From 2652e5515c84505c63072309f3b3e7837649cdb9 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Wed, 25 Aug 2021 03:00:44 +0200 Subject: [PATCH 2/3] gnu: gitolite: Add unsafe-patt configuration option. * gnu/services/version-control.scm (gitolite-rc-file): Add unsafe-patt field. (gitolite-rc-file-compiler): Write it. * doc/guix.texi (Version Control Services): Document it. --- doc/guix.texi | 9 +++++++++ gnu/services/version-control.scm | 8 +++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index a826171f34..29a2fffdfd 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -31426,6 +31426,15 @@ A value like @code{#o0027} will give read access to the group used by Gitolite (by default: @code{git}). This is necessary when using Gitolite with software like cgit or gitweb. +@item @code{unsafe-patt} (default: @code{#f}) +An optional pattern for catching unsafe configurations in the configuration +file. See +@uref{https://gitolite.com/gitolite/git-config.html#compensating-for-unsafe_patt, +Gitolite's documentation} for more information. + +When the value is not @code{#f}, it should be a string containing a Perl +regular expression, such as @samp{"[`~#\$\&()|;<>]"}. + @item @code{git-config-keys} (default: @code{""}) Gitolite allows you to set git config values using the @samp{config} keyword. This setting allows control over the config keys to accept. diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index 8cb5633165..d0ac2e4a18 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -54,6 +54,7 @@ gitolite-rc-file gitolite-rc-file-umask + gitolite-rc-file-unsafe-patt gitolite-rc-file-git-config-keys gitolite-rc-file-roles gitolite-rc-file-enable @@ -226,6 +227,8 @@ access to exported repositories under @file{/srv/git}." gitolite-rc-file? (umask gitolite-rc-file-umask (default #o0077)) + (unsafe-patt gitolite-rc-file-unsafe-patt + (default #f)) (git-config-keys gitolite-rc-file-git-config-keys (default "")) (roles gitolite-rc-file-roles @@ -245,7 +248,7 @@ access to exported repositories under @file{/srv/git}." (define-gexp-compiler (gitolite-rc-file-compiler (file ) system target) (match file - (($ umask git-config-keys roles enable) + (($ umask unsafe-patt git-config-keys roles enable) (apply text-file* "gitolite.rc" `("%RC = (\n" " UMASK => " ,(format #f "~4,'0o" umask) ",\n" @@ -264,6 +267,9 @@ access to exported repositories under @file{/srv/git}." " ],\n" ");\n" "\n" + ,(if unsafe-patt + (string-append "$UNSAFE_PATT = qr(" unsafe-patt ");") + "") "1;\n"))))) (define-record-type* -- 2.32.0