[bug#72400] [PATCH] services: gitile: Allow to set user and group.

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

From: Evgeny Pisemsky <mail@pisemsky.site>
To: "Nguyễn Gia Phong" <mcsinyx@disroot.org>
Cc: julien@lepiller.eu, 72400@debbugs.gnu.org
Subject: [bug#72400] [PATCH] services: gitile: Allow to set user and group.
Date: Mon, 05 Aug 2024 13:13:52 +0300	[thread overview]
Message-ID: <87ikwfffa7.fsf@pisemsky.site> (raw)
In-Reply-To: <D35K5Z1Y8NE5.WSFOEXAOJOA@disroot.org> ("Nguyễn Gia Phong"'s message of "Sat, 03 Aug 2024 01:15:15 +0900")

Nguyễn Gia Phong <mcsinyx@disroot.org> writes:

> Seconded, and IMHO the Guix service documentation should mention
> that the default user for gitile is to match the owner
> of the repositories:

As I understand running from git is not secure as it gives gitile
write access to the repos with possibility to corrupt them on error.

I've commented at #71143 about fixing group access for gitile. TLDR:

> (use-modules (git settings))
> (set-owner-validation! #f)
> (run-server ...)

I agree that documentation update is needed. IMO the following, while
being a breaking change, can make the service more sane and flexible:

1. Allow to change user and group as proposed in the initial patch.
2. Set default user and group to "gitile" and document that if they
   changed to other values, they expected to exist on a system, to
   avoid warnings like "the following groups appear more than once".
3. Remove the default value of the "repositories" field to enforce
   users to specify what they want to serve. Document that gitile's
   user/group must have at least read access to this directory.
4. Provide configuration for gitolite as an example, not as default.
5. Remove unnecessary fields like "database" from configuration.

I'm interested what authors and maintainers think about all of this.

     prev parent reply	other threads:[~2024-08-05 10:15 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-31 15:00 [bug#72400] [PATCH] services: gitile: Allow to set user and group Evgeny Pisemsky
2024-08-01  3:15 ` guix-patches--- via
2024-08-01  8:45 ` Evgeny Pisemsky
2024-08-02 16:15   ` guix-patches--- via
2024-08-05 10:13     ` Evgeny Pisemsky [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87ikwfffa7.fsf@pisemsky.site \
    --to=mail@pisemsky.site \
    --cc=72400@debbugs.gnu.org \
    --cc=julien@lepiller.eu \
    --cc=mcsinyx@disroot.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).