From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id iGaJFCr8EWM0DAEAbAwnHQ (envelope-from ) for ; Fri, 02 Sep 2022 14:50:50 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id YLZhFCr8EWOLeQEAauVa8A (envelope-from ) for ; Fri, 02 Sep 2022 14:50:50 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E8944A1EC for ; Fri, 2 Sep 2022 14:50:49 +0200 (CEST) Received: from localhost ([::1]:56070 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oU68H-0002e1-5F for larch@yhetil.org; Fri, 02 Sep 2022 08:50:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56606) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oU63f-0006jd-Nu for bug-guix@gnu.org; Fri, 02 Sep 2022 08:46:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:55480) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oU63d-00087h-U7 for bug-guix@gnu.org; Fri, 02 Sep 2022 08:46:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oU63d-000187-Ni for bug-guix@gnu.org; Fri, 02 Sep 2022 08:46:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#25957: gitolite broken: created repositories keep references to /usr/bin for hooks Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 02 Sep 2022 12:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 25957 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: "Thompson, David" Cc: 25957@debbugs.gnu.org, zimoun Received: via spool by 25957-submit@debbugs.gnu.org id=B25957.16621227074242 (code B ref 25957); Fri, 02 Sep 2022 12:46:01 +0000 Received: (at 25957) by debbugs.gnu.org; 2 Sep 2022 12:45:07 +0000 Received: from localhost ([127.0.0.1]:45223 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oU62l-00016M-3Q for submit@debbugs.gnu.org; Fri, 02 Sep 2022 08:45:07 -0400 Received: from mail-wr1-f43.google.com ([209.85.221.43]:44669) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oU62j-00015K-4t for 25957@debbugs.gnu.org; Fri, 02 Sep 2022 08:45:05 -0400 Received: by mail-wr1-f43.google.com with SMTP id c7so2149617wrp.11 for <25957@debbugs.gnu.org>; Fri, 02 Sep 2022 05:45:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to :cc:subject:date; bh=+5Hw0SlAqpM5kLBhzzDwpWeIbKRsY9n22egGfAFFW5E=; b=iIT71+31r0fwQ0GtUdCxo2fwyH7zHmU7cUuA+NhM0cndlZ6x1kB2w7LdlGoPZA6YgT M8k9CUZBpk8vsLSeu+RasO4QG0Vj7ys8CEkkWq05xUITy8l0ldZ6lkRrJL8MsV/LiijA ciZOAhxTMvLfUkBfS6oqW/dPivWL5rtP8D7P64eSdZ3AveFePnhRniR8u3qW6V9bBc+y PJ/HNB6fbj3uD3Tg0UEljMRaDqlwejaa/dsx8yQlh9p7yaD323cIDyjSwcvIUUglAlWx S033Ym+qSn9XzdCrq6zLPXmo0z6X284cMiH6uaS1ERJD8Twj5FMuIs2Lh1EzmmjVyJz2 vmkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date; bh=+5Hw0SlAqpM5kLBhzzDwpWeIbKRsY9n22egGfAFFW5E=; b=Gd2gO3l7HQpA8xqxCes2eYYi/lt+U2+KFiwI5ohR/2wjyQVOj+FDPwZ7N4gK9ujaji nLklLqMAe47XnL6G6I9sNOX8qkOZRtbr7jW3r6Qhr1GRywOq3DTxYTHYmjiHQf631nix bAL3xtLJ3GXf2nfHc6lA0a4fOuJ7KM6xjzaMMvYgcXWqENH5Nb6ueitUeCJ9Kb8B13ex 4iisA6qULwRjVKK3Cequ9ZGyL7lrOiOtiDunGwCF7Im0f1lyiwovrOdOp7NWt1Z3hYiA PnEdWEBQo0cqiFWYDiavDxLo9+i+c7Oquw3yFBX/ShjGcrgmy5MY5tXBvtPaxs4O9iO8 4KAw== X-Gm-Message-State: ACgBeo1WHtcVyZV16P5tmF54Z2kJaAlvRFNbnpuR1pxwTscQfOeOgDJ/ db3uLZEhplwN5lnnbl2FxLE= X-Google-Smtp-Source: AA6agR7yBIsYk4/TEQpfzavgw10D2i5p7+imrQZ9+uIb9D3THg81InLuxl+kvHZZF/m+T5DJ6xmT8w== X-Received: by 2002:adf:fb8f:0:b0:225:2def:221e with SMTP id a15-20020adffb8f000000b002252def221emr17391655wrr.130.1662122699291; Fri, 02 Sep 2022 05:44:59 -0700 (PDT) Received: from localhost ([141.226.13.1]) by smtp.gmail.com with ESMTPSA id z4-20020a1cf404000000b003a603fbad5bsm1950208wma.45.2022.09.02.05.44.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Sep 2022 05:44:57 -0700 (PDT) Date: Fri, 2 Sep 2022 15:41:42 +0300 From: Efraim Flashner Message-ID: Mail-Followup-To: Efraim Flashner , "Thompson, David" , zimoun , 25957@debbugs.gnu.org References: <8635l01x7a.fsf@gmail.com> <86lex10wwr.fsf@gmail.com> <6a325301e7cc55ee08652c67e49c3eb8a0802baa.camel@telenet.be> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="rdBhjiGdVK8p+O+o" Content-Disposition: inline In-Reply-To: X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1662123050; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=+5Hw0SlAqpM5kLBhzzDwpWeIbKRsY9n22egGfAFFW5E=; b=q+QY6ImsD2BEQ11QVaxjOnNH7p01OfV+hTadhgvbb1+XRG5z3PSAbIT70yqYNBAMLx5Gdm cfJJ+sSZWkq0ZRNXtsxpMw8e0FOuEkraLIYpJ33Mjtc9YXSijUYjzs0tGbjKQE2pRs5p7z YgNAAjLX0sN7d205GTnj5In9jmr/o7Wbmql+nsP4AZXw8PSgr/ee49UI3YoxZ7j1m3bLDW vu8jPP2ni6X9EAvEL1L6ZPkCaPntRrAQuPN8wRpdY0GdN9bkPFMngNVw9afIh3Ey1f5ASK e+9PjkZ3R8uYD6Tq0Se3/tqWcBlXhpG0KEmh/DKuDKzBcz5FoqAB5mpx6WriaA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1662123050; a=rsa-sha256; cv=none; b=urrMaJ3+iRnySkgkNBSQMoxJc5EY00/JsXZmkoIj9mS28EKJ89umnjYTlbwUHkZ08fJSpP RsZvlZHurTKo8KUXyaI4VVbCJyykIZjDDgtEqfcciaw9jEAJM0hjnxmtp2GwReMjT286HO 8bFcrpUIeyxo7UzqecTDhW4huXH405La/XlBSHS6cv79OiY6tOsS+pp5iq6IeLBjMv2iWc cB+RrTFziPPL5PYhqdRi7JsyiKlv7AiWy1UHGm9IfxPNAUXtdywGEt0MRUd6rTI6KnQzwT rra0O34/1pA3OO5nXdlJVmLveu6+fdnJJjCsq5NeBMR+Di84ewGrgwahMhdytQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=iIT71+31; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 0.03 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=iIT71+31; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: E8944A1EC X-Spam-Score: 0.03 X-Migadu-Scanner: scn0.migadu.com X-TUID: Ds03FlJZOpoN --rdBhjiGdVK8p+O+o Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 02, 2022 at 07:11:54AM -0400, Thompson, David wrote: > On Fri, Sep 2, 2022 at 3:00 AM Efraim Flashner wr= ote: > > > > I took a look at the gitolite service finally and I hadn't realized > > there wasn't a running daemon to containerize. I assumed we could do > > something like: > > > > (start $~(make-forkexec-constructor/container > > (list ...) > > #:environment-variables > > '("PATH=3D...") > > #:mappings ...)) > > > > Given that's not the case then I'd need to look at gitolite itself to > > see how it calls the other binaries it expects to be available, and if > > wrapping it would be enough or if we would need to just propagate the > > other packages for functionality. >=20 > Gitolite simply expects tools like git to be on $PATH. It's a pretty > naive system, there's nothing like a configure script that is > determining the absolute file name of these tools and substituting > those names into the built files. >=20 > The executable is already wrapped so that coreutils, findutils, and > git are on $PATH, but notably not openssh: >=20 > (add-after 'install 'wrap-scripts > (lambda* (#:key inputs outputs #:allow-other-keys) > (let ((out (assoc-ref outputs "out")) > (coreutils (assoc-ref inputs "coreutils")) > (findutils (assoc-ref inputs "findutils")) > (git (assoc-ref inputs "git"))) > (wrap-program (string-append out "/bin/gitolite") > `("PATH" ":" prefix > ,(map (lambda (dir) > (string-append dir "/bin")) > (list out coreutils findutils git))))))) >=20 > However, git and openssh are still propagated inputs. I'm going to > move the propagated inputs to regular inputs, potentially add openssh > to the wrapper once I remind myself what gitolite does with those > tools, and test it all out on my server using the gitolite service. > If that all works, we have a good starting point for adding extension > support in the service. I like it. Let us know how it goes. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --rdBhjiGdVK8p+O+o Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmMR+gMACgkQQarn3Mo9 g1FfIBAAmVbRlh96YZnlmbAKijXgMIT8HXSTCgCqpuiUE3LH9HM+vh9pGHO+CSkd W26HV5G+VCcpzLnSFAnUgpm4W2eMgZDt6IfTG7SzwpZs6z5+Oc9XRuxaqRdoBMiT zK5ATgZoGkn4bK5yfVC4xTUTyrNJEsS7fZzNm7UnoU83G6GHv3SvoRICL5eWYgf5 CvLVmH5gRYtJSQGKZkh9iCLadGezDT2oyZXK58q0GrWb0M2esG+lVRw5xjLjXrsh 4vy+pACbM4iHg/XJsh6ObcUKDAtybsbaK9Os0uMKnOICC3s2giCLkZ8oU46+o5dT Jga9j9ObWJlxiLhGzSzPBx2mEAolKjh1ofSe0f1I2/fBU+P+mjvLgKW7aFZIkdY0 ij6iJKGZ58SvbgX3cxptKkyzV8C9AgZUmFsmEOeKAgjxopjjPA3jG87t3Mivtteu p1xWtimunzMFbNURB9/rMrK5Q9BqbB3cgTa4XJZPNMg7B44pzY0pnXt3F3IxMxea dj5R/ceFSJclu9BSmZyRU7ZKMRrRnXshZd7bmxBqf+Qupq16qYvQhXFlMoxkOhdy 0bqswHRQ9YLgscXPlb2hmvNuceXEOm0dpHUa9V4aElh37zPO7fBIcZchfOnab/h3 7zVEfZZlIS5o2yunnuUmtt9TmeXx4bmp5cSGZ2Q9lIbQSYdPpyU= =dCOk -----END PGP SIGNATURE----- --rdBhjiGdVK8p+O+o--