From f35cb018df8498db45689dc0e9800b99008a9dea Mon Sep 17 00:00:00 2001
From: David Thompson <dthompson2@worcester.edu>
Date: Fri, 19 Aug 2022 09:20:06 -0400
Subject: [PATCH] services: gitolite: Relax permissions on service user home
 directory.

Fixes https://issues.guix.gnu.org/56444

* gnu/services/version-control.scm (gitolite-activation): Modify permissions
  on home directory so that git group has read access.

Reported-by: Evgeny Pisemsky <evgeny@pisemsky.com>

Experienced by David Thompson for years, wondering what was wrong. Thanks for
finding the root cause, Evgeny! :)
---
 gnu/services/version-control.scm | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index defbd65c36..17a5f9c867 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -331,6 +331,14 @@ access to exported repositories under @file{/srv/git}."
                                (strip-store-file-name admin-pubkey))))
                 (rc-file #$(string-append home "/.gitolite.rc")))
 
+           ;; activate-users+groups in (gnu build activation) sets the
+           ;; permission flags of home directories to #o700 and mentions that
+           ;; services needing looser permissions should chmod it during
+           ;; service activation.  We also want the git group to be able to
+           ;; read from the gitolite home directory, so a chmod'ing we will
+           ;; go!
+           (chmod #$home #o750)
+
            (simple-format #t "guix: gitolite: installing ~A\n" #$rc-file)
            (copy-file #$rc-file rc-file)
            ;; ensure gitolite's user can read the configuration
-- 
2.25.1