From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42550) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d60Fr-00031j-Ov for guix-patches@gnu.org; Wed, 03 May 2017 15:48:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d60Fn-0002IH-E3 for guix-patches@gnu.org; Wed, 03 May 2017 15:48:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:55003) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1d60Fn-0002I2-BY for guix-patches@gnu.org; Wed, 03 May 2017 15:48:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1d60Fn-0003X0-5h for guix-patches@gnu.org; Wed, 03 May 2017 15:48:03 -0400 Subject: bug#26717: [PATCH] gnu: gitolite: Avoid references to the store in authorized_keys. Resent-To: guix-patches@gnu.org Resent-Message-ID: References: <87wpa1q2po.fsf@lassieur.org> <20170430163244.2830-1-clement@lassieur.org> <20170430193117.setdri6ykdbbmza3@abyayala> From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur In-reply-to: <20170430193117.setdri6ykdbbmza3@abyayala> Date: Wed, 03 May 2017 21:47:26 +0200 Message-ID: <87r3057mep.fsf@lassieur.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: ng0 Cc: 26717-done@debbugs.gnu.org ng0 writes: > Clément Lassieur transcribed 1.3K bytes: >> * gnu/packages/version-control.scm (gitolite)[arguments]: Substitute >> '$glshell' with 'gitolite-shell' in ssh-authkeys. >> --- >> gnu/packages/version-control.scm | 8 +++++++- >> 1 file changed, 7 insertions(+), 1 deletion(-) >> >> diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm >> index e0770dc58..1cad0f285 100644 >> --- a/gnu/packages/version-control.scm >> +++ b/gnu/packages/version-control.scm >> @@ -628,7 +628,13 @@ also walk each side of a merge and test those changes individually.") >> ;; invokes Perl. >> (substitute* (find-files "." ".*") >> ((" perl -") >> - (string-append " " perl " -")))))) >> + (string-append " " perl " -"))) >> + >> + ;; Avoid references to the store in authorized_keys. >> + ;; This works because gitolite-shell is in the PATH. >> + (substitute* "src/triggers/post-compile/ssh-authkeys" >> + (("\\$glshell \\$user") >> + "gitolite-shell $user"))))) >> (replace 'install >> (lambda* (#:key outputs #:allow-other-keys) >> (let* ((output (assoc-ref outputs "out")) >> -- >> 2.12.2 >> >> >> >> > > This looks good. I have yet to test it. Do you think we could fix the hook files of gitolite like this too? Thank you :) I pushed it.