From 2652e5515c84505c63072309f3b3e7837649cdb9 Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Wed, 25 Aug 2021 03:00:44 +0200
Subject: [PATCH 2/3] gnu: gitolite: Add unsafe-patt configuration option.

* gnu/services/version-control.scm (gitolite-rc-file): Add unsafe-patt
field.
(gitolite-rc-file-compiler): Write it.
* doc/guix.texi (Version Control Services): Document it.
---
 doc/guix.texi                    | 9 +++++++++
 gnu/services/version-control.scm | 8 +++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index a826171f34..29a2fffdfd 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -31426,6 +31426,15 @@ A value like @code{#o0027} will give read access to the group used by Gitolite
 (by default: @code{git}).  This is necessary when using Gitolite with software
 like cgit or gitweb.
 
+@item @code{unsafe-patt} (default: @code{#f})
+An optional pattern for catching unsafe configurations in the configuration
+file.  See
+@uref{https://gitolite.com/gitolite/git-config.html#compensating-for-unsafe_patt,
+Gitolite's documentation} for more information.
+
+When the value is not @code{#f}, it should be a string containing a Perl
+regular expression, such as @samp{"[`~#\$\&()|;<>]"}.
+
 @item @code{git-config-keys} (default: @code{""})
 Gitolite allows you to set git config values using the @samp{config}
 keyword.  This setting allows control over the config keys to accept.
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 8cb5633165..d0ac2e4a18 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -54,6 +54,7 @@
             <gitolite-rc-file>
             gitolite-rc-file
             gitolite-rc-file-umask
+            gitolite-rc-file-unsafe-patt
             gitolite-rc-file-git-config-keys
             gitolite-rc-file-roles
             gitolite-rc-file-enable
@@ -226,6 +227,8 @@ access to exported repositories under @file{/srv/git}."
   gitolite-rc-file?
   (umask           gitolite-rc-file-umask
                    (default #o0077))
+  (unsafe-patt     gitolite-rc-file-unsafe-patt
+                   (default #f))
   (git-config-keys gitolite-rc-file-git-config-keys
                    (default ""))
   (roles           gitolite-rc-file-roles
@@ -245,7 +248,7 @@ access to exported repositories under @file{/srv/git}."
 (define-gexp-compiler (gitolite-rc-file-compiler
                        (file <gitolite-rc-file>) system target)
   (match file
-    (($ <gitolite-rc-file> umask git-config-keys roles enable)
+    (($ <gitolite-rc-file> umask unsafe-patt git-config-keys roles enable)
      (apply text-file* "gitolite.rc"
       `("%RC = (\n"
         "    UMASK => " ,(format #f "~4,'0o" umask) ",\n"
@@ -264,6 +267,9 @@ access to exported repositories under @file{/srv/git}."
         "    ],\n"
         ");\n"
         "\n"
+        ,(if unsafe-patt
+             (string-append "$UNSAFE_PATT = qr(" unsafe-patt ");")
+             "")
         "1;\n")))))
 
 (define-record-type* <gitolite-configuration>
-- 
2.32.0