From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id YG3QB9v8EWP1QQAAbAwnHQ (envelope-from ) for ; Fri, 02 Sep 2022 14:53:47 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id kOm6B9v8EWMsgQEA9RJhRA (envelope-from ) for ; Fri, 02 Sep 2022 14:53:47 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 823BB3C7A4 for ; Fri, 2 Sep 2022 14:53:46 +0200 (CEST) Received: from localhost ([::1]:39612 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oU6B7-0007PL-7k for larch@yhetil.org; Fri, 02 Sep 2022 08:53:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34600) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oU68U-0003L4-A0 for bug-guix@gnu.org; Fri, 02 Sep 2022 08:51:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:55493) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oU68T-0000R6-Uy for bug-guix@gnu.org; Fri, 02 Sep 2022 08:51:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oU68T-0001JP-Pb for bug-guix@gnu.org; Fri, 02 Sep 2022 08:51:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#25957: [EXT] Re: bug#25957: gitolite broken: created repositories keep references to /usr/bin for hooks Resent-From: "Thompson, David" Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 02 Sep 2022 12:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 25957 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Efraim Flashner , "Thompson, David" , zimoun , 25957@debbugs.gnu.org Received: via spool by 25957-submit@debbugs.gnu.org id=B25957.16621230425017 (code B ref 25957); Fri, 02 Sep 2022 12:51:01 +0000 Received: (at 25957) by debbugs.gnu.org; 2 Sep 2022 12:50:42 +0000 Received: from localhost ([127.0.0.1]:45242 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oU689-0001Iq-P4 for submit@debbugs.gnu.org; Fri, 02 Sep 2022 08:50:42 -0400 Received: from mail-lj1-f181.google.com ([209.85.208.181]:39792) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oU688-0001Ic-Iu for 25957@debbugs.gnu.org; Fri, 02 Sep 2022 08:50:41 -0400 Received: by mail-lj1-f181.google.com with SMTP id bn9so2159750ljb.6 for <25957@debbugs.gnu.org>; Fri, 02 Sep 2022 05:50:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=worcester-edu.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date; bh=coH0PBd9cdxKtfhZ0t9em8hbI1VNqWHp+1aL9vE4PdA=; b=Mw4wtEaYXWTWsT/LHvkQ+HzE+NNmtGSeUzsRzqPIPdP6JluxYM4WHZDG49Nl8gqAmA Bv/6pjK9XOTh0IjXMmBawbwZ0inbX4FQJ+z8ZQxwJMFORuzHBBMgogRE5c3MJmIfypAI zFQv2mqG7o5KqkmAsX5kHs5oiP35MabYWGCqL31IHdGNmQXDf2q3nHyWCTXwD0sp+Aay 35oKLgCF97Jv/gnQyPVfLYYwTQf4tQpryeo9ho2zkcw+ExcOPXZyiLeEKjMIWrOd+3ns kV9jPLXHcI05T4JxAfHoZCusXhLhfH4xIGEfJdkXvkOIafoBGsYpUNi2IXvvkZEADJEw ZUmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date; bh=coH0PBd9cdxKtfhZ0t9em8hbI1VNqWHp+1aL9vE4PdA=; b=mFzfXm7hisR38EStO4UDsI2H22yldZjSUv4eUsQLATieqL2/HEvQ+lkZuT9TSryB2i 8bemZo+CBW7CKah56f9GlEa6JiaT9m052hHsvejBA1I4gmlAHeZ4EZvFOUmukHRRspkz 1oD6VuXiIR2OUmI0Ydq4gfx5WODI9VK40SBaIzjMFEBPRaOZbrwkVRFjCodd72JJB7WO 4/aSGoRIFU1VCvJD7gqoKYF2+xQGeVkI4iSxFu1Ovx0NfRVSP+9x+mR8XFNkJCaiobmy a64Zu4R1u/9d3Rt9DuqUD+Q3yFOtOucow4OTbaTgHnQZYmryHcwhv/QCUW8LFih6XEsF W8PQ== X-Gm-Message-State: ACgBeo3lbvU6upqGW3pT22Z2wSQjhNrIJPMufNSTAFjacvgsn/VYEGoM Awl/ONwBNqKLBBYelW+xQwA9wrMFxjNZry94LrS2MA== X-Google-Smtp-Source: AA6agR5GnQHzzqiidah0M7wUxQK62OtvO6dP+hFUyGA9mE2E26iZD+w4fBm1j9gggHwxxi1KQ5J1fWTHUJ4vA4pIXYA= X-Received: by 2002:a2e:880a:0:b0:265:818c:d81c with SMTP id x10-20020a2e880a000000b00265818cd81cmr6151374ljh.381.1662123032831; Fri, 02 Sep 2022 05:50:32 -0700 (PDT) MIME-Version: 1.0 References: <8635l01x7a.fsf@gmail.com> <86lex10wwr.fsf@gmail.com> <6a325301e7cc55ee08652c67e49c3eb8a0802baa.camel@telenet.be> In-Reply-To: From: "Thompson, David" Date: Fri, 2 Sep 2022 08:50:21 -0400 Message-ID: Content-Type: text/plain; charset="UTF-8" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1662123226; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=coH0PBd9cdxKtfhZ0t9em8hbI1VNqWHp+1aL9vE4PdA=; b=KbYQLfUnK5U6VP8MqHzPLQpe5jBzzDgBUbXWCteF9ljg0qQTrEyylIg82OYdAJxa8FLYvV k1a7/SrGqwgm4ppApJNtxtiuBX/+DtiOGPP++56tEWSYW/GXIlsosPLnsRa0GT837XK9aG 4+x/MXoz0wdEKimBLlCXpCe3B96JEbx78XnsC66mpPSWeCVpgFpL1if8UwpzOWi+KMUAMz TZeH8bS4qjvVQE0iYPK0dLWyxhNdQ5UxbeYSQbcat7wH2WcWi6IY6xplgNYcevrGzEeJrP zd47qq71RSq3BWaIvNVd5N9FBlr6v187CtSeG5PvTgp7xJFihtSLsJhkPeTfVg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1662123226; a=rsa-sha256; cv=none; b=Hm8TXp+fOWelM5Df7qXfd+Y5OKBfxj0+tALl7afQ9oFWB6ocbJ8yZZfxWteXQMDcqyHei/ 17tfapAi7woRP8sOyCwHrGRFWhZ6tP+OGkbxVBpWD5XfhrlIOk2+vlpARu9r7YT4LAlqgj oY7STCJFURlV0zBSgJSjgL/vjh5b4FkMjd2vtBuiHJ0PgYn+tnUZ+S6Cys/oAgnzHyLPth Wbt5PTpVkBb4x31ga36889/U7vjQPGAyzD9zwRZsryjyQDdMqQLzNk3lyL/XjHsaT+Dm/u 6/5NUXjVutKRISGi41zxro1DTDgfF7cIWY/rYwykEf/hh9xOpQ22JD22QOjxyA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=worcester-edu.20210112.gappssmtp.com header.s=20210112 header.b=Mw4wtEaY; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 4.23 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=worcester-edu.20210112.gappssmtp.com header.s=20210112 header.b=Mw4wtEaY; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 823BB3C7A4 X-Spam-Score: 4.23 X-Migadu-Scanner: scn1.migadu.com X-TUID: 8GlbadDMNuE+ On Fri, Sep 2, 2022 at 8:44 AM Efraim Flashner wrote: > > On Fri, Sep 02, 2022 at 07:11:54AM -0400, Thompson, David wrote: > > On Fri, Sep 2, 2022 at 3:00 AM Efraim Flashner wrote: > > > > > > I took a look at the gitolite service finally and I hadn't realized > > > there wasn't a running daemon to containerize. I assumed we could do > > > something like: > > > > > > (start $~(make-forkexec-constructor/container > > > (list ...) > > > #:environment-variables > > > '("PATH=...") > > > #:mappings ...)) > > > > > > Given that's not the case then I'd need to look at gitolite itself to > > > see how it calls the other binaries it expects to be available, and if > > > wrapping it would be enough or if we would need to just propagate the > > > other packages for functionality. > > > > Gitolite simply expects tools like git to be on $PATH. It's a pretty > > naive system, there's nothing like a configure script that is > > determining the absolute file name of these tools and substituting > > those names into the built files. > > > > The executable is already wrapped so that coreutils, findutils, and > > git are on $PATH, but notably not openssh: > > > > (add-after 'install 'wrap-scripts > > (lambda* (#:key inputs outputs #:allow-other-keys) > > (let ((out (assoc-ref outputs "out")) > > (coreutils (assoc-ref inputs "coreutils")) > > (findutils (assoc-ref inputs "findutils")) > > (git (assoc-ref inputs "git"))) > > (wrap-program (string-append out "/bin/gitolite") > > `("PATH" ":" prefix > > ,(map (lambda (dir) > > (string-append dir "/bin")) > > (list out coreutils findutils git))))))) > > > > However, git and openssh are still propagated inputs. I'm going to > > move the propagated inputs to regular inputs, potentially add openssh > > to the wrapper once I remind myself what gitolite does with those > > tools, and test it all out on my server using the gitolite service. > > If that all works, we have a good starting point for adding extension > > support in the service. > > I like it. Let us know how it goes. The problem is that gitolite generates git hooks for the repositories that it manages, and those hooks invoke git, so the only way those scripts will be able to work (without input propagation) is to find a way to inject the proper PATH or find a way to replace references to things like 'git diff' with '/gnu/store/.../git diff'. I'm going to keep exploring and report back when I have something to show. - Dave