aboutsummaryrefslogtreecommitdiff
path: root/etc/private/install/brep-module.conf
blob: 2545a87142781dc1489967ae7143b850f7e6ec9a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
# Configuration file for the brep module (note: this is not an apache2 .conf
# file but it can be converted to one by prefixing all the options with
# brep-). See brep(1) for detailed description of each configuration option.
# Commented out options indicate their default values.
#
# Besides being parsed by the brep module, this file may also be parsed by
# brep utilities that are normally only interested in the subset of the
# options. To simplify skipping of unrecognized, this file must always have an
# option name and its value on the same line.
#

# Package search page title. It is placed inside XHTML5 <title> element.
#
# search-title Packages


# Package search page description. If specified, it is displayed before the
# search form on the first page only. The value is treated as an XHTML5
# fragment.
#
# search-description ""


# Web page logo. It is displayed in the page header aligned to the left edge.
# The value is treated as an XHTML5 fragment.
#
# logo ""


# Web page menu. Each entry is displayed in the page header in the order
# specified and aligned to the right edge. A link target that starts with '/'
# or contains ':' is used as is. Otherwise, it is prefixed with the repository
# web interface root.
#
menu Packages=
# menu Builds=?builds
# menu Configs=?build-configs
menu Submit=?submit
# menu CI=?ci
# menu Advanced Search=?advanced-search
menu About=?about


# Number of packages per page.
#
# search-page-entries 20


# Number of pages in navigation (pager).
#
# search-pages 5


# Number of package description characters to display in brief pages.
#
# package-description 500


# Number of package changes characters to display in brief pages.
#
# package-changes 5000


# The package database connection configuration. By default, brep will try to
# connect to the local instance of PostgreSQL with the operating system-
# default mechanism (Unix-domain socket, etc) and use operating system
# (login) user name and the database called 'brep_package'. If the role name
# is not empty then the login user will be switched (with SET ROLE) to this
# user prior to executing any statements. If not specified, then 'brep' is
# used. See brep(1) for details.
#
# package-db-user
# package-db-role     brep
# package-db-password
# package-db-name     brep_package
# package-db-host
# package-db-port


# The maximum number of concurrent package database connections per web server
# process. If 0, then no limitation is applied.
#
# package-db-max-connections 5


# The maximum number of times to retry package database transactions in the
# face of recoverable failures (deadlock, loss of connection, etc).
#
# package-db-retry 10


# Build configuration file. If not specified (default), then the package
# building functionality will be disabled. If specified, then the build
# database must be configured (see next). Note: must be an absolute path.
#
# build-config


# Number of build configurations per page.
#
# build-config-page-entries 20


# Number of pages in navigation (pager).
#
# build-config-pages 5


# Directory containing build bot agent public keys. If specified, then brep
# will perform agent authentication and will reject build results from
# unauthenticated ones. If not specified, then build results are accepted from
# all agents (which will be a security risk if the brep instance is publicly
# accessible).
#
# The directory is expected to contain one PEM-encoded public key per file with
# the .pem extension. All other files and subdirectories are ignored. The brep
# instance needs to be restarted after adding new key files for the changes to
# take effect.
#
# build-bot-agent-keys


# Regular expressions in the /<regex>/<replacement>/ form for transforming the
# interactive build login information, for example, into the actual command
# that can be used by the user. The regular expressions are matched against
# the "<agent> <interactive-login>" string containing the respective task
# request manifest values. The first matching expression is used for the
# transformation. If no expression matches, then the task request is
# considered invalid, unless no expressions are specified. Repeat this option
# to specify multiple expressions.
#
# build-interactive-login


# Order in which packages are considered for build. The valid values are
# 'stable' and 'random'. If not specified, then 'stable' is assumed. Note that
# interactive builds are always preferred.
#
#build-package-order stable


# Number of builds per page.
#
# build-page-entries 20


# Number of pages in navigation (pager).
#
# build-pages 5


# Time to wait before considering a package for a forced rebuild. Must be
# specified in seconds. Default is 10 minutes.
#
# build-forced-rebuild-timeout 600


# Time to wait before considering a package for a soft rebuild (only to be
# performed if the build environment or any of the package dependencies have
# changed). Must be specified in seconds. The special zero value disables soft
# rebuilds. Default is 24 hours.
#
# build-soft-rebuild-timeout 86400


# Alternative package soft rebuild timeout to use instead of the soft rebuild
# timeout (see the build-soft-rebuild-timeout option for details) during the
# specified time interval. Must be specified in seconds. Default is the time
# interval length plus (build-soft-rebuild-timeout - 24h) if soft rebuild
# timeout is greater than 24 hours (thus the rebuild is only triggered within
# the last 24 hours of the build-soft-rebuild-timeout expiration).
#
# The alternative rebuild timeout can be used to "pull" the rebuild window to
# the specified time of day, for example, to optimize load and/or power
# consumption of the build infrastructure (off-work hours, solar, off-peak
# electricity tariffs, etc). A shorter than the time interval rebuild timeout
# can also be used to force continuous rebuilds, for example, to shake out
# flaky tests. Note also that if the alternative rebuild timeout is greater
# than the normal rebuild timeout, then this will result in slower rebuilds
# during the alternative time interval. In this case, if the build
# infrastructure is monitored for delayed package builds, then the alternative
# rebuild timeout should only be made slightly greater than the normal timeout
# (see brep-monitor(1) for details).
#
# The time interval boundaries must be specified as times of day (in the local
# timezone) in the <hours>:<minutes> form. If the stop time is less than the
# start time then the interval extends through midnight. The start and stop
# times must both be either specified or absent. If unspecified, then no
# alternative rebuild timeout will be used.
#
# build-alt-soft-rebuild-timeout
# build-alt-soft-rebuild-start
# build-alt-soft-rebuild-stop


# Time to wait before considering a package for a hard rebuild (to be
# performed unconditionally). Must be specified in seconds. The special zero
# value disables hard rebuilds. Default is 7 days.
#
# build-hard-rebuild-timeout 604800


# Alternative package hard rebuild timeout. The semantics is the same as for
# the build-alt-soft-rebuild-* options but for the build-hard-rebuild-timeout
# option.
#
# build-alt-hard-rebuild-timeout
# build-alt-hard-rebuild-start
# build-alt-hard-rebuild-stop


# Time to wait before assuming the 'queued' notifications are delivered for
# package CI requests submitted via third-party services (GitHub, etc). During
# this time a package is not considered for a build. Must be specified in
# seconds. Default is 30 seconds.
#
# build-queued-timeout 30


# The maximum size of the build task request manifest accepted. Note that the
# HTTP POST request body is cached to retry database transactions in the face
# of recoverable failures (deadlock, loss of connection, etc). Default is
# 100K.
#
# build-task-request-max-size 102400


# Time to wait before considering the expected task result lost. Must be
# specified in seconds. Default is 3 hours.
#
# build-result-timeout 10800


# The maximum size of the build result manifest accepted. Note that the HTTP
# POST request body is cached to retry database transactions in the face of
# recoverable failures (deadlock, loss of connection, etc). Default is 15M.
#
# build-result-request-max-size 15728640


# Enable or disable package build notification emails in the <name>=<mode>
# form. The valid <mode> values are 'none', 'latest', and 'all'. If 'all' is
# specified for a toolchain name, then emails are sent according to the
# build-*email package manifest values when all versions of a package are
# built with this toolchain. If 'latest' is specified, then for this toolchain
# name the emails are only sent for the latest version of a package. If 'none'
# is specified, then no emails are sent for this toolchain name. By default
# the 'latest' mode is assumed. Repeat this option to enable/disable emails
# for multiple toolchains.
#
# build-toolchain-email <toolchain-name>=latest|none|all


# The build database connection configuration. By default, brep will try to
# connect to the local instance of PostgreSQL with the operating system-default
# mechanism (Unix-domain socket, etc) and use operating system (login) user
# name and the database called 'brep_build'. If the role name is not empty
# then the login user will be switched (with SET ROLE) to this user prior
# to executing any statements. If not specified, then 'brep' is used. See
# brep(1) for details.
#
# build-db-user
# build-db-role     brep
# build-db-password
# build-db-name     brep_build
# build-db-host
# build-db-port


# The maximum number of concurrent build database connections per web server
# process. If 0, then no limitation is applied.
#
# build-db-max-connections 5


# The maximum number of times to retry build database transactions in the
# face of recoverable failures (deadlock, loss of connection, etc).
#
# build-db-retry 10


# The root directory where the uploaded binary distribution packages are
# saved to under the following directory hierarchy:
#
# [<tenant>/]<distribution>/<os-release>/<project>/<package>/<version>/<package-config>
#
# The package configuration directory symlinks that match these paths are
# mapped to web URLs based on the bindist-url value and displayed on the
# package version details page. If this option is specified, then bindist-url
# must be specified as well."
#
# bindist-root


# The root URL of the directory specified with the bindist-root option. This
# option must be specified if bindist-root is specified.
#
# bindist-url


# The base URL for the reviews manifest files. If this option is specified,
# then the review information is displayed on the package version details
# page.
#
# The complete URL is formed by adding the following path to the base:
#
# <project>/<package>/<version>/reviews.manifest
#
# Note that no separator is added between the base and this path.
#
# reviews-url


# The openssl program to be used for crypto operations. You can also specify
# additional options that should be passed to the openssl program with
# openssl-option. If the openssl program is not explicitly specified, then brep
# will use openssl by default.
#
# openssl openssl


# Additional option to be passed to the openssl program (see openssl for
# details). Repeat this option to specify multiple openssl options.
#
# openssl-option


# Environment variable to be set (<name>=<value>) or unset (just <name>) for
# the openssl program (see openssl for details). Repeat this option to specify
# multiple openssl variables. Note that unspecified variables are inherited
# from the web server process.
#
# You need to at least set the RANDFILE environment variable to change the
# default location of the openssl program seed file and maybe also the
# OPENSSL_CONF variable if you would like to use a custom openssl configuration
# file.
#
# openssl-envvar RANDFILE=/home/brep/www-data-openssl.rnd
# openssl-envvar OPENSSL_CONF=/home/brep/www-data-openssl.cnf
#
# To create www-data-openssl.rnd with suitable permissions, run (as user brep):
#
# $ touch www-data-openssl.rnd
# $ setfacl -b -m g:www-data:rw www-data-openssl.rnd
#


# The directory to save final submission data to. If unspecified, the package
# submission functionality will be disabled. If specified, then submit-temp
# must be specified as well.
#
# Note that the directory path must be absolute and the directory itself must
# exist and have read, write, and execute permissions granted to the user that
# runs the web server.
#
submit-data /home/brep/submit-data


# The directory to save temporary submission data to. Must be specified if the
# package submission functionality is enabled.
#
# Note that this directory must be on the same filesystem and satisfy the same
# requirements as submit-data. It is also the user's responsibility to clean
# it up after an unclean web server shutdown.
#
submit-temp /home/brep/submit-temp


# The maximum size of the submission data accepted. Note that currently the
# entire submission request is read into memory. Default is 10M.
#
# 100M.
#
submit-max-size 104857600


# The package submission form fragment. If specified, then its contents are
# treated as an XHTML5 fragment that is inserted into the <body> element of
# the submission page. If unspecified, then no submission page will be
# displayed. Note that the file path must be absolute.
#
submit-form /home/brep/install/share/brep/www/submit.xhtml


# The package submission email. If specified, the submission request and
# result manifests will be sent to this address.
#
# submit-email


# The handler program to be executed on package submission. The handler is
# executed as part of the HTTP request and is passed additional arguments that
# can be specified with submit-handler-argument followed by the absolute path
# to the submission directory. Note that the program path must be absolute.
#
submit-handler /home/brep/install/bin/brep-submit-pub


# Additional arguments to be passed to the submission handler program (see
# submit-handler for details). Repeat this option to specify multiple
# arguments.
#
submit-handler-argument --user
submit-handler-argument brep
submit-handler-argument --result-url
submit-handler-argument http://unknown
submit-handler-argument /home/brep/install/bin/brep-load
submit-handler-argument --db-name=brep_submit_package
submit-handler-argument /var/brep/bpkg/pkg


# The handler program timeout in seconds. If specified and the handler does
# not exit in the alloted time, then it is killed and its termination is
# treated as abnormal.
#
submit-handler-timeout 120


# The directory to save CI request data to. If unspecified, the package CI
# functionality will be disabled.
#
# Note that the directory path must be absolute and the directory itself must
# exist and have read, write, and execute permissions granted to the user that
# runs the web server.
#
# ci-data


# The package CI form fragment. If specified, then its contents are treated as
# an XHTML5 fragment that is inserted into the <body> element of the CI page.
# If unspecified, then no CI page will be displayed. Note that the file path
# must be absolute.
#
# ci-form


# The package CI email. If specified, the CI request and result manifests will
# be sent to this address.
#
# ci-email


# The handler program to be executed on CI request. The handler is executed as
# part of the HTTP request and is passed additional arguments that can be
# specified with ci-handler-argument followed by the absolute path to the CI
# request directory. Note that the program path must be absolute.
#
# ci-handler


# Additional arguments to be passed to the CI handler program (see ci-handler
# for details). Repeat this option to specify multiple arguments.
#
# ci-handler-argument


# The CI handler program timeout in seconds. If specified and the handler does
# not exit in the allotted time, then it is killed and its termination is
# treated as abnormal.
#
# ci-handler-timeout


# The GitHub App's configured webhook secret. If not set, then the GitHub CI
# service is disabled. Note that the path must be absolute. Note: make sure to
# choose a strong (random) secret.
#
# ci-github-app-webhook-secret <path>


# The private key used during GitHub API authentication for the specified
# GitHub App ID. Both vales are found in the GitHub App's settings. Note that
# the paths must be absolute.
#
# ci-github-app-id-private-key <id>=<path>


# The number of seconds a JWT (authentication token) should be valid for. The
# maximum allowed by GitHub is 10 minutes.
#
# ci-github-jwt-validity-period 600


# The directory to save upload data to for the specified upload type. If
# unspecified, the build artifacts upload functionality will be disabled for
# this type.
#
# Note that the directory path must be absolute and the directory itself must
# exist and have read, write, and execute permissions granted to the user that
# runs the web server.
#
# upload-data <type>=<dir>


# The maximum size of the upload data accepted for the specified upload type.
# Note that currently the entire upload request is read into memory. The
# default is 10M.
#
# upload-max-size <type>=10485760


# The build artifacts upload email. If specified, the upload request and
# result manifests will be sent to this address.
#
# upload-email <type>=<email>


# The handler program to be executed on build artifacts upload of the
# specified type. The handler is executed as part of the HTTP request and is
# passed additional arguments that can be specified with
# upload-handler-argument followed by the absolute path to the upload
# directory (upload-data). Note that the program path must be absolute.
#
# upload-handler <type>=<path>


# Additional arguments to be passed to the upload handler program for the
# specified upload type (see upload-handler for details). Repeat this option
# to specify multiple arguments.
#
# upload-handler-argument <type>=<arg>


# The upload handler program timeout in seconds for the specified upload type.
# If specified and the handler does not exit in the allotted time, then it is
# killed and its termination is treated as abnormal.
#
# upload-handler-timeout <type>=<seconds>


# Disable upload of the specified type for the specified toolchain name.
# Repeat this option to disable uploads for multiple toolchains.
#
# upload-toolchain-exclude <type>=<name>


# Disable upload of the specified type for packages from the repository with
# the specified canonical name. Repeat this option to disable uploads for
# multiple repositories.
#
# upload-repository-exclude <type>=<name>


# The default view to display for the global repository root. The value is one
# of the supported services (packages, builds, submit, ci, etc). Default is
# packages.
#
# root-global-view packages


# The default view to display for the tenant repository root. The value is one
# of the supported services (packages, builds, submit, ci, etc). Default is
# packages.
#
# root-tenant-view packages


# Name to call the tenant values on web pages. If not specified, then 'tenant'
# is used.
#
# tenant-name tenant


# Trace verbosity. Disabled by default.
#
# verbosity 0