From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56688) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhMsd-0002SS-5M for guix-patches@gnu.org; Sun, 22 Jul 2018 18:31:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fhMsY-0005oM-6R for guix-patches@gnu.org; Sun, 22 Jul 2018 18:31:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:47756) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fhMsY-0005oE-1F for guix-patches@gnu.org; Sun, 22 Jul 2018 18:31:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fhMsX-0003aH-NU for guix-patches@gnu.org; Sun, 22 Jul 2018 18:31:01 -0400 Subject: [bug#30809] [PATCH 2/2] services: Add Gitolite. Resent-Message-ID: References: <20180714062855.18705-1-mail@cbaines.net> <20180714062855.18705-2-mail@cbaines.net> From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur In-reply-to: <20180714062855.18705-2-mail@cbaines.net> Date: Mon, 23 Jul 2018 00:30:01 +0200 Message-ID: <87va96q4ye.fsf@lassieur.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Christopher Baines Cc: 30809@debbugs.gnu.org Christopher Baines writes: > * gnu/services/version-control.scm (, > ): New record types. > (gitolite-accounts, gitolite-setup, gitolite-activation): New procedures. > (gitolite-service-type): New variables. > * gnu/tests/version-control.scm (%gitolite-test-admin-keypair, %gitolite-= os, > %test-gitolite): New variables. > (run-gitolite-test): New procedure. > * doc/guix.texi (Version Control): Document the gitolite service. > --- > doc/guix.texi | 90 ++++++++++++++++ > gnu/services/version-control.scm | 169 ++++++++++++++++++++++++++++++- > gnu/tests/version-control.scm | 103 ++++++++++++++++++- > 3 files changed, 360 insertions(+), 2 deletions(-) Great :-) [...] > +@item @code{admin-pubkey} (default: @var{#f}) > +A ``file-like'' object (@pxref{G-Expressions, file-like objects}) used to > +setup Gitolite. This can be omitted once Gitolite has successfully been > +setup. It looks like almost everything else can be ommited once Gitolite has successfully been setup :-), I put another comment about it below. [...] > +(define-record-type* > + gitolite-configuration make-gitolite-configuration > + gitolite-configuration? > + (package gitolite-configuration-package > + (default gitolite)) > + (user gitolite-configuration-user > + (default "git")) > + (rc-file gitolite-configuration-rc-file > + (default (gitolite-rc-file))) > + (admin-pubkey gitolite-configuration-admin-pubkey > + (default #f))) > + > +(define (gitolite-accounts config) > + (let ((user (gitolite-configuration-user config))) > + ;; User group and account to run Gitolite. > + (list (user-group (name user) (system? #t)) > + (user-account > + (name user) > + (group user) It would be great to make the group and home directory configurable too. I personally use other settings for them. > + (system? #t) > + (comment "Gitolite user") > + (home-directory "/var/lib/gitolite"))))) > + > +(define gitolite-setup > + (match-lambda > + (($ package user rc-file admin-pubkey) > + #~(begin > + (use-modules (ice-9 match) > + (guix build utils)) > + (if (not (file-exists? "/var/lib/gitolite/.gitolite")) 'unless', instead of 'if not'. Also, is there a way to update the config once .gitolite exists? If the users update their config, they'd expect the new config to be applied I guess. Maybe we could override the symlink in that case. Would that be safe? WDYT? > + (let ((user-info (getpwnam #$user))) > + (simple-format #t "guix: gitolite: installing ~A\n" > + #$rc-file) > + (symlink #$rc-file "/var/lib/gitolite/.gitolite.rc") > + > + ;; The key must be writable, so copy it from the store > + (copy-file #$admin-pubkey "/var/lib/gitolite/id_rsa.pub") > + > + (chmod "/var/lib/gitolite/id_rsa.pub" #o500) > + (chown "/var/lib/gitolite/id_rsa.pub" > + (passwd:uid user-info) > + (passwd:gid user-info)) > + > + ;; Set the git configuration, to avoid gitolite trying to= use > + ;; the hostname command, as the network might not be up y= et > + (with-output-to-file "/var/lib/gitolite/.gitconfig" > + (lambda () > + (display "[user] > + name =3D GNU Guix > + email =3D guix@localhost > +"))) > + > + (match (primitive-fork) > + (0 > + ;; Exit with a non-zero status code if an exception is= thrown. > + (dynamic-wind > + (const #t) > + (lambda () > + (setenv "HOME" (passwd:dir user-info)) > + (setenv "USER" #$user) > + (setgid (passwd:gid user-info)) > + (setuid (passwd:uid user-info)) > + (primitive-exit > + (system* #$(file-append package "/bin/gitolite") > + "setup" > + "-pk" "/var/lib/gitolite/id_rsa.pub"))) > + (lambda () > + (primitive-exit 1)))) > + (pid (waitpid pid))) > + > + (delete-file "/var/lib/gitolite/id_rsa.pub"))))))) [...] > diff --git a/gnu/tests/version-control.scm b/gnu/tests/version-control.scm Could you add your copyright header for this file? > index 3b935a1b4..e4cd3fc3f 100644 > --- a/gnu/tests/version-control.scm > +++ b/gnu/tests/version-control.scm > @@ -27,14 +27,17 @@ > #:use-module (gnu services) > #:use-module (gnu services version-control) > #:use-module (gnu services cgit) > + #:use-module (gnu services ssh) > #:use-module (gnu services web) > #:use-module (gnu services networking) > #:use-module (gnu packages version-control) > + #:use-module (gnu packages ssh) > #:use-module (guix gexp) > #:use-module (guix store) > #:use-module (guix modules) > #:export (%test-cgit > - %test-git-http)) > + %test-git-http > + %test-gitolite)) >=20=20 > (define README-contents > "Hello! This is what goes inside the 'README' file.") > @@ -300,3 +303,101 @@ HTTP-PORT." > (name "git-http") > (description "Connect to a running Git HTTP server.") > (value (run-git-http-test)))) > + > + > +;;; > +;;; Gitolite. > +;;; > + > +(define %gitolite-test-admin-keypair > + (computed-file > + "gitolite-test-admin-keypair" > + (with-imported-modules (source-module-closure > + '((guix build utils))) ^ Here indentation is not correct ;-) > + #~(begin > + (use-modules (ice-9 match) (srfi srfi-26) > + (guix build utils)) > + > + (mkdir #$output) > + (invoke #$(file-append openssh "/bin/ssh-keygen") > + "-f" (string-append #$output "/id_rsa") > + "-t" "rsa" > + "-q" > + "-N" ""))))) [...] > + (define test > + (with-imported-modules '((gnu build marionette) > + (guix build utils)) > + #~(begin > + (use-modules (srfi srfi-64) > + (rnrs io ports) > + (gnu build marionette) > + (guix build utils)) > + > + (define marionette > + (make-marionette (list #$vm))) > + > + (mkdir #$output) > + (chdir #$output) > + > + (test-begin "gitolite") > + > + ;; Wait for sshd to be up and running. > + (test-eq "service running" > + 'running! > + (marionette-eval > + '(begin > + (use-modules (gnu services herd)) > + (start-service 'ssh-daemon) > + 'running!) > + marionette)) Here the test produces a false positive because the return value of 'start-service' isn't used. It should be (test-assert ... (start-service ...)) instead. > + (display #$%gitolite-test-admin-keypair) > + > + (setenv "GIT_SSH_VARIANT" "ssh") > + (setenv "GIT_SSH_COMMAND" > + (string-join > + '(#$(file-append openssh "/bin/ssh") > + "-i" #$(file-append %gitolite-test-admin-keypair "/= id_rsa") > + "-o" "UserKnownHostsFile=3D/dev/null" > + "-o" "StrictHostKeyChecking=3Dno"))) > + > + ;; Make sure we can clone the repo from the host. > + (test-eq "clone" > + #t > + (invoke #$(file-append git "/bin/git") > + "clone" "-v" > + "ssh://git@localhost:2222/gitolite-admin" > + "/tmp/clone")) > + > + (test-end) > + (exit (=3D (test-runner-fail-count (test-runner-current)) 0)))= )) > + > + (gexp->derivation "gitolite" test)) > + > +(define %test-gitolite > + (system-test > + (name "gitolite") > + (description "Clone the Gitolite admin repository.") > + (value (run-gitolite-test)))) Also, did you encounter bugs https://bugs.gnu.org/25957 and https://bugs.gnu.org/30401? Do you know if they are still here? Thank you very much! Cl=C3=A9ment