From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id oB9UN+slUGbbKgAAe85BDQ:P1 (envelope-from ) for ; Fri, 24 May 2024 07:30:20 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id oB9UN+slUGbbKgAAe85BDQ (envelope-from ) for ; Fri, 24 May 2024 07:30:20 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=lepiller.eu (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1716528619; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=M1fFoqHsjHjkkgdZ5ciHBBfRpW0VWhACqamJxl9Na08=; b=pg1Y0dPLTvf+3/MlnKkSDKaCG8NnMS/2SGk3rVhPD0/N1KaEs7FyOFhOq0aBKHUB0dLtdd EWE2vD/nle2TehanSSV52Xrf+5XuMh32gDkZz3XacBU5WxjDWQ7IuAqw9SJbdz85kKU6vG WN9ZARk3PYOMjE9ZWmZDRWnXB938wn0m8+NZsGTt053DYT9gDDKDOnKJMSXA4BbneZjcNI eHQBGIem7itX25fnCILKZRDLws9bZaS0gC4Zmd3MQD910RLbkBz+KGDwkVCEe+CTRsNYVC Sx1nLakQHDOQPBJt3K3GejymwPYpeImt3BsqWlZPiHnsbFtNqjrEd1HZ4YlFTQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=lepiller.eu (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1716528619; a=rsa-sha256; cv=none; b=CV+3WGEzJYOqNDkmxQO/kWM5Qdmjuulw5ITcLAxD0dwnm6MVefLLhgPKq5er7QpBkdNXV+ A1UhoEaGq/mGx7X3BVLmLwgCjJlLP9TXTLEvCVTjo8RQ8WrciHvZIUFhf9pOk+asjnZ8Y/ y1cLgI/8DWqTywZTqDS6eNXvY2ocOY8tpWF/tT0CqeytiC4d9tJV/8RtY5MndDE8tuVKl7 RzAneobWhi5CQFGkmo9BEsK+lQCntwaASnLujGqFdJfmuSvgNgbkAi2fE/IkTevPKmL4NQ ql2BGy6bs2GcaosnUSgZko1cyCEahL7Wmg0YCZgVh+q+kIuUD33koamEulSYGw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5BD0110121 for ; Fri, 24 May 2024 07:30:19 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sANV9-0006Oy-Ca; Fri, 24 May 2024 01:29:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sANV7-0006OQ-6i for guix-patches@gnu.org; Fri, 24 May 2024 01:29:57 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sANV6-00087g-U9 for guix-patches@gnu.org; Fri, 24 May 2024 01:29:56 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sANVD-0003p3-0l for guix-patches@gnu.org; Fri, 24 May 2024 01:30:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#71143] [PATCH v2] services: gitile: Opt out of Git safe dir check. Resent-From: Julien Lepiller Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 24 May 2024 05:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 71143 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: =?UTF-8?Q?Nguy=E1=BB=85n?= Gia Phong Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Maxim Cournoyer , 71143@debbugs.gnu.org, Matthew Trzcinski , Florian Pelz Received: via spool by 71143-submit@debbugs.gnu.org id=B71143.171652856314642 (code B ref 71143); Fri, 24 May 2024 05:30:02 +0000 Received: (at 71143) by debbugs.gnu.org; 24 May 2024 05:29:23 +0000 Received: from localhost ([127.0.0.1]:34961 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sANUY-0003o6-LA for submit@debbugs.gnu.org; Fri, 24 May 2024 01:29:23 -0400 Received: from [77.146.233.46] (port=50222 helo=localhost) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sANUT-0003o0-NF for 71143@debbugs.gnu.org; Fri, 24 May 2024 01:29:21 -0400 Received: from localhost (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 74942bf7; Fri, 24 May 2024 05:28:29 +0000 (UTC) Received: by localhost (OpenSMTPD) with ESMTPSA id 67b706eb (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Fri, 24 May 2024 05:28:29 +0000 (UTC) Date: Fri, 24 May 2024 07:28:28 +0200 From: Julien Lepiller Message-ID: <20240524072828.4868b031@lepiller.eu> In-Reply-To: <854ccfeb2cf910eda609a026e865b595e64e0cc4.1716460093.git.mcsinyx@disroot.org> References: <604e51b2f51141b2b8d1d3d71bf9412ab7760563.1716459581.git.mcsinyx@disroot.org> <854ccfeb2cf910eda609a026e865b595e64e0cc4.1716460093.git.mcsinyx@disroot.org> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.41; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: 0.15 X-Spam-Score: 0.15 X-Migadu-Queue-Id: 5BD0110121 X-Migadu-Scanner: mx13.migadu.com X-TUID: 0WxNi6hEUe0i Hi, I think it would be better if we had safe-directory =3D repositories, instead of *. Otherwise, looks good. It seems I cheated on my server and rewrote the service to use user "git" instead, which owns the repositories. Le Thu, 23 May 2024 19:28:13 +0900, guix-patches--- via a =C3=A9crit : > * gnu/services/version-control.scm (gitile-configuration): > Add home-directory field for Git configuration file. It also stores > Gitile's database, so remove the (now redundant) database field. > * gnu/services/version-control.scm (%gitile-accounts): Move to > gitile-accounts. > * gnu/services/version-control.scm (gitile-accounts): Add configurable > home directory. > * doc/gnu.texi (Gitile Service): Document it. > * gnu/services/version-control.scm (gitile-activation): New function > creating Git config file for user gitile setting safe.directory > to * (all directories), so libgit parses directories not owned > by gitile user in gitile-configuration-repositories. >=20 > Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950 > --- > I accidentally staged the record export hunk to another commit. > doc/guix.texi | 4 +-- > gnu/services/version-control.scm | 48 > +++++++++++++++++++------------- 2 files changed, 30 insertions(+), > 22 deletions(-) >=20 > diff --git a/doc/guix.texi b/doc/guix.texi > index 8073e3f6d496..ba12f249a98b 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -38981,8 +38981,8 @@ Version Control Services > @item @code{port} (default: @code{8080}) > The port on which gitile is listening. > =20 > -@item @code{database} (default: > @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database. > +@item @code{home-directory} (default: @code{"/var/lib/gitile"}) > +Directory in which to store the Gitile database. > =20 > @item @code{repositories} (default: > @code{"/var/lib/gitolite/repositories"}) The location of the > repositories. Note that only public repositories will diff --git > a/gnu/services/version-control.scm b/gnu/services/version-control.scm > index 14ff0a59a6b0..7fedd7327d6e 100644 --- > a/gnu/services/version-control.scm +++ > b/gnu/services/version-control.scm @@ -68,7 +68,7 @@ (define-module > (gnu services version-control) gitile-configuration-package > gitile-configuration-host > gitile-configuration-port > - gitile-configuration-database > + gitile-configuration-home-directory > gitile-configuration-repositories > gitile-configuration-git-base-url > gitile-configuration-index-title > @@ -430,8 +430,8 @@ (define-record-type* > (default "127.0.0.1")) > (port gitile-configuration-port > (default 8080)) > - (database gitile-configuration-database > - (default "/var/lib/gitile/gitile-db.sql")) > + (home-directory gitile-configuration-home-directory > + (default "/var/lib/gitile")) > (repositories gitile-configuration-repositories > (default "/var/lib/gitolite/repositories")) > (base-git-url gitile-configuration-base-git-url) > @@ -443,13 +443,13 @@ (define-record-type* > (default '())) > (nginx gitile-configuration-nginx)) > =20 > -(define (gitile-config-file host port database repositories > base-git-url +(define (gitile-config-file host port home-directory > repositories base-git-url index-title intro footer) > (define build > #~(write `(config > (port #$port) > (host #$host) > - (database #$database) > + (database #$(string-append home-directory > "/gitile-db.sql")) (repositories #$repositories) > (base-git-url #$base-git-url) > (index-title #$index-title) > @@ -459,9 +459,14 @@ (define (gitile-config-file host port database > repositories base-git-url=20 > (computed-file "gitile.conf" build)) > =20 > +(define (gitile-activation config) > + (match-record config (home-directory) > + #~(with-output-to-file #$(string-append home-directory > "/.gitconfig") > + (lambda () (display "[safe]\n directory =3D *\n"))))) > + > (define gitile-nginx-server-block > (match-lambda > - (($ package host port database > repositories > + (($ package host port home-directory > repositories base-git-url index-title intro footer nginx) > (list (nginx-server-configuration > (inherit nginx) > @@ -487,7 +492,7 @@ (define gitile-nginx-server-block > =20 > (define gitile-shepherd-service > (match-lambda > - (($ package host port database > repositories > + (($ package host port home-directory > repositories base-git-url index-title intro footer nginx) > (list (shepherd-service > (provision '(gitile)) > @@ -496,7 +501,7 @@ (define gitile-shepherd-service > (start (let ((gitile (file-append package > "/bin/gitile"))) #~(make-forkexec-constructor > `(,#$gitile "-c" #$(gitile-config-file > - host port database > + host port > home-directory repositories > base-git-url > index-title intro footer)) > @@ -504,17 +509,18 @@ (define gitile-shepherd-service > #:group "git"))) > (stop #~(make-kill-destructor))))))) > =20 > -(define %gitile-accounts > - (list (user-group > - (name "git") > - (system? #t)) > - (user-account > - (name "gitile") > - (group "git") > - (system? #t) > - (comment "Gitile user") > - (home-directory "/var/empty") > - (shell (file-append shadow "/sbin/nologin"))))) > +(define (gitile-accounts config) > + (match-record config (home-directory) > + (list (user-group > + (name "git") > + (system? #t)) > + (user-account > + (name "gitile") > + (group "git") > + (system? #t) > + (comment "Gitile user") > + (home-directory home-directory) > + (shell (file-append shadow "/sbin/nologin")))))) > =20 > (define gitile-service-type > (service-type > @@ -523,7 +529,9 @@ (define gitile-service-type > on the web.") > (extensions > (list (service-extension account-service-type > - (const %gitile-accounts)) > + gitile-accounts) > + (service-extension activation-service-type > + gitile-activation) > (service-extension shepherd-root-service-type > gitile-shepherd-service) > (service-extension nginx-service-type >=20 > base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181