Re: [PATCH] gnu: service: Add git-service.

[ng0 <ngillmann@runbox.com>]

So almost one month passed now.
To continue testing this, I need help on this first.

Thanks.

ng0 <ng0@we.make.ritual.n0.is> writes:

> I tried to address most of what you've written.
>
> While I was correcting the documentation I decided to add more options,
> now it doesn't work anymore, probably because of the ifs I added.
>
> Andy Wingo <wingo@igalia.com> writes:
>
>> On Tue 30 Aug 2016 13:45, ng0 <ng0@we.make.ritual.n0.is> writes:
>>
>>>>I also think that "path" might
>>>> not be the right word, which in GNU manuals is only used for search
>>>> paths.  See the "GNU Manuals" section of standards.texi for more.
>>>> Anyway I suggest #:base-directory.  Make sure the port is an integer and
>>>> not a string.
>>>
>>> See 'man git daemon'.
>>
>> I ran this and it did not work -- first showed me a page for git then
>> for daemon.  I believe you want "man git-daemon"?
>>
>>> The switch is called --base-path.  Looking at the openrc conf.d/git or
>>> what the config file was called again, they stick to this name too.
>>> It would just cause confusion if we go ahead and call it differently.
>>> Upstream should be fixed, but I'm not going there.  If you think we
>>> should break expectations, I can rename it.
>>
>> "Fixing" upstream is out of our remit :)  All I can ask is that we do
>> not introduce new uses of the word "path".
>>
>>>>> +Return a service to run the @uref{https://git-scm.com, git} daemon version control
>>>>> +daemon.
>>>>
>>>> Extra "daemon" here.  Probably needs a sentence on what running the
>>>> daemon will do (namely, expose local repositories for remote access).
>>>>
>>>> What about authentication?  Is this purely anonymous?
>>>
>>> Exactly, authentication is handled via other daemons, for example ssh or
>>> gitolite. git daemon supports no authentication and is read-only, as far
>>> as I know. At the servers I use and setup, I pull via
>>> git://,http://,https:// and push via ssh.
>>> Its selfdescription is:
>>> git-daemon - A really simple server for Git repositories.
>>
>> This needs to be documented in the manual, is what I was getting at :)
>> Mention that this is for anonymous read-only access please.
>
> read-only was wrong, anonymous write-access for all the world can be set
> up but it is not default.
>
>>
>>>>Use "file name" instead of path in general.
>>>
>>> Why?
>>
>> It is because it is standard in the GNU project.  I mentioned this
>> before.  See "info standards" and go to "GNU manuals".
>>
>>>>> +Furthermore it takes the parameter @var{port} which defaults to 9418.
>>>>> +Run @command{man git daemon} for information about the options.
>>>>
>>>> This man command does not work.
>>>
>>> Works for me. As far as I know man pages were merged into git package
>>> recently. When I run this on debian with guix, 'man git daemon' works
>>> too.
>>
>> It does not work for me on NixOS with Guix.  Maybe I am out of date
>> though.
>>
>>>>> +(define %git-accounts
>>>>> +  ;; User account and groups for git-daemon.
>>>>> +  ;; We can give it git-shell for now, otherwise we can switch to /bin/sh.
>>>>
>>>> What does this comment mean?  Why would we switch?
>>>
>>> I am not sure about the limitations of git-shell compared to
>>> /bin/sh. If this turns out to be a mistake, it can be corrected. The
>>> only thing I know about git-shell is that it allows no logins.
>>
>> If you do not want a login then probably what you want is
>> #~(string-append #$shadow "/sbin/nologin").
>>
>> Andy
>
> From d1d7eb59ca53833098cea2d6eddaa59f1494b579 Mon Sep 17 00:00:00 2001
> From: ng0 <ng0@we.make.ritual.n0.is>
> Date: Fri, 8 Jul 2016 15:42:55 +0000
> Subject: [PATCH] gnu: services: Add git-service.
>
> * gnu/services/version-control.scm: New file, create it.
> (git-service): New Procedures.
> (git-service-type): New variable.
> * doc/guix.texi: Add documentation.
> ---
>  doc/guix.texi                    |  37 ++++++++
>  gnu/local.mk                     |   1 +
>  gnu/services/version-control.scm | 196 +++++++++++++++++++++++++++++++++++++++
>  3 files changed, 234 insertions(+)
>  create mode 100644 gnu/services/version-control.scm
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index b22cf4a..78d7ee1 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -7494,6 +7494,7 @@ declaration.
>  * Database Services::           SQL databases.
>  * Mail Services::               IMAP, POP3, SMTP, and all that.
>  * Web Services::                Web servers.
> +* Version Control::             Git and others.
>  * Various Services::            Other services.
>  @end menu
>  
> @@ -9910,6 +9911,42 @@ directories are created when the service is activated.
>  
>  @end deffn
>  
> +@node Version Control
> +@subsubsection Version Control
> +
> +The @code{(gnu services version-control)} module provides the following services:
> +
> +@deffn {Scheme Procedure} git-service [#:git @var{git}] @
> +       [#:base-directory "/var/git/repositories"] @
> +       [#:user-directory? #f ""] [#:port 9418] @
> +       [#:directory? #f ""] [#:max-connections 32] @
> +       [#:pid-file? #t "/var/run/git-daemon.pid"]
> +
> +Return a service to run the @uref{https://git-scm.com, Git} daemon, a really simple
> +TCP Git service which exposes local repositories for anonymous remote access.
> +
> +The git daemon runs as the @code{git} unprivileged user.  It is started with
> +the fixed parameters @code{--syslog}, @code{--reuseaddr} and
> +@code{"--no-informative-errors"}.
> +You can pass the parameter @var{base-directory}, which remaps all the directory
> +requests as relative to the given directory.  If you run git-service with
> +@var{base-directory "/var/git/repositories"} on example.com, then if you later try
> +to pull @code{git://example.com/hello.git}, git-service will interpret the directory
> +as @code{/var/git/repositories/hello.git}.
> +@var{max-connections} sets the maximum number of concurrent clients, it defaults to 32.
> +Set it to 0 for no limit.
> +@var{user-directory} allows allows ~user notation to be used in requests. When
> +specified with no parameter, requests to @code{git://host/~alice/foo} is taken as a
> +request to access @code{foo} repository in the home directory of user @code{alice}.
> +If @var{user-directory "path"} is specified, the same request is taken as a request
> +to access @code{path/foo} repository in the home directory of user @code{alice}.
> +The parameter @var{directory "foo"} adds the directory "foo" and its subdirectories
> +to the whitelist of allowed directories.
> +Furthermore git-service takes the parameter @var{port}, which defaults to 9418.
> +Run @command{man git daemon} for information about the options.
> +
> +@end deffn
> +
>  @node Various Services
>  @subsubsection Various Services
>  
> diff --git a/gnu/local.mk b/gnu/local.mk
> index d75ab54..9220d06 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -390,6 +390,7 @@ GNU_SYSTEM_MODULES =				\
>    %D%/services/herd.scm				\
>    %D%/services/spice.scm				\
>    %D%/services/ssh.scm				\
> +  %D%/services/version-control.scm              \
>    %D%/services/web.scm				\
>    %D%/services/xorg.scm				\
>  						\
> diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
> new file mode 100644
> index 0000000..5578003
> --- /dev/null
> +++ b/gnu/services/version-control.scm
> @@ -0,0 +1,196 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu services version-control)
> +  #:use-module (gnu services)
> +  #:use-module (gnu services base)
> +  #:use-module (gnu services shepherd)
> +  #:use-module (gnu system shadow)
> +  #:use-module (gnu packages version-control)
> +  #:use-module (gnu packages admin)
> +  #:use-module (guix records)
> +  #:use-module (guix gexp)
> +  #:use-module (srfi srfi-1)
> +  #:use-module (ice-9 match)
> +  #:export (git-service
> +            git-service-type
> +            git-configuration
> +            git-configuration?
> +            git-configuration-git
> +            git-configuration-port
> +            git-configuration-base-directory
> +            git-configuration-pid-file
> +            git-configuration-max-connections
> +            git-configuration-user-directory
> +            git-configuration-directory))
> +
> +;;; Commentary:
> +;;;
> +;;; Version Control related services.
> +;;;
> +;;; Code:
> +
> +\f
> +;;;
> +;;; git
> +;;;
> +
> +(define-record-type* <git-configuration> git-configuration
> +  make-git-configuration
> +  git-configuration?
> +  (git              git-configuration-git  ;package
> +                    (default git))
> +  (pid-file?        git-configuration-pid-file) ;string
> +  (base-directory   git-configuration-base-directory) ;string
> +  (user-directory?  git-configuration-user-directory) ;string
> +  (directory?       git-configuration-directory) ;string
> +  (max-connections  git-configuration-max-connections) ;number
> +  (port             git-configuration-port)) ;number
> +
> +(define (git-shepherd-service config)
> +  "Return a <shepherd-service> for git with CONFIG."
> +  (define git (git-configuration-git config))
> +
> +  ;; Comments do not list all the features available, but the commented ones are
> +  ;; features which are a TODO for this service.
> +  (define git-command
> +    #~(list
> +       (string-append #$git "/bin/git") "daemon"
> +
> +       ;; Log to syslog instead of stderr. Note that this option does not imply
> +       ;; --verbose, thus by default only error conditions will be logged.
> +       "--syslog"
> +
> +       ;; Convenient for clients, but may leak information about the existence of
> +       ;; unexported repositories.  When informative errors are not enabled, all
> +       ;; errors report "access denied" to the client.
> +       "--no-informative-errors"
> +
> +       ;; Use SO_REUSEADDR when binding the listening socket.  This allows the
> +       ;; server to restart without waiting for old connections to time out.
> +       "--reuseaddr"
> +
> +       ;; A directory to add to the whitelist of allowed directories. Unless
> +       ;; --strict-paths is specified this will also include subdirectories of
> +       ;; each named directory.
> +       ;; --directory
> +       ;; TODO: Add the option to add multiple occurences of --directory
> +       (if (git-configuration-directory? config)
> +           (string-append "--directory=" #$(git-configuration-directory config))
> +           "")
> +
> +       ;; --interpolated-path=<pathtemplate>
> +       ;; To support virtual hosting, an interpolated path template can be used to
> +       ;; dynamically construct alternate paths. The template supports %H for the target
> +       ;; hostname as supplied by the client but converted to all lowercase,
> +       ;; %CH for the canonical hostname, %IP for the server’s IP address,
> +       ;; %P for the port number, and %D for the absolute path of the named repository.
> +       ;; After interpolation, the path is validated against the directory whitelist.
> +
> +       ;; --export-all
> +       ;; Allow pulling from all directories that look like Git repositories (have the
> +       ;; objects and refs subdirectories), even if they do not have the git-daemon-export-ok
> +       ;; file.
> +
> +       ;; --listen=<host_or_ipaddr>
> +       ;; Listen on a specific IP address or hostname. IP addresses can be either an IPv4
> +       ;; address or an IPv6 address if supported. If IPv6 is not supported, then
> +       ;; --listen=hostname is also not supported and --listen must be given an IPv4 address.
> +       ;; Can be given more than once. Incompatible with --inetd option.
> +
> +       ;; Maximum number of concurrent clients, defaults to 32. Set it to zero for no limit.
> +       (string-append "--max-connections=" #$(number->string
> +                                              (git-configuration-max-connections config)))
> +
> +       ;; --user-path, --user-path=<path>
> +       ;; Allow ~user notation to be used in requests. When specified with no parameter,
> +       ;; requests to git://host/~alice/foo is taken as a request to access foo repository
> +       ;; in the home directory of user alice. If --user-path=path is specified, the same
> +       ;; request is taken as a request to access path/foo repository in the home
> +       ;; directory of user alice.
> +       (if (git-configuration-user-directory? config)
> +           "--user-path" "")
> +
> +       ;; Save the process id in file. Ignored when the daemon is run under --inetd.
> +       (if (git-configuration-pid-file? config)
> +           (string-append "--pid-file=" #$(git-configuration-pid-file config))
> +           "")
> +       (string-append "--port=" #$(number->string (git-configuration-port config)))
> +       (string-append "--base-path=" #$(git-configuration-base-directory config))))
> +
> +  (define requires
> +    '(networking syslogd))
> +
> +  (list (shepherd-service
> +         (documentation "Git daemon server for git repositories")
> +         (requirement requires)
> +         (provision '(git))
> +         (start #~(make-forkexec-constructor #$git-command))
> +         (stop #~(make-kill-destructor)))))
> +
> +(define %git-accounts
> +  ;; User account and groups for git-daemon.
> +  (list (user-group
> +         (name "git")
> +         (system? #t))
> +        (user-account
> +         (name "git")
> +         (system? #t)
> +         (group "git")
> +         (comment "Shepherd created user for the git-daemon service")
> +         (home-directory "/var/git")
> +         (shell #~(string-append #$shadow "/bin/git-shell")))))
> +
> +(define (git-activation config)
> +  "Return the activation gexp for CONFIG."
> +  #~(begin (use-modules (guix build utils))
> +           ;; Create the default base-directory, see `man git daemon'.
> +           (mkdir-p "/var/git/repositories")))
> +
> +(define git-service-type
> +  (service-type (name 'git)
> +   (extensions
> +    (list (service-extension shepherd-root-service-type
> +                             git-shepherd-service)
> +          (service-extension activation-service-type
> +                             git-activation)))))
> +
> +(define* (git-service #:key
> +                      (git git)
> +                      (base-directory "/var/git/repositories")
> +                      (user-directory? #f)
> +                      (user-directory? "")
> +                      (directory? #f)
> +                      (directory "")
> +                      (port 9418)
> +                      (pid-file? #t)
> +                      (pid-file "/var/run/git-daemon.pid")
> +                      (max-connections 32))
> +  "Return a service that runs @url{https://git-scm.org,git} as a daemon.
> +The daemon will listen on the port specified in @var{port}.
> +In addition, @var{base-path} specifies the path which will repositories
> +which can be exported by adding 'git-daemon-export-ok' files to them."
> +  (service git-service-type
> +           (git-configuration
> +            (git git)
> +            (base-directory base-directory)
> +            (user-directory? user-directory?)
> +            (directory? directory?)
> +            (port port)
> +            (pid-file? pid-file?)
> +            (max-connections max-connections))))
> -- 
> 2.9.3
>
>
> -- 
> ng0
> For non-prism friendly talk find me on http://www.psyced.org

-- 
              ng0