* bug#26717: Avoid references to the store in authorized_keys
@ 2017-04-30 16:30 Clément Lassieur
2017-04-30 16:32 ` bug#26717: [PATCH] gnu: gitolite: " Clément Lassieur
0 siblings, 1 reply; 6+ messages in thread
From: Clément Lassieur @ 2017-04-30 16:30 UTC (permalink / raw)
To: 26717
Note that if gitolite is already installed, one has to remove the
references from authorized_keys manually first, because otherwise the
old (bugged) gitolite will be used instead of the one in the PATH, and
authorized_keys will never be updated.
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#26717: [PATCH] gnu: gitolite: Avoid references to the store in authorized_keys.
2017-04-30 16:30 bug#26717: Avoid references to the store in authorized_keys Clément Lassieur
@ 2017-04-30 16:32 ` Clément Lassieur
2017-04-30 19:31 ` ng0
0 siblings, 1 reply; 6+ messages in thread
From: Clément Lassieur @ 2017-04-30 16:32 UTC (permalink / raw)
To: 26717
* gnu/packages/version-control.scm (gitolite)[arguments]: Substitute
'$glshell' with 'gitolite-shell' in ssh-authkeys.
---
gnu/packages/version-control.scm | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index e0770dc58..1cad0f285 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -628,7 +628,13 @@ also walk each side of a merge and test those changes individually.")
;; invokes Perl.
(substitute* (find-files "." ".*")
((" perl -")
- (string-append " " perl " -"))))))
+ (string-append " " perl " -")))
+
+ ;; Avoid references to the store in authorized_keys.
+ ;; This works because gitolite-shell is in the PATH.
+ (substitute* "src/triggers/post-compile/ssh-authkeys"
+ (("\\$glshell \\$user")
+ "gitolite-shell $user")))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((output (assoc-ref outputs "out"))
--
2.12.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* bug#26717: [PATCH] gnu: gitolite: Avoid references to the store in authorized_keys.
2017-04-30 16:32 ` bug#26717: [PATCH] gnu: gitolite: " Clément Lassieur
@ 2017-04-30 19:31 ` ng0
2017-04-30 21:57 ` Clément Lassieur
2017-05-03 19:47 ` Clément Lassieur
0 siblings, 2 replies; 6+ messages in thread
From: ng0 @ 2017-04-30 19:31 UTC (permalink / raw)
To: Clément Lassieur; +Cc: 26717
Clément Lassieur transcribed 1.3K bytes:
> * gnu/packages/version-control.scm (gitolite)[arguments]: Substitute
> '$glshell' with 'gitolite-shell' in ssh-authkeys.
> ---
> gnu/packages/version-control.scm | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
> index e0770dc58..1cad0f285 100644
> --- a/gnu/packages/version-control.scm
> +++ b/gnu/packages/version-control.scm
> @@ -628,7 +628,13 @@ also walk each side of a merge and test those changes individually.")
> ;; invokes Perl.
> (substitute* (find-files "." ".*")
> ((" perl -")
> - (string-append " " perl " -"))))))
> + (string-append " " perl " -")))
> +
> + ;; Avoid references to the store in authorized_keys.
> + ;; This works because gitolite-shell is in the PATH.
> + (substitute* "src/triggers/post-compile/ssh-authkeys"
> + (("\\$glshell \\$user")
> + "gitolite-shell $user")))))
> (replace 'install
> (lambda* (#:key outputs #:allow-other-keys)
> (let* ((output (assoc-ref outputs "out"))
> --
> 2.12.2
>
>
>
>
This looks good. I have yet to test it. Do you think we could fix the hook files of gitolite like this too?
--
https://pragmatique.xyz
PGP: https://people.pragmatique.xyz/ng0/
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#26717: [PATCH] gnu: gitolite: Avoid references to the store in authorized_keys.
2017-04-30 19:31 ` ng0
@ 2017-04-30 21:57 ` Clément Lassieur
2017-05-04 8:50 ` Clément Lassieur
2017-05-03 19:47 ` Clément Lassieur
1 sibling, 1 reply; 6+ messages in thread
From: Clément Lassieur @ 2017-04-30 21:57 UTC (permalink / raw)
To: ng0; +Cc: 26717
ng0 <contact.ng0@cryptolab.net> writes:
> Clément Lassieur transcribed 1.3K bytes:
>> * gnu/packages/version-control.scm (gitolite)[arguments]: Substitute
>> '$glshell' with 'gitolite-shell' in ssh-authkeys.
>> ---
>> gnu/packages/version-control.scm | 8 +++++++-
>> 1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
>> index e0770dc58..1cad0f285 100644
>> --- a/gnu/packages/version-control.scm
>> +++ b/gnu/packages/version-control.scm
>> @@ -628,7 +628,13 @@ also walk each side of a merge and test those changes individually.")
>> ;; invokes Perl.
>> (substitute* (find-files "." ".*")
>> ((" perl -")
>> - (string-append " " perl " -"))))))
>> + (string-append " " perl " -")))
>> +
>> + ;; Avoid references to the store in authorized_keys.
>> + ;; This works because gitolite-shell is in the PATH.
>> + (substitute* "src/triggers/post-compile/ssh-authkeys"
>> + (("\\$glshell \\$user")
>> + "gitolite-shell $user")))))
>> (replace 'install
>> (lambda* (#:key outputs #:allow-other-keys)
>> (let* ((output (assoc-ref outputs "out"))
>> --
>> 2.12.2
>>
>>
>>
>>
>
> This looks good. I have yet to test it. Do you think we could fix the hook files of gitolite like this too?
Well, I don't think so because the mechanism used in hooks is different:
the reference to the store is in the shebang and shebangs need absolute
paths, they don't look at PATH. We could use 'env' though, as suggested
by Marius here:
http://lists.gnu.org/archive/html/guix-patches/2017-03/msg00339.html.
As in:
#!/run/current-system/profile/bin/env perl
Assuming /run/current-system/profile/bin/env exists on all possible
setups. WDYT?
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#26717: [PATCH] gnu: gitolite: Avoid references to the store in authorized_keys.
2017-04-30 19:31 ` ng0
2017-04-30 21:57 ` Clément Lassieur
@ 2017-05-03 19:47 ` Clément Lassieur
1 sibling, 0 replies; 6+ messages in thread
From: Clément Lassieur @ 2017-05-03 19:47 UTC (permalink / raw)
To: ng0; +Cc: 26717-done
ng0 <contact.ng0@cryptolab.net> writes:
> Clément Lassieur transcribed 1.3K bytes:
>> * gnu/packages/version-control.scm (gitolite)[arguments]: Substitute
>> '$glshell' with 'gitolite-shell' in ssh-authkeys.
>> ---
>> gnu/packages/version-control.scm | 8 +++++++-
>> 1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
>> index e0770dc58..1cad0f285 100644
>> --- a/gnu/packages/version-control.scm
>> +++ b/gnu/packages/version-control.scm
>> @@ -628,7 +628,13 @@ also walk each side of a merge and test those changes individually.")
>> ;; invokes Perl.
>> (substitute* (find-files "." ".*")
>> ((" perl -")
>> - (string-append " " perl " -"))))))
>> + (string-append " " perl " -")))
>> +
>> + ;; Avoid references to the store in authorized_keys.
>> + ;; This works because gitolite-shell is in the PATH.
>> + (substitute* "src/triggers/post-compile/ssh-authkeys"
>> + (("\\$glshell \\$user")
>> + "gitolite-shell $user")))))
>> (replace 'install
>> (lambda* (#:key outputs #:allow-other-keys)
>> (let* ((output (assoc-ref outputs "out"))
>> --
>> 2.12.2
>>
>>
>>
>>
>
> This looks good. I have yet to test it. Do you think we could fix the hook files of gitolite like this too?
Thank you :) I pushed it.
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#26717: [PATCH] gnu: gitolite: Avoid references to the store in authorized_keys.
2017-04-30 21:57 ` Clément Lassieur
@ 2017-05-04 8:50 ` Clément Lassieur
0 siblings, 0 replies; 6+ messages in thread
From: Clément Lassieur @ 2017-05-04 8:50 UTC (permalink / raw)
To: ng0; +Cc: 26717
Clément Lassieur <clement@lassieur.org> writes:
> ng0 <contact.ng0@cryptolab.net> writes:
>> This looks good. I have yet to test it. Do you think we could fix the hook files of gitolite like this too?
>
> Well, I don't think so because the mechanism used in hooks is different:
> the reference to the store is in the shebang and shebangs need absolute
> paths, they don't look at PATH. We could use 'env' though, as suggested
> by Marius here:
> http://lists.gnu.org/archive/html/guix-patches/2017-03/msg00339.html.
> As in:
>
> #!/run/current-system/profile/bin/env perl
>
> Assuming /run/current-system/profile/bin/env exists on all possible
> setups. WDYT?
This won't work on a non-GuixSD OS. I can't find a simple solution.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-05-04 8:51 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-30 16:30 bug#26717: Avoid references to the store in authorized_keys Clément Lassieur
2017-04-30 16:32 ` bug#26717: [PATCH] gnu: gitolite: " Clément Lassieur
2017-04-30 19:31 ` ng0
2017-04-30 21:57 ` Clément Lassieur
2017-05-04 8:50 ` Clément Lassieur
2017-05-03 19:47 ` Clément Lassieur
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).