* [bug#71143] [PATCH] services: gitile: Opt out of Git safe dir check.
@ 2024-05-23 10:19 guix-patches--- via
2024-05-23 10:28 ` [bug#71143] [PATCH v2] " guix-patches--- via
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: guix-patches--- via @ 2024-05-23 10:19 UTC (permalink / raw)
To: 71143
Cc: Nguyễn Gia Phong, Florian Pelz, Ludovic Courtès,
Matthew Trzcinski, Maxim Cournoyer
* gnu/services/version-control.scm (gitile-configuration):
Add home-directory field for Git configuration file. It also stores
Gitile's database, so remove the (now redundant) database field.
* gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts.
* gnu/services/version-control.scm (gitile-accounts): Add configurable
home directory.
* doc/gnu.texi (Gitile Service): Document it.
* gnu/services/version-control.scm (gitile-activation): New function
creating Git config file for user gitile setting safe.directory
to * (all directories), so libgit parses directories not owned
by gitile user in gitile-configuration-repositories.
Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
---
doc/guix.texi | 4 +--
gnu/services/version-control.scm | 46 +++++++++++++++++++-------------
2 files changed, 29 insertions(+), 21 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8073e3f6d496..ba12f249a98b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -38981,8 +38981,8 @@ Version Control Services
@item @code{port} (default: @code{8080})
The port on which gitile is listening.
-@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"})
-The location of the database.
+@item @code{home-directory} (default: @code{"/var/lib/gitile"})
+Directory in which to store the Gitile database.
@item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"})
The location of the repositories. Note that only public repositories will
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 14ff0a59a6b0..00ca7b600efc 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
(default "127.0.0.1"))
(port gitile-configuration-port
(default 8080))
- (database gitile-configuration-database
- (default "/var/lib/gitile/gitile-db.sql"))
+ (home-directory gitile-configuration-home-directory
+ (default "/var/lib/gitile"))
(repositories gitile-configuration-repositories
(default "/var/lib/gitolite/repositories"))
(base-git-url gitile-configuration-base-git-url)
@@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
(default '()))
(nginx gitile-configuration-nginx))
-(define (gitile-config-file host port database repositories base-git-url
+(define (gitile-config-file host port home-directory repositories base-git-url
index-title intro footer)
(define build
#~(write `(config
(port #$port)
(host #$host)
- (database #$database)
+ (database #$(string-append home-directory "/gitile-db.sql"))
(repositories #$repositories)
(base-git-url #$base-git-url)
(index-title #$index-title)
@@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url
(computed-file "gitile.conf" build))
+(define (gitile-activation config)
+ (match-record config <gitile-configuration> (home-directory)
+ #~(with-output-to-file #$(string-append home-directory "/.gitconfig")
+ (lambda () (display "[safe]\n directory = *\n")))))
+
(define gitile-nginx-server-block
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (nginx-server-configuration
(inherit nginx)
@@ -487,7 +492,7 @@ (define gitile-nginx-server-block
(define gitile-shepherd-service
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (shepherd-service
(provision '(gitile))
@@ -496,7 +501,7 @@ (define gitile-shepherd-service
(start (let ((gitile (file-append package "/bin/gitile")))
#~(make-forkexec-constructor
`(,#$gitile "-c" #$(gitile-config-file
- host port database
+ host port home-directory
repositories
base-git-url index-title
intro footer))
@@ -504,17 +509,18 @@ (define gitile-shepherd-service
#:group "git")))
(stop #~(make-kill-destructor)))))))
-(define %gitile-accounts
- (list (user-group
- (name "git")
- (system? #t))
- (user-account
- (name "gitile")
- (group "git")
- (system? #t)
- (comment "Gitile user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
+(define (gitile-accounts config)
+ (match-record config <gitile-configuration> (home-directory)
+ (list (user-group
+ (name "git")
+ (system? #t))
+ (user-account
+ (name "gitile")
+ (group "git")
+ (system? #t)
+ (comment "Gitile user")
+ (home-directory home-directory)
+ (shell (file-append shadow "/sbin/nologin"))))))
(define gitile-service-type
(service-type
@@ -523,7 +529,9 @@ (define gitile-service-type
on the web.")
(extensions
(list (service-extension account-service-type
- (const %gitile-accounts))
+ gitile-accounts)
+ (service-extension activation-service-type
+ gitile-activation)
(service-extension shepherd-root-service-type
gitile-shepherd-service)
(service-extension nginx-service-type
base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [bug#71143] [PATCH v2] services: gitile: Opt out of Git safe dir check.
2024-05-23 10:19 [bug#71143] [PATCH] services: gitile: Opt out of Git safe dir check guix-patches--- via
@ 2024-05-23 10:28 ` guix-patches--- via
2024-05-24 5:28 ` Julien Lepiller
2024-05-26 12:11 ` guix-patches--- via
2024-08-05 8:11 ` [bug#71143] [PATCH] " Evgeny Pisemsky
2 siblings, 1 reply; 5+ messages in thread
From: guix-patches--- via @ 2024-05-23 10:28 UTC (permalink / raw)
To: 71143
Cc: Nguyễn Gia Phong, Florian Pelz, Ludovic Courtès,
Matthew Trzcinski, Maxim Cournoyer
* gnu/services/version-control.scm (gitile-configuration):
Add home-directory field for Git configuration file. It also stores
Gitile's database, so remove the (now redundant) database field.
* gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts.
* gnu/services/version-control.scm (gitile-accounts): Add configurable
home directory.
* doc/gnu.texi (Gitile Service): Document it.
* gnu/services/version-control.scm (gitile-activation): New function
creating Git config file for user gitile setting safe.directory
to * (all directories), so libgit parses directories not owned
by gitile user in gitile-configuration-repositories.
Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
---
I accidentally staged the record export hunk to another commit.
doc/guix.texi | 4 +--
gnu/services/version-control.scm | 48 +++++++++++++++++++-------------
2 files changed, 30 insertions(+), 22 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8073e3f6d496..ba12f249a98b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -38981,8 +38981,8 @@ Version Control Services
@item @code{port} (default: @code{8080})
The port on which gitile is listening.
-@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"})
-The location of the database.
+@item @code{home-directory} (default: @code{"/var/lib/gitile"})
+Directory in which to store the Gitile database.
@item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"})
The location of the repositories. Note that only public repositories will
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 14ff0a59a6b0..7fedd7327d6e 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -68,7 +68,7 @@ (define-module (gnu services version-control)
gitile-configuration-package
gitile-configuration-host
gitile-configuration-port
- gitile-configuration-database
+ gitile-configuration-home-directory
gitile-configuration-repositories
gitile-configuration-git-base-url
gitile-configuration-index-title
@@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
(default "127.0.0.1"))
(port gitile-configuration-port
(default 8080))
- (database gitile-configuration-database
- (default "/var/lib/gitile/gitile-db.sql"))
+ (home-directory gitile-configuration-home-directory
+ (default "/var/lib/gitile"))
(repositories gitile-configuration-repositories
(default "/var/lib/gitolite/repositories"))
(base-git-url gitile-configuration-base-git-url)
@@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
(default '()))
(nginx gitile-configuration-nginx))
-(define (gitile-config-file host port database repositories base-git-url
+(define (gitile-config-file host port home-directory repositories base-git-url
index-title intro footer)
(define build
#~(write `(config
(port #$port)
(host #$host)
- (database #$database)
+ (database #$(string-append home-directory "/gitile-db.sql"))
(repositories #$repositories)
(base-git-url #$base-git-url)
(index-title #$index-title)
@@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url
(computed-file "gitile.conf" build))
+(define (gitile-activation config)
+ (match-record config <gitile-configuration> (home-directory)
+ #~(with-output-to-file #$(string-append home-directory "/.gitconfig")
+ (lambda () (display "[safe]\n directory = *\n")))))
+
(define gitile-nginx-server-block
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (nginx-server-configuration
(inherit nginx)
@@ -487,7 +492,7 @@ (define gitile-nginx-server-block
(define gitile-shepherd-service
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (shepherd-service
(provision '(gitile))
@@ -496,7 +501,7 @@ (define gitile-shepherd-service
(start (let ((gitile (file-append package "/bin/gitile")))
#~(make-forkexec-constructor
`(,#$gitile "-c" #$(gitile-config-file
- host port database
+ host port home-directory
repositories
base-git-url index-title
intro footer))
@@ -504,17 +509,18 @@ (define gitile-shepherd-service
#:group "git")))
(stop #~(make-kill-destructor)))))))
-(define %gitile-accounts
- (list (user-group
- (name "git")
- (system? #t))
- (user-account
- (name "gitile")
- (group "git")
- (system? #t)
- (comment "Gitile user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
+(define (gitile-accounts config)
+ (match-record config <gitile-configuration> (home-directory)
+ (list (user-group
+ (name "git")
+ (system? #t))
+ (user-account
+ (name "gitile")
+ (group "git")
+ (system? #t)
+ (comment "Gitile user")
+ (home-directory home-directory)
+ (shell (file-append shadow "/sbin/nologin"))))))
(define gitile-service-type
(service-type
@@ -523,7 +529,9 @@ (define gitile-service-type
on the web.")
(extensions
(list (service-extension account-service-type
- (const %gitile-accounts))
+ gitile-accounts)
+ (service-extension activation-service-type
+ gitile-activation)
(service-extension shepherd-root-service-type
gitile-shepherd-service)
(service-extension nginx-service-type
base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [bug#71143] [PATCH v2] services: gitile: Opt out of Git safe dir check.
2024-05-23 10:28 ` [bug#71143] [PATCH v2] " guix-patches--- via
@ 2024-05-24 5:28 ` Julien Lepiller
0 siblings, 0 replies; 5+ messages in thread
From: Julien Lepiller @ 2024-05-24 5:28 UTC (permalink / raw)
To: Nguyễn Gia Phong
Cc: Ludovic Courtès, Maxim Cournoyer, 71143, Matthew Trzcinski,
Florian Pelz
Hi,
I think it would be better if we had safe-directory = repositories,
instead of *. Otherwise, looks good.
It seems I cheated on my server and rewrote the service to use user
"git" instead, which owns the repositories.
Le Thu, 23 May 2024 19:28:13 +0900,
guix-patches--- via <guix-patches@gnu.org> a écrit :
> * gnu/services/version-control.scm (gitile-configuration):
> Add home-directory field for Git configuration file. It also stores
> Gitile's database, so remove the (now redundant) database field.
> * gnu/services/version-control.scm (%gitile-accounts): Move to
> gitile-accounts.
> * gnu/services/version-control.scm (gitile-accounts): Add configurable
> home directory.
> * doc/gnu.texi (Gitile Service): Document it.
> * gnu/services/version-control.scm (gitile-activation): New function
> creating Git config file for user gitile setting safe.directory
> to * (all directories), so libgit parses directories not owned
> by gitile user in gitile-configuration-repositories.
>
> Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
> ---
> I accidentally staged the record export hunk to another commit.
> doc/guix.texi | 4 +--
> gnu/services/version-control.scm | 48
> +++++++++++++++++++------------- 2 files changed, 30 insertions(+),
> 22 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 8073e3f6d496..ba12f249a98b 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -38981,8 +38981,8 @@ Version Control Services
> @item @code{port} (default: @code{8080})
> The port on which gitile is listening.
>
> -@item @code{database} (default:
> @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database.
> +@item @code{home-directory} (default: @code{"/var/lib/gitile"})
> +Directory in which to store the Gitile database.
>
> @item @code{repositories} (default:
> @code{"/var/lib/gitolite/repositories"}) The location of the
> repositories. Note that only public repositories will diff --git
> a/gnu/services/version-control.scm b/gnu/services/version-control.scm
> index 14ff0a59a6b0..7fedd7327d6e 100644 ---
> a/gnu/services/version-control.scm +++
> b/gnu/services/version-control.scm @@ -68,7 +68,7 @@ (define-module
> (gnu services version-control) gitile-configuration-package
> gitile-configuration-host
> gitile-configuration-port
> - gitile-configuration-database
> + gitile-configuration-home-directory
> gitile-configuration-repositories
> gitile-configuration-git-base-url
> gitile-configuration-index-title
> @@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
> (default "127.0.0.1"))
> (port gitile-configuration-port
> (default 8080))
> - (database gitile-configuration-database
> - (default "/var/lib/gitile/gitile-db.sql"))
> + (home-directory gitile-configuration-home-directory
> + (default "/var/lib/gitile"))
> (repositories gitile-configuration-repositories
> (default "/var/lib/gitolite/repositories"))
> (base-git-url gitile-configuration-base-git-url)
> @@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
> (default '()))
> (nginx gitile-configuration-nginx))
>
> -(define (gitile-config-file host port database repositories
> base-git-url +(define (gitile-config-file host port home-directory
> repositories base-git-url index-title intro footer)
> (define build
> #~(write `(config
> (port #$port)
> (host #$host)
> - (database #$database)
> + (database #$(string-append home-directory
> "/gitile-db.sql")) (repositories #$repositories)
> (base-git-url #$base-git-url)
> (index-title #$index-title)
> @@ -459,9 +459,14 @@ (define (gitile-config-file host port database
> repositories base-git-url
> (computed-file "gitile.conf" build))
>
> +(define (gitile-activation config)
> + (match-record config <gitile-configuration> (home-directory)
> + #~(with-output-to-file #$(string-append home-directory
> "/.gitconfig")
> + (lambda () (display "[safe]\n directory = *\n")))))
> +
> (define gitile-nginx-server-block
> (match-lambda
> - (($ <gitile-configuration> package host port database
> repositories
> + (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
> (list (nginx-server-configuration
> (inherit nginx)
> @@ -487,7 +492,7 @@ (define gitile-nginx-server-block
>
> (define gitile-shepherd-service
> (match-lambda
> - (($ <gitile-configuration> package host port database
> repositories
> + (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
> (list (shepherd-service
> (provision '(gitile))
> @@ -496,7 +501,7 @@ (define gitile-shepherd-service
> (start (let ((gitile (file-append package
> "/bin/gitile"))) #~(make-forkexec-constructor
> `(,#$gitile "-c" #$(gitile-config-file
> - host port database
> + host port
> home-directory repositories
> base-git-url
> index-title intro footer))
> @@ -504,17 +509,18 @@ (define gitile-shepherd-service
> #:group "git")))
> (stop #~(make-kill-destructor)))))))
>
> -(define %gitile-accounts
> - (list (user-group
> - (name "git")
> - (system? #t))
> - (user-account
> - (name "gitile")
> - (group "git")
> - (system? #t)
> - (comment "Gitile user")
> - (home-directory "/var/empty")
> - (shell (file-append shadow "/sbin/nologin")))))
> +(define (gitile-accounts config)
> + (match-record config <gitile-configuration> (home-directory)
> + (list (user-group
> + (name "git")
> + (system? #t))
> + (user-account
> + (name "gitile")
> + (group "git")
> + (system? #t)
> + (comment "Gitile user")
> + (home-directory home-directory)
> + (shell (file-append shadow "/sbin/nologin"))))))
>
> (define gitile-service-type
> (service-type
> @@ -523,7 +529,9 @@ (define gitile-service-type
> on the web.")
> (extensions
> (list (service-extension account-service-type
> - (const %gitile-accounts))
> + gitile-accounts)
> + (service-extension activation-service-type
> + gitile-activation)
> (service-extension shepherd-root-service-type
> gitile-shepherd-service)
> (service-extension nginx-service-type
>
> base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
^ permalink raw reply [flat|nested] 5+ messages in thread
* [bug#71143] [PATCH v2] services: gitile: Opt out of Git safe dir check.
2024-05-23 10:19 [bug#71143] [PATCH] services: gitile: Opt out of Git safe dir check guix-patches--- via
2024-05-23 10:28 ` [bug#71143] [PATCH v2] " guix-patches--- via
@ 2024-05-26 12:11 ` guix-patches--- via
2024-08-05 8:11 ` [bug#71143] [PATCH] " Evgeny Pisemsky
2 siblings, 0 replies; 5+ messages in thread
From: guix-patches--- via @ 2024-05-26 12:11 UTC (permalink / raw)
To: 71143, Julien Lepiller
[-- Attachment #1: Type: text/plain, Size: 823 bytes --]
On 2024-05-24 at 07:28+02:00, Julien Lepiller wrote:
> On 2024-05-23 at 19:28+09:00, Nguyễn Gia Phong wrote:
> > * gnu/services/version-control.scm (gitile-activation): New function
> > creating Git config file for user gitile setting safe.directory
> > to * (all directories), so libgit parses directories not owned
> > by gitile user in gitile-configuration-repositories.
>
> I think it would be better if we had safe-directory = repositories,
> instead of *. Otherwise, looks good.
Thanks, although * seems to be magic string rather than a glob pattern:
https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory
Setting safe-directory to repositories or repositories/*
doesn't make it work for me.
P.S. Huh for some reason GNU Debbugs keep bouncing mails from loang.net.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 687 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [bug#71143] [PATCH] services: gitile: Opt out of Git safe dir check.
2024-05-23 10:19 [bug#71143] [PATCH] services: gitile: Opt out of Git safe dir check guix-patches--- via
2024-05-23 10:28 ` [bug#71143] [PATCH v2] " guix-patches--- via
2024-05-26 12:11 ` guix-patches--- via
@ 2024-08-05 8:11 ` Evgeny Pisemsky
2 siblings, 0 replies; 5+ messages in thread
From: Evgeny Pisemsky @ 2024-08-05 8:11 UTC (permalink / raw)
To: 71143
[-- Attachment #1: Type: text/plain, Size: 388 bytes --]
In the meantime I did some searching and found out that owner check
can be disabled right from guile without any external config files:
https://gitlab.com/guile-git/guile-git/-/blob/47541c4eb28ca81530b5541834a4d105a808954f/git/settings.scm#L77
Attached example of gitile package with modified source that works for
me with existing service. It can even be made optional in gitile code.
[-- Attachment #2: gitile.scm --]
[-- Type: application/octet-stream, Size: 465 bytes --]
(use-modules (guix packages)
(gnu packages version-control))
(package
(inherit gitile)
(source
(origin
(inherit (package-source gitile))
(modules '((guix build utils)))
(snippet '(substitute* "scripts/gitile.in"
(("^.*run-server.*" line)
(string-append
" (use-modules (git settings))\n"
" (set-owner-validation! #f)\n"
line)))))))
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-08-05 8:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-23 10:19 [bug#71143] [PATCH] services: gitile: Opt out of Git safe dir check guix-patches--- via
2024-05-23 10:28 ` [bug#71143] [PATCH v2] " guix-patches--- via
2024-05-24 5:28 ` Julien Lepiller
2024-05-26 12:11 ` guix-patches--- via
2024-08-05 8:11 ` [bug#71143] [PATCH] " Evgeny Pisemsky
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).