From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55791)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d4uZj-0001mg-PD
	for guix-patches@gnu.org; Sun, 30 Apr 2017 15:32:11 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d4uZe-0008PR-Qw
	for guix-patches@gnu.org; Sun, 30 Apr 2017 15:32:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:49865)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1d4uZe-0008PF-FZ
	for guix-patches@gnu.org; Sun, 30 Apr 2017 15:32:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d4uZe-0000uw-6j
	for guix-patches@gnu.org; Sun, 30 Apr 2017 15:32:02 -0400
Subject: bug#26717: [PATCH] gnu: gitolite: Avoid references to the store in
	authorized_keys.
Resent-Message-ID: <handler.26717.B26717.14935806953493@debbugs.gnu.org>
Date: Sun, 30 Apr 2017 19:31:17 +0000
From: ng0 <contact.ng0@cryptolab.net>
Message-ID: <20170430193117.setdri6ykdbbmza3@abyayala>
References: <87wpa1q2po.fsf@lassieur.org>
	<20170430163244.2830-1-clement@lassieur.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20170430163244.2830-1-clement@lassieur.org>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
Cc: 26717@debbugs.gnu.org

Clément Lassieur transcribed 1.3K bytes:
> * gnu/packages/version-control.scm (gitolite)[arguments]: Substitute
> '$glshell' with 'gitolite-shell' in ssh-authkeys.
> ---
>  gnu/packages/version-control.scm | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
> index e0770dc58..1cad0f285 100644
> --- a/gnu/packages/version-control.scm
> +++ b/gnu/packages/version-control.scm
> @@ -628,7 +628,13 @@ also walk each side of a merge and test those changes individually.")
>                          ;; invokes Perl.
>                          (substitute* (find-files "." ".*")
>                            ((" perl -")
> -                           (string-append " " perl " -"))))))
> +                           (string-append " " perl " -")))
> +
> +                        ;; Avoid references to the store in authorized_keys.
> +                        ;; This works because gitolite-shell is in the PATH.
> +                        (substitute* "src/triggers/post-compile/ssh-authkeys"
> +                          (("\\$glshell \\$user")
> +                           "gitolite-shell $user")))))
>                    (replace 'install
>                      (lambda* (#:key outputs #:allow-other-keys)
>                        (let* ((output (assoc-ref outputs "out"))
> -- 
> 2.12.2
> 
> 
> 
> 

This looks good. I have yet to test it. Do you think we could fix the hook files of gitolite like this too?
-- 
https://pragmatique.xyz
PGP: https://people.pragmatique.xyz/ng0/