From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: [PATCH] gnu: services: Add git-service. Date: Sat, 19 Nov 2016 21:49:06 +0000 Message-ID: <20161119214906.13804-2-ng0@we.make.ritual.n0.is> References: <20161119214906.13804-1-ng0@we.make.ritual.n0.is> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:45666) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c8DVs-00044w-O4 for guix-devel@gnu.org; Sat, 19 Nov 2016 16:49:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c8DVp-00008u-66 for guix-devel@gnu.org; Sat, 19 Nov 2016 16:49:32 -0500 Received: from aibo.runbox.com ([91.220.196.211]:37312) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1c8DVo-00007X-Sh for guix-devel@gnu.org; Sat, 19 Nov 2016 16:49:29 -0500 Received: from [10.9.9.210] (helo=mailfront10.runbox.com) by bars.runbox.com with esmtp (Exim 4.71) (envelope-from ) id 1c8DVn-00058P-Sc for guix-devel@gnu.org; Sat, 19 Nov 2016 22:49:27 +0100 In-Reply-To: <20161119214906.13804-1-ng0@we.make.ritual.n0.is> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org * gnu/services/version-control.scm: New file, create it. (git-service): New Procedures. (git-service-type): New variable. * doc/guix.texi (Services)(Version Control): New section. --- doc/guix.texi | 38 ++++++++- gnu/local.mk | 1 + gnu/services/version-control.scm | 162 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 200 insertions(+), 1 deletion(-) create mode 100644 gnu/services/version-control.scm diff --git a/doc/guix.texi b/doc/guix.texi index 7352ea9..fe53d08 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -7795,6 +7795,7 @@ declaration. * Web Services:: Web servers. * Network File System:: NFS related services. * Miscellaneous Services:: Other services. +* Version Control:: Git and others. @end menu @node Base Services @@ -11586,7 +11587,6 @@ If it is @code{#f} then the daemon will use the host's fully qualified domain na @node Miscellaneous Services @subsubsection Miscellaneous Services - @cindex lirc @subsubheading Lirc Service @@ -11673,6 +11673,42 @@ A @code{} object serving the GNU Collaborative International Dictonary of English using the @code{gcide} package. @end defvr +@node Version Control +@subsubsection Version Control + +The @code{(gnu services version-control)} module provides the following services: + +@deffn {Scheme Procedure} git-service [#:git @var{git}] @ + [#:base-directory "/var/git/repositories"] @ + [#:user-directory? #f ""] [#:port 9418] @ + [#:directory? #f ""] [#:max-connections 32] @ + [#:pid-file? #t "/var/run/git-daemon.pid"] + +Return a service to run the @uref{https://git-scm.com, Git} daemon, a really simple +TCP Git service which exposes local repositories for anonymous remote access. + +The git daemon runs as the @code{git} unprivileged user. It is started with +the fixed parameters @code{--syslog}, @code{--reuseaddr} and +@code{"--no-informative-errors"}. +You can pass the parameter @var{base-directory}, which remaps all the directory +requests as relative to the given directory. If you run git-service with +@var{base-directory "/var/git/repositories"} on example.com, then if you later try +to pull @code{git://example.com/hello.git}, git-service will interpret the directory +as @code{/var/git/repositories/hello.git}. +@var{max-connections} sets the maximum number of concurrent clients, it defaults to 32. +Set it to 0 for no limit. +@var{user-directory} allows allows ~user notation to be used in requests. When +specified with no parameter, requests to @code{git://host/~alice/foo} is taken as a +request to access @code{foo} repository in the home directory of user @code{alice}. +If @var{user-directory "path"} is specified, the same request is taken as a request +to access @code{path/foo} repository in the home directory of user @code{alice}. +The parameter @var{directory "foo"} adds the directory "foo" and its subdirectories +to the whitelist of allowed directories. +Furthermore git-service takes the parameter @var{port}, which defaults to 9418. +Run @command{man git daemon} for information about the options. + +@end deffn + @node Setuid Programs @subsection Setuid Programs diff --git a/gnu/local.mk b/gnu/local.mk index 7112451..8769671 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -415,6 +415,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/sddm.scm \ %D%/services/spice.scm \ %D%/services/ssh.scm \ + %D%/services/version-control.scm \ %D%/services/web.scm \ %D%/services/xorg.scm \ \ diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm new file mode 100644 index 0000000..8fa22a1 --- /dev/null +++ b/gnu/services/version-control.scm @@ -0,0 +1,162 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016 ng0 +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services version-control) + #:use-module (gnu services) + #:use-module (gnu services base) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages version-control) + #:use-module (gnu packages admin) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (srfi srfi-1) + #:use-module (ice-9 match) + #:export (git-service + git-service-type + git-configuration + git-configuration? + git-configuration-git + git-configuration-port + git-configuration-base-directory + git-configuration-pid-file + git-configuration-max-connections + git-configuration-user-directory + git-configuration-directory)) + +;;; Commentary: +;;; +;;; Version Control related services. +;;; +;;; Code: + + +;;; +;;; git +;;; + +(define-record-type* git-configuration + make-git-configuration + git-configuration? + (git git-configuration-git ;package + (default git)) + (pid-file? git-configuration-pid-file) ;string + (base-directory git-configuration-base-directory) ;string + (user-directory? git-configuration-user-directory) ;string + (directory? git-configuration-directory) ;string + (max-connections git-configuration-max-connections) ;number + (port git-configuration-port)) ;number + +(define (git-shepherd-service config) + "Return a for git with CONFIG." + (define git (git-configuration-git config)) + + (define git-command + #~(list + (string-append #$git "/bin/git") "daemon" "--syslog" "--user=git" + "--group=git" "--no-informative-errors" "--reuseaddr" + ;; A directory to add to the whitelist of allowed directories. Unless + ;; --strict-paths is specified this will also include subdirectories of + ;; each named directory. + ;; --directory + ;; TODO: Add the option to add multiple occurences of --directory + (if (git-configuration-directory? config) + (string-append "--directory=" #$(git-configuration-directory config)) + "") + ;; --interpolated-path= + ;; To support virtual hosting, an interpolated path template can be used to + ;; dynamically construct alternate paths. The template supports %H for the target + ;; hostname as supplied by the client but converted to all lowercase, + ;; %CH for the canonical hostname, %IP for the server’s IP address, + ;; %P for the port number, and %D for the absolute path of the named repository. + ;; After interpolation, the path is validated against the directory whitelist. + + ;; --listen= + ;; Listen on a specific IP address or hostname. IP addresses can be either an IPv4 + ;; address or an IPv6 address if supported. If IPv6 is not supported, then + ;; --listen=hostname is also not supported and --listen must be given an IPv4 address. + ;; Can be given more than once. Incompatible with --inetd option. + + ;; Maximum number of concurrent clients, defaults to 32. Set it to zero for no limit. + (string-append "--max-connections=" #$(number->string + (git-configuration-max-connections config))) + + ;; --user-path, --user-path= + ;; Allow ~user notation to be used in requests. When specified with no parameter, + ;; requests to git://host/~alice/foo is taken as a request to access foo repository + ;; in the home directory of user alice. If --user-path=path is specified, the same + ;; request is taken as a request to access path/foo repository in the home + ;; directory of user alice. + (if (git-configuration-user-directory? config) + "--user-path" "") + + ;; Save the process id in file. + (if (git-configuration-pid-file? config) + (string-append "--pid-file=" #$(git-configuration-pid-file config)) + "") + (string-append "--port=" #$(number->string (git-configuration-port config))) + (string-append "--base-path=" #$(git-configuration-base-directory config)))) + + (define requires '(networking syslogd)) + + (list (shepherd-service + (documentation "Git daemon server for git repositories") + (requirement requires) + (provision '(git)) + (start #~(make-forkexec-constructor #$git-command)) + (stop #~(make-kill-destructor))))) + +(define %git-accounts + ;; User account and groups for git-daemon. + (list (user-group + (name "git") + (system? #t)) + (user-account + (name "git") + (system? #t) + (group "git") + (comment "Shepherd created user for the git-daemon service") + ;; (home-directory "/var/empty") + (home-directory "/var/git") + ;;(shell #~(string-append #$shadow "/sbin/nologin"))))) + (shell #~(string-append #$shadow "/bin/git-shell"))))) + +(define (git-activation config) + "Return the activation GEXP for CONFIG." + #~(begin + (use-modules (guix build utils)) + (let ((user (getpwnam "git"))) + (mkdir-p (dirname #$(git-configuration-pid-file config))) + (mkdir-p (dirname #$(git-configuration-base-directory config))) + (chown (dirname #$(git-configuration-base-directory config)) + (passwd:uid user) (passwd:gid user))))) + +(define git-service-type + (service-type (name 'git) + (extensions + (list (service-extension shepherd-root-service-type + git-shepherd-service) + (service-extension activation-service-type + git-activation))))) + +(define* (git-service #:key (config (git-configuration))) + "Return a service that runs @url{https://git-scm.org,git} as a daemon. +The daemon will listen on the port specified in @var{port}. +In addition, @var{base-path} specifies the path which will repositories +which can be exported by adding 'git-daemon-export-ok' files to them." + (service git-service-type config)) -- 2.10.2