From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id qBxOKRjDEGOphQEAbAwnHQ (envelope-from ) for ; Thu, 01 Sep 2022 16:35:04 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id eO5WKRjDEGOvOwAA9RJhRA (envelope-from ) for ; Thu, 01 Sep 2022 16:35:04 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 40A842596 for ; Thu, 1 Sep 2022 16:23:44 +0200 (CEST) Received: from localhost ([::1]:58064 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oTl6d-000732-GP for larch@yhetil.org; Thu, 01 Sep 2022 10:23:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48544) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oTl44-0005LD-Sa for bug-guix@gnu.org; Thu, 01 Sep 2022 10:21:08 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54052) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oTl42-0005LB-On for bug-guix@gnu.org; Thu, 01 Sep 2022 10:21:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oTl42-00031Q-Fn for bug-guix@gnu.org; Thu, 01 Sep 2022 10:21:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#25957: [EXT] bug#25957: gitolite broken: created repositories keep references to /usr/bin for hooks Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 01 Sep 2022 14:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 25957 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: "Thompson, David" Cc: 25957@debbugs.gnu.org, Maxime Devos , zimoun Received: via spool by 25957-submit@debbugs.gnu.org id=B25957.166204201411525 (code B ref 25957); Thu, 01 Sep 2022 14:21:02 +0000 Received: (at 25957) by debbugs.gnu.org; 1 Sep 2022 14:20:14 +0000 Received: from localhost ([127.0.0.1]:43801 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oTl3F-0002zo-Hx for submit@debbugs.gnu.org; Thu, 01 Sep 2022 10:20:14 -0400 Received: from mail-wm1-f43.google.com ([209.85.128.43]:44828) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oTl3E-0002zZ-9U for 25957@debbugs.gnu.org; Thu, 01 Sep 2022 10:20:12 -0400 Received: by mail-wm1-f43.google.com with SMTP id n17-20020a05600c501100b003a84bf9b68bso1554480wmr.3 for <25957@debbugs.gnu.org>; Thu, 01 Sep 2022 07:20:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to :cc:subject:date; bh=YCrMg2Jl7LtHFY1Yqybpwp4o4qQX3YGnDNTS91GL6S0=; b=hng3zozNIs/yGTvW1OR5hwYHcuOMJJ4TYoSawY2fqow3roIIUlLjwddE4qQhOJEQoC A5BDJj7Z4Uc/ZoIyx1qxqa+Cmf0wIWy/dJYDqeQ+fLsDps6pFqFB2WQMm47HcFFokgcT KZ7SDT5WS9xB6OGeaJMT0T2BMf4p9ox/WXloohB7xZRrE5CYVjjP6GcZOvkb4Kqk4hEB YrzjN7nk58QrPfGKXipM/gHisRcLI0Fu5AHahEsAsOHnOvuoqU0WmX2qV7wdR67gY6qZ C7wY8NkBIG07cAmBC9m3UOzQ3Jt1P6ksX+/4KjAoEHJldgJiUNyJxsYd1Q3uoGjJarLe Ed2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date; bh=YCrMg2Jl7LtHFY1Yqybpwp4o4qQX3YGnDNTS91GL6S0=; b=zG384u3GtI1Ribu/32UmvGQMf3jhw5yitFQkg996I2itxTXZIkIuRCKx/vl41K8B+j 3uxNSSaSF41ruTlQ1RjB1BYMx9TipiD89StvVCbnEWWa5YCxH4AnfjOJ6iE3KHQlf6wD 9Mf1hZ/XgCpFJBxtaBwwUzel5yO1oOoYqI2mKrz0fQo07s7l8QZ1ffm7/Df0vq9VLRDw IIPBnJj8XTqhyLntMolhQfEmg3pP4MMQ5wWoHHPkwHZTy2pBsIXDa4p4sNejx67WKlXb g95NB9RAnMpk1YRh8Ibf2lTyT6nMkWWEo7KCL5rcBUnX4X6zJL4x1vgESZ0Nci0WIJCE BJGw== X-Gm-Message-State: ACgBeo0qjZfEhUiYFOUhh5xmhjDlwmIC5GlKvJKpcY59ZGz3rRQGok0Z xttiu0mW1ef2AlSE+7m74r4= X-Google-Smtp-Source: AA6agR7Vyhs1516eOBgosSM3epI8RNOPpdAMNPX5bIdaDv2uOJA8s0M9Hb8QRMpZvh0XAC095DNe6Q== X-Received: by 2002:a1c:4b01:0:b0:3a5:94e8:948e with SMTP id y1-20020a1c4b01000000b003a594e8948emr5378449wma.197.1662042006128; Thu, 01 Sep 2022 07:20:06 -0700 (PDT) Received: from localhost ([141.226.13.1]) by smtp.gmail.com with ESMTPSA id q13-20020adff78d000000b0022533c4fa48sm14481054wrp.55.2022.09.01.07.20.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Sep 2022 07:20:05 -0700 (PDT) Date: Thu, 1 Sep 2022 17:20:01 +0300 From: Efraim Flashner Message-ID: Mail-Followup-To: Efraim Flashner , "Thompson, David" , Maxime Devos , zimoun , 25957@debbugs.gnu.org References: <20170303222743.wf777eedaauuof3f@abyayala> <20170304133242.towlmzdcm6x43hvi@abyayala> <86k0ff9has.fsf_-_@gmail.com> <8635l01x7a.fsf@gmail.com> <86lex10wwr.fsf@gmail.com> <6a325301e7cc55ee08652c67e49c3eb8a0802baa.camel@telenet.be> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="FEi425vITRaO+k/f" Content-Disposition: inline In-Reply-To: X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1662042224; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=YCrMg2Jl7LtHFY1Yqybpwp4o4qQX3YGnDNTS91GL6S0=; b=iZAXTGajEUt0R/UJPqvIBjlUc+N1bZOptVYI4L9s0/lsBiJitWd3d3IUjYj1EyMLL0Qzde uk/cQxe+lVqFCmvolVMYXaczcZPZK6IkZzIGT6e7vzgeiMd7ZdjFAjDyuSlDcg2foj1UaF 9J7qLfenJJSo9Fq4mS9PQOTDdhi6M3LipsV62R+ftIsDLsqc6sfRJI15Ybzht0Qu0dObLx EE36F1RgEKNMCN+0oOE2gZlMHjPTJyPRiCwdyeBIxMEO2L7kp12B0sDvhVVZAxeRDHG0EC 8FyIoYcB9rGcnuEDb9v9rchSKwO7jzQOnr/A8qGNXsucVt4AqFaCov0wzeeyMg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1662042224; a=rsa-sha256; cv=none; b=rujW33HYesRFXVVM2GLpQpbNlRYsKS7S9Cnwi1BNprYALIe3l+KXmYwpKI909PQyzqMMCM P2fe89x+gcCPhZ1cwp1XoD5mfSkTH2cNQNpUqNlsT0l5oLzvPHZ28MN3Yun5WAITlDe0rg h5dot+vutMi/FrVI03meQucIbkZxdinFpuhdXOCzmns+rr56+YNCp0EXcvvyylyx/FAZ48 Dt0vYAGfZhKhpnaCTNmFoTGoocy1m94/CB2Mmo3ln+IMv9CHlySa4ibgTUkFhGJPyqi4B8 +6W+cfW49JkjftCflQGk15BeMYrZASwlYgeWmjlVWvWatcL7Gc7c+jk3A8Dv5w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=hng3zozN; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -0.17 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=hng3zozN; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 40A842596 X-Spam-Score: -0.17 X-Migadu-Scanner: scn0.migadu.com X-TUID: NajWyLPnEndQ --FEi425vITRaO+k/f Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 01, 2022 at 09:59:55AM -0400, Thompson, David wrote: > Hi all, >=20 > Reviving this old thread. >=20 > On Mon, Mar 28, 2022 at 2:51 AM Efraim Flashner w= rote: > > > > > > Seems like all we have to do is 'substitute*' a '/usr/bin/svnserve' > > > into a '/gnu/store/...' (untested), so seems actionable to me. > > > Alternatively, as Efraim wrote, let it search the $PATH (that might be > > > useful if adding svnserve would increase the closure too much and it = is > > > an optional dependency in practice?). > > > > I spent some time looking at gitolite and the service. As I understand > > it, with the exception of svnserve, it searches $PATH for a number of > > different binaries, including git-annex. I believe that this would only > > work if git-annex (and potentially other packages) are installed > > globally. > > > > In addition, git (not git-minimal) and openssh are propagated inputs AND > > wrapped. I haven't tested to see if wrapping only is enough. > > > > I think the best choice is to: > > A: Replace /usr/bin/svnserve with svnserve so it will just search $PATH, > > like it does with the other helpers. >=20 > I see that you have done this. Thanks! We could also replace the > reference to /usr/sbin/redis-server in src/lib/Gitolite/Cache.pm. > That's the only other /usr reference I can find (that isn't in a > comment) in the output. I have the patch ready if that sounds good to > you. Sounds good to me > > B: Adjust the service so that it automatically creates a variant (or > > just a wrapped version) of the package which is wrapped with a list of > > additional packages so that they can be in gitolite's path. If I were > > deploying this to an arm device I wouldn't want it wrapped with > > git-annex since it doesn't build, but would definitely want it for an > > x86_64 machine. >=20 > The service configuration record could accept a list of addons like > '(git-annex cache svnserve), with a default of no addons '(), and > create a package that extends the gitolite package with the > appropriate propagated inputs. Does that sound like what you had in > mind? A more robust solution could modify the build to hardcode the > store paths needed for the add-ons but given that we already propagate > git and openssh I don't think it's necessary right now. Assuming this is deployed into some sort of container then propagated inputs wouldn't help much, we'd need either the PATH for the container to be extended to include those extra packages or to have gitolite itself wrapped similar to icedove/wayland. Just extending the PATH in the #:environment-variables would be enough I'd think. > > I suppose we should try to find someone who is using the gitolite > > service and see if they can be our test subject for wrapping the package > > with optional addons. >=20 > I use the gitolite service and can be the test subject. I don't > currently use any add-ons, but the redis one sounds easy enough to try > and hey maybe it's a good excuse to finally learn how to use > git-annex. >=20 > As a longer term thing, it would be cool to revisit propagating git > and openssh in this package. I punted on it back in 2015 for the > reason stated in the source comments but maybe there's a reasonable > and reliable way to directly embed the store paths now. It's actually been forever since I looked at gitolite so I don't know remember what those inputs were needed for, but it'd be great to improve the service. > - Dave Interestingly, I almost have a working ghc-8.6 for aarch64 after all these years. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --FEi425vITRaO+k/f Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmMQv5EACgkQQarn3Mo9 g1E8nQ//Xj8Mzpi/6jL0+Ci+XmXAUOclrz/aNNsp2gzbRLzSCN76eW0d7ejVzVTj F/kQdy3EkEwg1OXgEZhvlkWx3qUY5Tma840llz0h+IhTIRax/KCXfbT6Sk/m27G8 rD2XHSirW35YmJuQlHadtq1uzUDxWLCGxY9r32G1xp+laorujSjVMeHTsnAoD1gS BpnieOvgD91DTk7zHJYtGCfavMRiuJOij/uS+9fs+oM8c17FcTaG4bndlxmy1F6+ 5BudwiY/HjzVn+jvbLsY/vMpSmGxaexQyJKQVJS792wnFF5sNRC+QOTmR0UztU6m mI9DCTPqHejR0i1jncnHKjUmI855avcEL8evNsjvjmF2NuWVb6YiwEtPuSpoCVn+ tLGnr4SceOgiRiXKLLOAzIA/JdcLmvkK6F15YhoBZSZEwsOAt5AVFXcOqiZ+FL6h /gXmGOc5Wrc9SuX7Ssb7YnKRXbZMq2rzj2Uu0J4+hPx9d27nn/HRoYZRvsLQjSNk +6W9R4DJc7clyu0dQ4qA/IynUud/UJ81GAVbqzT/Zcym7HQPMSM2hzLB28sluPag w0/mUoMwLEznjW+n3+tYbH6J+obF70jep70RTO6ldM4dHC1D8udWVLo9PsfP1tRb Eb1o967VkUg/rFWWL0ZexOip7lGs0s2LsSSKHyDirWFaRHvakCw= =TD+i -----END PGP SIGNATURE----- --FEi425vITRaO+k/f--