com/2679719
£¬µ«×îºóÎÒ»¹ÊǾö¶¨Èà Exim 4 Ö§³Ö CRAM-MD5 ÈÏÖ¤µÃÁË£¬·´ÕýÓÐ SSL ±£»¤¡£
Õâ¸ö¹ý³ÌÖÐÓиöСЦ»°£¬ÕÛÌÚ ReviewBoard Óʼþ·¢ËÍʱ£¬ÎÒ·¢ÏÖÓÐʱºò¿ÉÒԳɹ¦£¬ºÜÊǾªÑÈ£¬×îºó·¢ÏÖ
Web ½çÃæ±£´æ Email ÉèÖÃʱ smtp ÃÜÂëÓÐʱ±£´æÎª¿Õ£¬Ò²¾ÍÊÇ smtp ÃÜÂëûָ¶¨Ê±¿ÉÒÔ·¢Ëͳɹ¦£¬ÔÀ´´Ëʱ
ReviewBoard ѹ¸ù²»»áÏò Exim ·¢ËÍ AUTHÖ¸Áî×öÈÏÖ¤£¬¶ø Exim4 ¾ÓȻҲÀֺǺǵÄͬÒâ·¢ËÍÁË£¬¾ªÁËÎÒ°ëÉíÀ亹£¡
Exim Õâô×ö¿ÉÄÜÊÇ SMTP ÐÒéÀúÊ·ÉϺܿª·Å£¬ÒÔ¼°¾ÖÓòÍøÄڱȽϰ²È«µÄÔµ¹Ê£¬µ«ÊÇÎÒ»¹ÊÇÆ«Ö´µÄµ£ÐÄij¸ö·Ã¿Í½ø¹«Ë¾ºó²å¸öÍøÏ߾ͿÉÒÔÀûÓÃExim
¿ñ·¢Óʼþ£¬ËùÒÔ¾Í×öÁËÏÞÖÆ£¬±ØÐè STARTTLS ²¢ÇÒÈÏÖ¤Á˲ÅÄÜ·¢Óʼþ£º
$ cat /etc/exim4/conf.d/acl/30_exim4-config_check_mail
### acl/30_exim4-config_check_mail
#################################
# This access control list is used for every MAIL command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_mail:
require
message = no AUTH given before MAIL command
authenticated = *
message = no STARTTLS given before MAIL command
encrypted = *
.ifdef CHECK_MAIL_HELO_ISSUED
deny
message = no HELO given before MAIL command
condition = ${if def:sender_helo_name {no}{yes}}
.endif
accept |
ReviewBoard ÁíÒ»¸öÎÊÌâÊDz»Ö§³Ö HTTP ÈÏÖ¤£¬ÔÒòÊÇReviewBoard ʹÓÃµÄ Django¿ò¼ÜµÄ¾É°æ±¾¶ÔÕâ¸öÖ§³Ö²»Á¦£¬Ð°æ
Django Ã²ËÆÖ§³ÖÁË£¬µ« ReviewBoard »¹ÐèÒª×ö¶îÍ⹤×÷²ÅÄÜÅäºÏ£¬±ÈÈç×Ô¶¯´´½¨ ReviewBoard
ÀïµÄÓû§£¬±ÈÈçÈ¥µôµÇ¼¡¢×¢²á¡¢×¢ÏúÁ´½ÓµÈµÈ£¬ÓÐÈËÌáÁ˲¹¶¡³öÀ´£¬»¹Ã»ÊÕ¼£¬ÎÒÒ²²»Çå³þÊDz»ÊǸĵÄÍ걸£¬ÎÒ²»¶®
Python£¬ÔÝÇÒ²»ÕÛÌÚÁË¡£
½ÓÏÂÀ´ÊǰÑÍæÏ Gerrit£¬ÕâØËµÄÎĵµÐ´µÄÒ²ºÜÔÞ£¨¿ªÔ´µÄ¶«Î÷ÎĵµÐ´µÄºÃµÄÕæ²»¶à¼û£©£¬°²×°ÊǺܼòµ¥ÁË£¬ÔçÆÚµÄ
Gerrit ¾Ý˵ÊÇÓà Python дµÄ£¬ÔÚ GIT Ö÷Á¦¿ª·¢ÕßÒÔ¼° jgit ÏîÄ¿·¢ÆðÈË Shawn
O. Pearce ¼ÓÈë Google ºó¾Í¸ÄÓà Java дÁË£¬±àÒëºÃµÄ Gerrit ¾ÍÊÇÒ»¸ö war
°ü£¬¿ÉÒÔ·ÅÈë Servlet ÈÝÆ÷ÀïÔËÐУ¬Ò²¿ÉÒÔjava -jar gerrit.war Ö±½ÓÓÃÄÚÖõÄ
Jetty£¬Ì«ÌùÐÄÁË¡£Shawn ÊǸöºÜÇڷܵÄÈË£¬Óà Java ÖØÐÂʵÏÖÁË GIT ºËÐŦÄÜ£¬Gerrit
ÄÚÖà Web server¡¢SSH server£¬»¹ÓÐÒ»¸ö Prolog ÓïÑÔ½âÊÍÆ÷¡£¡£¡£¡£
Gerrit ÀïÆÀÉóÁ÷³Ì·ÖÈý¸ö½×¶Î£¬¿ÉÒÔ·Ö±ðÈò»Í¬½ÇɫִÐУº
review: ÈËÈâɨÃè´úÂëÓÐÎÞÎÊÌâ
verify: ±àÒë¡¢²âÊÔ£¬¿ÉÒÔÓà Jenkins µÄ Gerrit Trigger
²å¼þ×Ô¶¯³ö·¢
submit: Ìá½»´úÂëµ½Õýʽ·ÖÖ§ÉÏ£¬Ã²ËÆÓÉÈË´¥·¢£¬Gerrit À´Ö´ÐÐ
ÔÚʹÓà Gerrit ʱ£¬²»ÒªÍü¼Ç°Ñ commit-msg hook ×°ÉÏ£ºhttp://gerrit-documentation.googlecode.com/svn/Documentation/2.3/user-changeid.html#_creation
ÓÉÓÚÎÒÏë°Ñ°²×°¹ý³Ì×Ô¶¯»¯£¬ËùÒÔÔÚÖ´ÐÐ java -jar gerrit.war init ʱ¿Ä°íÁËÏ£¬Õâ¸ö
init ÃüÁîÓиö --batch Ñ¡Ï±íʾÔڷǽ»»¥×´Ì¬ÏÂʱ init»áÓÃĬÈÏÅäÖô´½¨Ò»¸ö Gerrit
site£¬±ÈÈçʹÓà H2 Êý¾Ý¿â£¬Õâ²»ÊÇÎÒÆÚÍûµÄ£¬ÎÒÏ£ÍûËüÓà PostgreSQL Êý¾Ý¿â£¬ËäÈ»´´½¨Íê
site ºó¿ÉÒÔÐÞ¸ÄSITE_DIR/etc/gerrit.config£¬µ«ÎÒµ£ÐÄ init ʱ»á³õʼ»¯Êý¾Ý¿âʲôµÄ£¬²»ÊÇÔÚ
gerrit.config ¼òµ¥¸ÄÏÂÅäÖþÍÄÜÇл»Êý¾Ý¿âµÄ¡£ ÓÚÊÇÎÒ°Ñ init ½»»¥Ê½ÔËÐÐʱµÄ´ð°¸Ð´ÈëÎļþÀÏëͨ¹ý¹ÜµÀ´«¸ø
java -jar gerrit.war init£¬Ã»Ïëµ½ÒÁÅжÏÁËÊäÈëÊÇ·ñÖÕ¶Ë£¬·¢ÏÖ²»ÊÇÖն˾ÍÖ±½Ó×ß --batch
ģʽÁË£¬ÕæÊÇ×Ô×ö´ÏÃ÷¡£¡£¡£ÕÛÌÚÁË»á empty (http://empty.sf.net)¡¢expect¡¢socat
ºó·ÅÆúÁË£¬»¹ÊÇÀÏʵ½»»¥Ê½°²×°°É£¬·´Õý²»»áƵ·±ÖØ×°¡£ ÏÂÃæÊÇÎÒÊäÈëµÄÎÊÌâ´ð°¸£¬@@...@@ ±ê¼Ç´¦ÐèÒªÌæ»»³ÉÕæµÄÃÜÂ룬ÔÚÖ´ÐÐ
init ֮ǰҪÏÈ´´½¨ºÃgerrit Êý¾Ý¿âÒÔ¼° gerrit ϵͳÕË»§¡¢gerrit ÓʼþÕË»§£º
### Gerrit Code Review 2.3
# Create '/srv/gerrit/site' [Y/n]?
y
### Git Repositories
# Location of Git repositories [git]:
git
### SQL Database
# Database server type [H2/?]:
postgresql
# Server hostname [localhost]:
localhost
# Server port [(POSTGRESQL default)]:
5432
# Database name [reviewdb]:
gerrit
# Database username [gerrit]:
gerrit
# gerrit's password :
@@GERRIT_DB_PASSWORD@@
# confirm password :
@@GERRIT_DB_PASSWORD@@
### User Authentication
# Authentication method [OPENID/?]:
http
# Get username from custom HTTP header [y/N]?
y
# Username HTTP header [SM_USER]:
X-Forwarded-User
# SSO logout URL :
https://sso.corp.example.com/logout
### Email Delivery
# SMTP server hostname [localhost]:
smtp.corp.example.com
# SMTP server port [(default)]:
25
# SMTP encryption [NONE/?]:
tls
# SMTP username [gerrit]:
gerrit@corp.example.com
# gerrit's password :
@@GERRIT_SMTP_PASSWORD@@
# confirm password :
@@GERRIT_SMTP_PASSWORD@@
### Container Process
# Run as [gerrit]:
gerrit
# Java runtime [/usr/lib/jvm/java-6-openjdk-i386/jre]:
/usr/lib/jvm/default-java/jre
# Copy gerrit.war to /srv/gerrit/site/bin/gerrit.war [Y/n]?
y
### SSH Daemon
# Listen on address [*]:
*
# Listen on port [29418]
2022
# Download and install it now [Y/n]?
y
### HTTP Daemon
# Behind reverse proxy [y/N]
y
# Proxy uses SSL (https://) [y/N]?
n
# Subdirectory on proxy server [/]:
/
# Listen on address [*]:
127.0.0.1
# Listen on port [8081]:
2080 |
ÔÚÕâ¸ö»Ø´ðÀïÓм¸¸öµØ·½ÊDZȽÏÌØÊâµÄ£¬Ò»ÊÇÓû§ÈÏÖ¤·½Ê½£¬ÓÉÓÚÎÒÊǰÑGerrit ·ÅÔÚ Apache ºóÃæ£¬Apache
ʹÓà mod_auth_kerb ×öÓû§ÈÏÖ¤£¬ËùÒÔÕâÀïÎÒ¸ø Gerrit Ñ¡ÔñÁË http ÈÏÖ¤·½Ê½£¬Ä¬ÈÏÇé¿öÏÂ
Gerrit httpÈÏÖ¤·½Ê½»áʹÓÃǰ¶Ë Web ·þÎñÆ÷´«¹ýÀ´µÄ Authorization HTTP
Í·²¿£¬±ÈÈç "Authorization: Basic xxxxxx" »òÕß "Authorization:
Digest xxxx"£¬¿ÉϧµÄÊÇ Gerrit ´úÂëûÓд¦Àí "Authorization:
Negotiate xxxx" µÄÇé¿ö£¬ËùÒÔÐèÒªÔÚ Apache ÀïÓà mod_rewrite
°Ñ REMOTE_USER ±äÁ¿×÷ΪX-Forwarded-User Í·²¿´«¸ø Gerrit£¬Õâ¸öÃû×Ö¿ÉÒÔËæ±ãÈ¡£¬µ«¸ù¾Ý
GerritÎĵµËµ·¨£¬²»ÒªÖØÓà Authorization Í·²¿¡£
µÚ¶þ¸öÌØÊâµÄµØ·½ÊÇ SMTP encryption£¬ssl ±íʾֱ½ÓÒÔ ssl ·½Ê½Á¬½Ó£¬tls ±íʾÏÈÒÔ·Ç
ssl ·½Ê½Á¬½Ó£¬È»ºóÓà STARTTLS Éý¼¶Îª ssl Á¬½Ó£¬ºóÒ»ÖÖ·½Ê½ÊÇÏÖÔÚ ssl Ó÷¨ÀïÍÆ¼öµÄ¡£Ê¹ÓÃÄÄÒ»ÖÖÈ¡¾öÓÚÄãµÄ
smtp ·þÎñÆ÷ÅäÖã¬Ò»°ã ssl »áÓöÀÁ¢¶Ë¿Ú£¬tls µÄ»°Ö±½ÓÓñê×¼ SMTP 25 ¶Ë¿Ú¡£
µÚÈý¸öÌØÊâµÄµØ·½ÊÇ·´Ïò´úÀí£¬ÒòΪÎÒÒªÅäÖà Kerberos ͳһµÇ¼£¬ËùÒÔGerrit Ç°ÃæÓиö Apache
×ö·´Ïò´úÀí£¬ÕâÁ©ÎÒÅäÖÃÔÚͬһ̨»úÆ÷ÉÏ£¬ËùÒÔ²»Óà https¡£
ÔÚ java -jar gerrit.war init -d /srv/gerrit/site
Ö´ÐÐÍêÖ®ºó£¬Ëü»áÌáʾÄã·ÃÎÊ http://127.0.0.1:2080/#/admin/projects/£¬µ«ÄãÓ¦¸Ã·ÃÎÊhttp://gerrit.corp.example.com/#/admin/projects/£¬ÕâÀïgerrit.corp.example.com
ÊÇÎÒ¸ø gerrit ËùÔÚ»úÆ÷ÉèÖÃµÄ CNAME£¬Õâ¸öÇëÇó»á±» Apache µÄ gerrit virtual
host ½Ø»ñ£¬×öÍê HTTP NegotiateÈÏÖ¤ºóת·¢¸øºǫ́µÄ Gerrit£¬Ò²¾ÍÊÇ http://127.0.0.1:2080/...£¬Ö±½ÓÇëÇó
2080 ¶Ë¿ÚÕâ¸öµØÖ·µÄ»°£¬Gerrit »á±¨´í˵ûÓÐ Authorization Í·²¿¡£
ÏÂÃæÊÇÎÒµÄ Apache gerrit ÐéÄâÖ÷»úÅäÖãº
ServerName gerrit.corp.example.com
ServerAdmin webmaster@corp.example.com
DocumentRoot /nonexistent
ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
Order deny,allow
Allow from all
AuthType Kerberos
Require valid-user
Order allow,deny
Allow from all
RewriteEngine On
RewriteCond %{REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1]
RequestHeader set X-Forwarded-User %{RU}e
ProxyPass / http://127.0.0.1:2080/
ProxyPassReverse / http://127.0.0.1:2080/
|
ÔÚÇëÇó http://gerrit.corp.example.com/#/admin/projects/
ʱ£¬Gerrit¿ÉÄܱ¨´í˵ÕÒ²»µ½ All-Projects£¬ÔÒò²»Ã÷£¬½â¾ö°ì·¨ÊÇ°Ñ PostgreSQLÀïµÄ
gerrit Êý¾Ý¿âɾ³ýÖØ½¨£¬ÔÙÖØÐ java -jar gerrit.war init¡£
û³öÆäËüÎÊÌâµÄ»°£¬Gerrit µÄ Web ½çÃæ¾ÍÕ¹ÏÖÔÚÄãÃæÇ°£¬ËüÒªÇóΪµ±Ç°Óû§×¢²áÒ»¸ö email
Õʺţ¬µÚÒ»¸öµÇ¼µÄÓû§×Ô¶¯³ÉΪ¹ÜÀíÔ±£¬ºóÐøµÇ¼µÄÆäËüÓû§ÊÇÆÕͨȨÏ޵ġ£
Èç¹ûÄãÓÃµÄ SMTP ·þÎñÆ÷µÄ SSL Ö¤ÊéÊÇ×ÔÇ©ÃûµÄ£¬²¢ÇÒ¸úÎÒÒ»Ñù GerritʹÓà tls ·½Ê½Á¬½Ó
SMTP ·þÎñÆ÷£¬µ½ÕâÀï»á¿¨¿Çһϡ£µÚÒ»¸öÎÊÌâÊÇsite/etc/gerrit.config ÀïĬÈÏûÓÐ
sendemail.sslverify£¬ËüµÄֵĬÈÏÊÇ true£¬Õâ»áµ¼Ö javax.net.ssl ¼ì²é
SMTP ·þÎñÆ÷µÄ SSL Ö¤ÊéÊÇ·ñÊÇ trusted µÄ£¬´ð°¸µ±È»ÊÇ·ñ£¬ÓÚÊÇ Gerrit Å×Òì³£ÁË£º
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested
target
½â¾ö°ì·¨ÓÐÈçÏÂÕâЩ£º
ÔÚ /srv/gerrit/site/etc/gerrit.config
Àï [sendemail] ÀïÌí¼Ó sslverify = false£¬ËäȻʹÓà openssl µÄ client
´ó¶àÊÇÕâ¸öµÂÐУ¬µ«ÎÒ¾õµÃ²»´óÊæ·þ£¬ËùÒÔûÓÃÕâ¸ö°ì·¨¡£
°Ñ SMTP ·þÎñÆ÷µÄ SSL Ö¤Êéµ¼Èë Java µÄ truststore
À﹩ javax.net.ssl ʹÓá£
truststore ÊÇÖ»°üº¬¹«Ô¿µÄ keystore, keystore ÊÇ Java °²È«¿ò¼ÜÀïÓÃÀ´±£´æÖ¤Ê顢˽ԿµÈµÈµÄ¶«Î÷£¬×î³£ÓõÄÊÇ
JKS ¸ñʽµÄ keystore Îļþ£¬±ÈÈç $JAVA_HOME/jre/lib/security/cacerts,
$HOME/.keystore¡£truststore ±» Java Àà¿âÀïµÄ TrustManager
ʹÓã¬keystore ±» Java Àà¿âÀïµÄ KeyManager ʹÓ㬵±È» TrustManager
Ò²ÄÜÓà keystore¡£
ÔÚÕâ¸öÖ¤ÊéÑéÖ¤ÎÊÌâÉÏ£¬ÐèÒª¸ø TrustManager Ö¸¶¨Ò»¸ö truststore »òÕßkeystore£¬ÓÐÈýÖÖ°ì·¨£º
Èç¹û javax.net.ssl.trustStore ϵͳÊôÐÔÖ¸¶¨ÁË£¬¾ÍʹÓÃÕâ¸öϵͳÊôÐÔÖ¸¶¨µÄÄǸöÎļþµ±×÷
truststore£¬truststore µÄÃÜÂë´Ójavax.net.ssl.trustStorePasswordϵͳÊôÐÔ»ñÈ¡¡£ÍøÉÏÓв»ÉÙÎÄÕ»¹Ìáµ½
javax.net.ssl.keyStore ºÍ javax.net.ssl.keyStorePassword£¬Õâ¸öÖ»ÔÚ
ssl server ¶Ë»òÕß ssl client ¶ËʹÓÃclient cert Ïò ssl serverÈÏÖ¤µÄÇé¿öϲÅÐèÒª¡£
Èç¹û javax.net.ssl.trustStore ÊôÐÔûָ¶¨»òÕßÎļþûÕÒµ½£¬ÔòʹÓÃ
$JAVA_HOME/jre/lib/security/jssecacerts
Èç¹û jssecacerts ûÕÒµ½£¬ÔòʹÓà $JAVA_HOME/jre/lib/security/cacerts¡£
ÍøÉÏÓв»ÉÙÎÄÕ¶¼Ëµ°ÑÖ¤ÊéÖ±½Ó¼ÓÈë jssecacerts »òÕß cacerts ÖУ¬ÎÒÊǰ밲ȫƫִ¿ñ£¬¾õµÃ°ÑÒ»¸ö×Ô¼ºÍæµÄÖ¤Êé¼Ó½øÈ¥²»Ì«¿¿Æ×£¬ÁíÍâµ£ÐÄ
Debian µÄÈí¼þ°üÉý¼¶»á×Ô¶¯¸üРcacerts£¨ÒÁÆäʵÊÇ·ûºÅÁ´½Óµ½ /etc/ssl/certs/java/cacertsÁË£¬ca-certificates
°üµÄ /usr/sbin/update-ca-certificates »áͨ¹ýca-certificates-java
°üµÄ /etc/ca-certificates/update.d/jks-keystore¸üÐÂËü£¬ÎĵµÓÐÌáµ½
local cert »áÒÀÈ»±£Áô£¬ÎÒûÊÔÑ飩¡£
ͨ¹ý·ÖÎö /srv/gerrit/site/bin/gerrit.sh
Æô¶¯½Å±¾£¬ÒÁʹÓÃÁËJAVA_OPTIONS ±äÁ¿£¬²¢ÇÒ¶ÁÈ¡ /etc/default/gerritcodereview
Îļþ£¬ËùÒÔ¿ÉÒÔÔÚ /etc/default/gerritcodereview ÀïдÈ룺
JAVA_OPTIONS="-Djavax.net.ssl.trustStore=/srv/gerrit/truststore \ -Djavax.net.ssl.trustStorePassword=changeit" |
È»ºó /srv/gerrit/site/bin/gerrit.sh stop
ÔÙ start ÖØÆô gerrit¡£(Ò²¿ÉÒÔ°ÑÕâ¸öÑ¡Ïî·ÅÔÚ /srv/gerrit/site/etc/gerrit.config
µÄcontainer.javaOptions Àhttp://gerrit-documentation.googlecode.com/svn/Documentation/2.3/config-gerrit.html#_a_id_container_a_section_container)
/srv/gerrit/truststore ÊÇÕâôÉú³ÉµÄ£º
gerrit$ keytool -importcert -alias exim -file /etc/exim4/exim.crt \ -keystore /srv/gerrit/truststore -storepass changeit |
Õâ¸ö truststore µÄÃÜÂëÊÇÎÞËùνµÄ£¬ÒòΪËüÀïͷûÓÐ˽Կ¡£ exim.crt ÊÇÓÃ/usr/share/doc/exim4/examples/exim-gencert
Éú³ÉµÄ¡£
ÖØÆô Gerrit ºó£¬Ö¤ÊéÎÊÌâ½â¾öÁË£¬µÚÒ»´ÎµÇ¼ҪÇó×¢²áÓÊÏäµÄ¶Ô»°¿òҲûÁË£¬Õâʱ¿ÉÒÔµã»÷ÓÒÉÏ½ÇµÄ settings
Á´½Ó£¬ÔÚ contact information ÄÇÒ»À¸Àï¡£¿ÉϧµÄÊÇÎÊÌâûÍ꣬ÊäÈëÓÊÏäµã»÷"Register
New Email..."ºó£¬Gerrit Ò»Ö± Loading£¬/var/log/exim4/mainlog
ÒÔ¼° /srv/gerrit/site/logs/error_log ÀïûÓдíÎóÐÅÏ¢£¬Gerrit Web
Ò³Ãæ¾ÍÄÇôһֱ¹Ò×Å£¬Ö±µ½ exim4 ±¨¸æÁ¬½Ó³¬Ê±£¬°Ñ Gerrit·¢ÆðµÄ smtp Á´½Ó¶Ïµô¡£
»¨·ÑÁËÈý°ÙÄÔϸ°ûºó£¬°³ÖÕÓÚÕÒµ½ÔÒò£¬ÊÇ Gerrit µÄ AuthSMTPClient.startTLS()ʵÏÖ¸ú
SMTP ·þÎñÆ÷ÅäºÏÓÐÎÊÌ⣬ÕâÊÇÒ»¸ö SMTP STARTTLS »á»°£º
$ gsasl --smtp smtp.corp.example.com Trying `gold.corp.example.com'... 220 gold.corp.example.com ESMTP Exim 4.77 Mon, 21 May 2012 14:46:43 +0800 EHLO [127.0.0.1] 250-gold.corp.example.com Hello localhost [127.0.0.1] 250-SIZE 10485760 250-PIPELINING 250-AUTH GSSAPI 250-STARTTLS 250 HELP STARTTLS 220 TLS go ahead EHLO [127.0.0.1] 250-gold.corp.example.com Hello localhost [127.0.0.1] 250-SIZE 10485760 250-PIPELINING 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 250 HELP AUTH GSSAPI .... |
¿ÉÒÔ¿´µ½ÔÚ STARTTLS Ö®ºó£¬Exim ²»»áÔٴη¢ËÍ banner
ÁË£º220 gold.corp.example.com ESMTP Exim 4.77 Mon, 21
May 2012 14:46:43 +0800
ÏÂÃæÊÇ Gerrit AuthSMTPClient µÄ´úÂ룬ÒÁÔÚ org.apache
µÄÃüÃû¿Õ¼äÁ˲åÁ˸ö AuthSMTPClient À࣬ÊÔͼ¸ø apache commons-net 2.2
µÄ SMTPClientÔö¼Ó STARTTLS Ö§³Ö£ºhttp://code.google.com/p/gerrit/source/browse/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java?name=stable-2.3
public boolean startTLS(final String hostname, final int port, final boolean verify) throws SocketException, IOException { if (sendCommand("STARTTLS") != 220) { return false; }
_socket_ = sslFactory(verify).createSocket(_socket_, hostname, port, true); _connectAction_(); return true; }
|
ÊÂÇ黵ÔÚ _connectAction_() ÀÕâ¸öÔÚ AuthSMTPClient
µÄ¸¸Àà SMTPClientµÄ¸¸Àà SMTP Àï»áÔÚÈ¥¶ÁÈ¡ SMTP ·þÎñÆ÷µÄ banner ÐÅÏ¢£¬ÓÚÊÇ
startTLS() ¾Í¹ÒÔÚÕâ¸öµØ·½ÉµµÈÖ±µ½ SMTP ·þÎñÆ÷Ìß¿ªËü¡£¡£¡£¡£ÈËÉú²»ÈçÒâÊÂʮ֮°Ë¾Å°¡¡£¡£¡£
http://www.rfc-editor.org/rfc/rfc2487.txt 5.2 Result of the STARTTLS Command Upon completion of the TLS handshake, the SMTP protocol is reset to the initial state (the state in SMTP after a server issues a 220 service ready greeting). |
´ÓÕâ¸öÃèÊö¿´£¬SMTP server ÊDz»Ó¦¸ÃÔÙ·¢Ò»´Î banner µÄ¡£ÔÚ AuthSMTPClient.startTLS()´î¸ö²¹¶¡ºó(http://code.google.com/p/gerrit/issues/detail?id=1397)£¬STARTTLS
˳ÀûÍê³É£¬¿ªÊ¼ SMTP ÈÏÖ¤£¬×¢Òâ apache commons-net 2.2 Ö»Ö§³Ö CRAM-SHA1,
CRAM-MD5, LOGIN, PLAINÕ⼸ÖÖ£¬²»Ö§³Ö DIGEST-MD5£¬»¹ºÃÎÒÇ°ÃæÎªÁËReviewBoard´ò¿ªÁË
Exim4 µÄ CRAM-MD5 ÈÏÖ¤Ö§³Ö¡£
Õâ¿é´úÂë¸Ð¾õ±È½Ïö»öº£¬²»ÖªµÀÊDz»ÊÇʵÏÖÓÐȱÏÝ£¬ËùÒÔ apache commons-netÍøÕ¾É졄 2.x
ϵÁдÓÏÂÔØÒ³ÃæÉ¾³ýÁË£¬Ö»ÓÐ 1.x ºÍ 3.x ϵÁС£¡£¡£²»ÖªµÀGoogle ÄǰïÈËΪʲôûתÏò±ê×¼µÄ
JavaMail API¡£
Èç¹û Gitweb ÒѾ°²×°ÁË£¬ÄÇô Gerrit ×Ô¶¯¼¯³É Gitweb£¬±ê×¼°²×°Çé¿öÏÂɶ¶¼²»ÓÃÅäÖã¬ÔÚ
Gerrit Web UI ÉÏÿ¸ö²¹¶¡ÅÔ±ßÓÐ gitweb µÄÁ´½Ó£¬Ï൱Ï൱µÄºÃÓá£Gerrit Îĵµ»¹Éù³ÆÄܸú
cgit ¼¯³É£¬ÎÒûʵÑé¹ý¡£ÓÉÓÚ Gerrit »á¶¯Ì¬µÄÔÚ/srv/gerrit/.gerritcodereview/tmp/gerrit..../
ÏÂÉú³É gitweb_config.perl£¬ÓÐÕâ¸öÎļþºó /usr/lib/cgi-bin/gitweb.cgi
¾Í²»»á¶ÁÈ¡ /etc/gitweb.conf ÁË¡£
Gerrit »¹ÄÜͨ¹ý commentlink ºÍ trackingid ¸úÍⲿµÄ Bug ¸ú×Ùϵͳ¼¯³É£¬²Î¿¼£ºhttp://gerrit-documentation.googlecode.com/svn/Documentation/2.3/config-gerrit.html
Gerrit Ö±½ÓʹÓà jgit ¿âÖ±½Ó¹ÜÀí´úÂë¿â£¬Èç¹ûÓÐÍⲿµÄ GIT
¿â£¬±ÈÈç±»Gitolite ¹ÜÀíµÄ£¬ÓÐÁ½¸ö°ì·¨ÈÃÌá½»µ½ Gerrit µÄÐÞ¸ÄҲɢ²¥µ½Íⲿ GIT ¿âÀ
ʹÓà Gerrit µÄ Git replication ÌØÐÔ£¬Gerrit
±³µØÀï°ÑÐÞ¸Ä git push µ½Íⲿ¿âÀÕâ¸ö°ì·¨»áÓÐÑÓ³Ù¡£ ²Î¿¼£ºhttp://gerrit-documentation.googlecode.com/svn/Documentation/2.3/config-replication.html
´´½¨Íⲿ¿âµÄ·ûºÅÁ´½Óµ½ /srv/gerrit/site/git/ À±ÈÈç ln -s /srv/git/repositories/testing.git
/srv/gerrit/site/git/testing.git£¬ÐèҪעÒâÎļþȨÏÞ¡£ ²Î¿¼£ºhttp://gerrit-documentation.googlecode.com/svn/Documentation/2.3/project-setup.html#_manual_creation£¬Õâ¸öÎĵµ²»ÊÇ˵´´½¨·ûºÅÁ´½ÓµÄ£¬ÎÒÖ»ÊDz²â¿ÉÐС£
Ò»·¬ÅäÖᢶÁÎĵµÏÂÀ´£¬¸Ð¾õ Gerrit ÕæÊÇ GIT Óû§¾Ó¼Ò°ì¹«±Ø±¸Á¼Æ·£¬ÕâôºÃµÄÍæÒâ¾ÓÈ»ÊÇ¿ªÔ´µÄ£¬Ì«ÔÞÁË£¡
|