From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 8OB+NxyR/2JEUAAAbAwnHQ (envelope-from ) for ; Fri, 19 Aug 2022 15:33:16 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id kGssNxyR/2IO8AAAauVa8A (envelope-from ) for ; Fri, 19 Aug 2022 15:33:16 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 52CD22EB45 for ; Fri, 19 Aug 2022 15:33:16 +0200 (CEST) Received: from localhost ([::1]:56210 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oP27f-0001y5-Gp for larch@yhetil.org; Fri, 19 Aug 2022 09:33:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35724) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oP27T-0001hh-MT for bug-guix@gnu.org; Fri, 19 Aug 2022 09:33:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39609) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oP27S-0002f9-DS for bug-guix@gnu.org; Fri, 19 Aug 2022 09:33:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oP27R-0002Hw-Uk for bug-guix@gnu.org; Fri, 19 Aug 2022 09:33:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#56444: Patch to fix Gitolite home directory permissions References: <87zghkehdd.fsf@pisemsky.com> In-Reply-To: <87zghkehdd.fsf@pisemsky.com> Resent-From: "Thompson, David" Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 19 Aug 2022 13:33:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56444 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 56444@debbugs.gnu.org Received: via spool by 56444-submit@debbugs.gnu.org id=B56444.16609159648774 (code B ref 56444); Fri, 19 Aug 2022 13:33:01 +0000 Received: (at 56444) by debbugs.gnu.org; 19 Aug 2022 13:32:44 +0000 Received: from localhost ([127.0.0.1]:57591 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oP279-0002HR-BS for submit@debbugs.gnu.org; Fri, 19 Aug 2022 09:32:43 -0400 Received: from mail-io1-f43.google.com ([209.85.166.43]:34739) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oP275-0002HD-T4 for 56444@debbugs.gnu.org; Fri, 19 Aug 2022 09:32:41 -0400 Received: by mail-io1-f43.google.com with SMTP id x64so3303280iof.1 for <56444@debbugs.gnu.org>; Fri, 19 Aug 2022 06:32:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=worcester-edu.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc; bh=g6Tn43JHxEJUFGltLxhMKMyg3CGEyXSFtrlfjhsw6WQ=; b=kIYIrgsahKxb85EtFYAczzho3/mg+LiUJK7ltOhgdgY4KkB2xcDLa5Y0N1wt3cmvaG L/GXUMjmjIm22YANWOPsNCTBxS6NiQvHPGomfw+eQAgjckOuTmGmXgxmkEbzu3ADwTKI FTKpV7j3LgkTwruOZcjkIBX7DmUGS5nsUMfF8bdqnQiDYq0BjAVm1ps14M28Cgm9ETju dPC0UcUzL57Ul8RM9HwU4YZuYJf5tm9Q21+QGeIOQFiBNX36NJWY2D5IweETmwHxdwMd eOC7amYiBnZEpD+SyK/FoKmg/W+Yip8rmBPoNJoZvrqmRaXG/SDsktJvVK3ap7aRTU1M 2AdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc; bh=g6Tn43JHxEJUFGltLxhMKMyg3CGEyXSFtrlfjhsw6WQ=; b=YJfGKZYnKCtp7Q36ym/EOEGDxMqQNPxrg7I/BK0GDrQO7wMVqAMQsNUEPnXjPZ7WyI WdwNM3EufJGxV/14YIcV+tlwEZN2fuzSwa5JSfrjn+Rg4g2FZhAxp+V2bSno2lol3Fdm 3hmrc/lKRWAy0Gol4TsPHG3Q5pyJvGlxCq+xC0v3n9Jp/TNgwGkld4TqfPT3WB+CNnR3 G90x+0pZImMzM+xW6y/8zok8fN9PUxpntLQsmzAbNTn1D0yrBdVch5cQXcji/Dui+Yuv KAhMQCa2LuuVx+AJk5DzKPnkvrmwGuVvOr+Apm5GW3xfPnuVkElv+R3W+2yW08yN7L9Q W+Qg== X-Gm-Message-State: ACgBeo2HDPKgiBb+1eNScg76vOoNtrZzQaDuMWthsCU5E7U9yVZshbIa F2QVSdKa9PvrRliuDCOLd3MAy8ctqK20j8XIdHVybj6gaMY= X-Google-Smtp-Source: AA6agR4t3VYci6WT3/zhFyQzz3op7bSpAYceXuXATrgaqone29tSDloCFGkA7zUwWzUYX3zcfygbEB+kD86g8LYdkCM= X-Received: by 2002:a05:6638:24c2:b0:346:ce9e:3eff with SMTP id y2-20020a05663824c200b00346ce9e3effmr3654487jat.262.1660915952289; Fri, 19 Aug 2022 06:32:32 -0700 (PDT) MIME-Version: 1.0 From: "Thompson, David" Date: Fri, 19 Aug 2022 09:32:20 -0400 Message-ID: Content-Type: multipart/mixed; boundary="00000000000056bcb705e6982154" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1660915996; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=df9qN/tlqTVLb+lgt9xDjYAnXaw5tF/rrFjo3p6lKnE=; b=GYxF5CSH/DOW9hdiDAtawYcDepu94iEIGJqk4Jmaezki7fYZIP8qFu6Kl/TwAlQSBFyeDH gzLM2DJV4XFW9YX3KKFssRNstiJVP4r9zjGhJV+600XgFF7FemHwcqvUZFbVsS9Ls8Zq+V 0VE2bwuttyHJ9TEn7hXjVztO4yTmAwCMQDlQpyEC2T6n9cU03ZH52dDzMLXkQV8qYRH4TD IIKD9OaX4m40k+/KlrMhZxMW8/4LxBzyxiMGQmJVA1uiEpdpCdkf/Q4vZp3YJlBIROyn+w vJuhejsOffI9mFy+pAhYtt73tjCipZ6UXa59qGx1hU1UQgMZzxMwdu6cyPdhPw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1660915996; a=rsa-sha256; cv=none; b=r/FCl0CJSlguo7L8541OH2wJlWyuK/cKvf3lJYwJ5gz1W5s9M9kgQzIQOJtpv2uAr4toTh tE36GztpCibg7ZFOyejmTe+AqqiGrEaVHD9I2ajEn7MW+u9HB1dNTCWoerbz5ZiQk7jNhu q7WWqLRWYYO8LcXAxBsmlIN/BAouSDNzJM3W63VXnuPOFbXoudBmT6CGK3DE7BJbO+LGXs L4tqNa18Gn+4UQpUNFedq1EQDWd6E+pW/XEp+PK3PZ6EtosEwRiQhU9xK5uYEPdtBWqSDL F2igFCAGBt1RoJoecPneM8SdFnp7hIv8CBJ/9SVIMQ0WGF1EH79hDzb5FufqRQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=worcester-edu.20210112.gappssmtp.com header.s=20210112 header.b=kIYIrgsa; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 2.25 Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=worcester-edu.20210112.gappssmtp.com header.s=20210112 header.b=kIYIrgsa; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 52CD22EB45 X-Spam-Score: 2.25 X-Migadu-Scanner: scn1.migadu.com X-TUID: N8np5cYePnXw --00000000000056bcb705e6982154 Content-Type: multipart/alternative; boundary="00000000000056bcb505e6982152" --00000000000056bcb505e6982152 Content-Type: text/plain; charset="UTF-8" Hi Evgeny and whoever wants to do some code review, I have been experiencing this same issue for years now and have been manually chmod'ing /var/lib/gitolite every time I upgraded because I didn't understand what was happening. All this time I thought I had gitolite misconfigured, that maybe I didn't have its umask config set properly, but it was Guix all along! In this case that's great, because it makes the problem easy for me to fix. Patch attached. It works like a charm for my personal git server (https://git.dthompson.us), /var/lib/gitolite was 700 before a system reconfigure, and 750 afterwards. Big thanks to Evgeny for making a bug report and doing the research to identify the root cause! - Dave --00000000000056bcb505e6982152 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Evgeny and whoever wants to do some code review,

I have been experiencing this same issue for years = now and have been manually chmod'ing /var/lib/gitolite every time I upg= raded because I didn't understand what was happening.=C2=A0 All this ti= me I thought I had gitolite misconfigured, that maybe I didn't have its= umask config set properly, but it was Guix all along! In this case that= 9;s great, because it makes the problem easy for me to fix.=C2=A0 Patch att= ached.=C2=A0 It works like a charm for my personal git server (https://git.dthompson.us), /var/lib/gitolite w= as 700 before a system reconfigure, and 750 afterwards.

<= /div>
Big thanks to Evgeny for making a bug report and doing the resear= ch to identify the root cause!

- Dave
--00000000000056bcb505e6982152-- --00000000000056bcb705e6982154 Content-Type: text/x-patch; charset="US-ASCII"; name="0001-services-gitolite-Relax-permissions-on-service-user-.patch" Content-Disposition: attachment; filename="0001-services-gitolite-Relax-permissions-on-service-user-.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_l70ibjca0 RnJvbSBmMzVjYjAxOGRmODQ5OGRiNDU2ODlkYzBlOTgwMGI5OTAwOGE5ZGVhIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBUaG9tcHNvbiA8ZHRob21wc29uMkB3b3JjZXN0ZXIu ZWR1PgpEYXRlOiBGcmksIDE5IEF1ZyAyMDIyIDA5OjIwOjA2IC0wNDAwClN1YmplY3Q6IFtQQVRD SF0gc2VydmljZXM6IGdpdG9saXRlOiBSZWxheCBwZXJtaXNzaW9ucyBvbiBzZXJ2aWNlIHVzZXIg aG9tZQogZGlyZWN0b3J5LgoKRml4ZXMgaHR0cHM6Ly9pc3N1ZXMuZ3VpeC5nbnUub3JnLzU2NDQ0 CgoqIGdudS9zZXJ2aWNlcy92ZXJzaW9uLWNvbnRyb2wuc2NtIChnaXRvbGl0ZS1hY3RpdmF0aW9u KTogTW9kaWZ5IHBlcm1pc3Npb25zCiAgb24gaG9tZSBkaXJlY3Rvcnkgc28gdGhhdCBnaXQgZ3Jv dXAgaGFzIHJlYWQgYWNjZXNzLgoKUmVwb3J0ZWQtYnk6IEV2Z2VueSBQaXNlbXNreSA8ZXZnZW55 QHBpc2Vtc2t5LmNvbT4KCkV4cGVyaWVuY2VkIGJ5IERhdmlkIFRob21wc29uIGZvciB5ZWFycywg d29uZGVyaW5nIHdoYXQgd2FzIHdyb25nLiBUaGFua3MgZm9yCmZpbmRpbmcgdGhlIHJvb3QgY2F1 c2UsIEV2Z2VueSEgOikKLS0tCiBnbnUvc2VydmljZXMvdmVyc2lvbi1jb250cm9sLnNjbSB8IDgg KysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCA4IGluc2VydGlvbnMoKykKCmRpZmYgLS1naXQgYS9n bnUvc2VydmljZXMvdmVyc2lvbi1jb250cm9sLnNjbSBiL2dudS9zZXJ2aWNlcy92ZXJzaW9uLWNv bnRyb2wuc2NtCmluZGV4IGRlZmJkNjVjMzYuLjE3YTVmOWM4NjcgMTAwNjQ0Ci0tLSBhL2dudS9z ZXJ2aWNlcy92ZXJzaW9uLWNvbnRyb2wuc2NtCisrKyBiL2dudS9zZXJ2aWNlcy92ZXJzaW9uLWNv bnRyb2wuc2NtCkBAIC0zMzEsNiArMzMxLDE0IEBAIGFjY2VzcyB0byBleHBvcnRlZCByZXBvc2l0 b3JpZXMgdW5kZXIgQGZpbGV7L3Nydi9naXR9LiIKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAoc3RyaXAtc3RvcmUtZmlsZS1uYW1lIGFkbWluLXB1YmtleSkpKSkKICAgICAgICAgICAg ICAgICAocmMtZmlsZSAjJChzdHJpbmctYXBwZW5kIGhvbWUgIi8uZ2l0b2xpdGUucmMiKSkpCiAK KyAgICAgICAgICAgOzsgYWN0aXZhdGUtdXNlcnMrZ3JvdXBzIGluIChnbnUgYnVpbGQgYWN0aXZh dGlvbikgc2V0cyB0aGUKKyAgICAgICAgICAgOzsgcGVybWlzc2lvbiBmbGFncyBvZiBob21lIGRp cmVjdG9yaWVzIHRvICNvNzAwIGFuZCBtZW50aW9ucyB0aGF0CisgICAgICAgICAgIDs7IHNlcnZp Y2VzIG5lZWRpbmcgbG9vc2VyIHBlcm1pc3Npb25zIHNob3VsZCBjaG1vZCBpdCBkdXJpbmcKKyAg ICAgICAgICAgOzsgc2VydmljZSBhY3RpdmF0aW9uLiAgV2UgYWxzbyB3YW50IHRoZSBnaXQgZ3Jv dXAgdG8gYmUgYWJsZSB0bworICAgICAgICAgICA7OyByZWFkIGZyb20gdGhlIGdpdG9saXRlIGhv bWUgZGlyZWN0b3J5LCBzbyBhIGNobW9kJ2luZyB3ZSB3aWxsCisgICAgICAgICAgIDs7IGdvIQor ICAgICAgICAgICAoY2htb2QgIyRob21lICNvNzUwKQorCiAgICAgICAgICAgIChzaW1wbGUtZm9y bWF0ICN0ICJndWl4OiBnaXRvbGl0ZTogaW5zdGFsbGluZyB+QVxuIiAjJHJjLWZpbGUpCiAgICAg ICAgICAgIChjb3B5LWZpbGUgIyRyYy1maWxlIHJjLWZpbGUpCiAgICAgICAgICAgIDs7IGVuc3Vy ZSBnaXRvbGl0ZSdzIHVzZXIgY2FuIHJlYWQgdGhlIGNvbmZpZ3VyYXRpb24KLS0gCjIuMjUuMQoK --00000000000056bcb705e6982154--