From: Julien Lepiller <julien@lepiller.eu>
To: "Nguyễn Gia Phong" <mcsinyx@disroot.org>
Cc: "Ludovic Courtès" <ludo@gnu.org>,
"Maxim Cournoyer" <maxim.cournoyer@gmail.com>,
71143@debbugs.gnu.org, "Matthew Trzcinski" <matt@excalamus.com>,
"Florian Pelz" <pelzflorian@pelzflorian.de>
Subject: [bug#71143] [PATCH v2] services: gitile: Opt out of Git safe dir check.
Date: Fri, 24 May 2024 07:28:28 +0200 [thread overview]
Message-ID: <20240524072828.4868b031@lepiller.eu> (raw)
In-Reply-To: <854ccfeb2cf910eda609a026e865b595e64e0cc4.1716460093.git.mcsinyx@disroot.org>
Hi,
I think it would be better if we had safe-directory = repositories,
instead of *. Otherwise, looks good.
It seems I cheated on my server and rewrote the service to use user
"git" instead, which owns the repositories.
Le Thu, 23 May 2024 19:28:13 +0900,
guix-patches--- via <guix-patches@gnu.org> a écrit :
> * gnu/services/version-control.scm (gitile-configuration):
> Add home-directory field for Git configuration file. It also stores
> Gitile's database, so remove the (now redundant) database field.
> * gnu/services/version-control.scm (%gitile-accounts): Move to
> gitile-accounts.
> * gnu/services/version-control.scm (gitile-accounts): Add configurable
> home directory.
> * doc/gnu.texi (Gitile Service): Document it.
> * gnu/services/version-control.scm (gitile-activation): New function
> creating Git config file for user gitile setting safe.directory
> to * (all directories), so libgit parses directories not owned
> by gitile user in gitile-configuration-repositories.
>
> Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
> ---
> I accidentally staged the record export hunk to another commit.
> doc/guix.texi | 4 +--
> gnu/services/version-control.scm | 48
> +++++++++++++++++++------------- 2 files changed, 30 insertions(+),
> 22 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 8073e3f6d496..ba12f249a98b 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -38981,8 +38981,8 @@ Version Control Services
> @item @code{port} (default: @code{8080})
> The port on which gitile is listening.
>
> -@item @code{database} (default:
> @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database.
> +@item @code{home-directory} (default: @code{"/var/lib/gitile"})
> +Directory in which to store the Gitile database.
>
> @item @code{repositories} (default:
> @code{"/var/lib/gitolite/repositories"}) The location of the
> repositories. Note that only public repositories will diff --git
> a/gnu/services/version-control.scm b/gnu/services/version-control.scm
> index 14ff0a59a6b0..7fedd7327d6e 100644 ---
> a/gnu/services/version-control.scm +++
> b/gnu/services/version-control.scm @@ -68,7 +68,7 @@ (define-module
> (gnu services version-control) gitile-configuration-package
> gitile-configuration-host
> gitile-configuration-port
> - gitile-configuration-database
> + gitile-configuration-home-directory
> gitile-configuration-repositories
> gitile-configuration-git-base-url
> gitile-configuration-index-title
> @@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
> (default "127.0.0.1"))
> (port gitile-configuration-port
> (default 8080))
> - (database gitile-configuration-database
> - (default "/var/lib/gitile/gitile-db.sql"))
> + (home-directory gitile-configuration-home-directory
> + (default "/var/lib/gitile"))
> (repositories gitile-configuration-repositories
> (default "/var/lib/gitolite/repositories"))
> (base-git-url gitile-configuration-base-git-url)
> @@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
> (default '()))
> (nginx gitile-configuration-nginx))
>
> -(define (gitile-config-file host port database repositories
> base-git-url +(define (gitile-config-file host port home-directory
> repositories base-git-url index-title intro footer)
> (define build
> #~(write `(config
> (port #$port)
> (host #$host)
> - (database #$database)
> + (database #$(string-append home-directory
> "/gitile-db.sql")) (repositories #$repositories)
> (base-git-url #$base-git-url)
> (index-title #$index-title)
> @@ -459,9 +459,14 @@ (define (gitile-config-file host port database
> repositories base-git-url
> (computed-file "gitile.conf" build))
>
> +(define (gitile-activation config)
> + (match-record config <gitile-configuration> (home-directory)
> + #~(with-output-to-file #$(string-append home-directory
> "/.gitconfig")
> + (lambda () (display "[safe]\n directory = *\n")))))
> +
> (define gitile-nginx-server-block
> (match-lambda
> - (($ <gitile-configuration> package host port database
> repositories
> + (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
> (list (nginx-server-configuration
> (inherit nginx)
> @@ -487,7 +492,7 @@ (define gitile-nginx-server-block
>
> (define gitile-shepherd-service
> (match-lambda
> - (($ <gitile-configuration> package host port database
> repositories
> + (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
> (list (shepherd-service
> (provision '(gitile))
> @@ -496,7 +501,7 @@ (define gitile-shepherd-service
> (start (let ((gitile (file-append package
> "/bin/gitile"))) #~(make-forkexec-constructor
> `(,#$gitile "-c" #$(gitile-config-file
> - host port database
> + host port
> home-directory repositories
> base-git-url
> index-title intro footer))
> @@ -504,17 +509,18 @@ (define gitile-shepherd-service
> #:group "git")))
> (stop #~(make-kill-destructor)))))))
>
> -(define %gitile-accounts
> - (list (user-group
> - (name "git")
> - (system? #t))
> - (user-account
> - (name "gitile")
> - (group "git")
> - (system? #t)
> - (comment "Gitile user")
> - (home-directory "/var/empty")
> - (shell (file-append shadow "/sbin/nologin")))))
> +(define (gitile-accounts config)
> + (match-record config <gitile-configuration> (home-directory)
> + (list (user-group
> + (name "git")
> + (system? #t))
> + (user-account
> + (name "gitile")
> + (group "git")
> + (system? #t)
> + (comment "Gitile user")
> + (home-directory home-directory)
> + (shell (file-append shadow "/sbin/nologin"))))))
>
> (define gitile-service-type
> (service-type
> @@ -523,7 +529,9 @@ (define gitile-service-type
> on the web.")
> (extensions
> (list (service-extension account-service-type
> - (const %gitile-accounts))
> + gitile-accounts)
> + (service-extension activation-service-type
> + gitile-activation)
> (service-extension shepherd-root-service-type
> gitile-shepherd-service)
> (service-extension nginx-service-type
>
> base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
next prev parent reply other threads:[~2024-05-24 5:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-23 10:19 [bug#71143] [PATCH] services: gitile: Opt out of Git safe dir check guix-patches--- via
2024-05-23 10:28 ` [bug#71143] [PATCH v2] " guix-patches--- via
2024-05-24 5:28 ` Julien Lepiller [this message]
2024-05-26 12:11 ` guix-patches--- via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240524072828.4868b031@lepiller.eu \
--to=julien@lepiller.eu \
--cc=71143@debbugs.gnu.org \
--cc=ludo@gnu.org \
--cc=matt@excalamus.com \
--cc=maxim.cournoyer@gmail.com \
--cc=mcsinyx@disroot.org \
--cc=pelzflorian@pelzflorian.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).