From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id QG71ENoYT2aYiAAAe85BDQ:P1 (envelope-from ) for ; Thu, 23 May 2024 12:22:18 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id QG71ENoYT2aYiAAAe85BDQ (envelope-from ) for ; Thu, 23 May 2024 12:22:18 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=disroot.org header.s=mail header.b=Zm6KhO8A; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1716459738; a=rsa-sha256; cv=none; b=l4dQieRi5gk62wCap78C23npmi8SaWErelQ1t8mcSCVY+h8W78HD9JSjxMwAN70uaeKps6 SOcAKvfMQRMHspt5kG2cwnSZVL8ZIZpiWU1zntDujmLN+U+F1kCi8EfNeL1HvWcwho7uCY Jp8uom1V3bIMyzM8bCmCfJG9OP61oeSqIaObnMmmTFzWNvPquDbpEhM3qiHauZELaJKl98 kyczGQ0oXw5RTizVjePr2INP3A5cRF5vLN+T+1EOPIkcsFA+iXAqNkUFzPnJPK3M95W4Kn AoBVhQUDPbf1R4rqDbRo3qAF/LJyxCT7CWGqwTqsZ+2vlpKwXBzYjkfRxPRnEw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=disroot.org header.s=mail header.b=Zm6KhO8A; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1716459738; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=zbi5aVBQG5xkVjZHkslU1t9Cej5beipyfjrP0S0O7JI=; b=K+FwmKLeC+2EzBiWLIPr36XD2F0AncaGLgvcV5Cp1RV1fdLbRkWoF8GHdE0gpIufmIxz6C Kuw+Yo3UPxKlnX8IvIkQ/1aw+opLyO/QTiE0exMg0QMQArSMGz1QxxoR3OkAWZmiavpXFb eFQxzJdQLQj1dhdi7ubDZ1MfruQ99TJoGER/CI8PqqCLx/5n53RNYllrxB8i7/a8N9r6U7 6MZyfVFh7DMyCUElrLNCpBVUWLS/GWxdH5owCmFPlW1rUIE9/Vs3kJSq74l7FoEb3Fgoob IgDJ8Ka/PbppOTnmJpPN2M9DwteodX3dLz0kyaT1qX45VxcCBdYo4vYn3KP5rQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D40AB3476E for ; Thu, 23 May 2024 12:22:17 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sA5aJ-0003GO-RW; Thu, 23 May 2024 06:22:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sA5aF-0003Fi-7e for guix-patches@gnu.org; Thu, 23 May 2024 06:22:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sA5aE-000088-1g; Thu, 23 May 2024 06:22:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sA5aE-0006eI-O2; Thu, 23 May 2024 06:22:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#71143] [PATCH] services: gitile: Opt out of Git safe dir check. Resent-From: =?UTF-8?Q?Nguy=E1=BB=85n?= Gia Phong Original-Sender: "Debbugs-submit" Resent-CC: pelzflorian@pelzflorian.de, ludo@gnu.org, matt@excalamus.com, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Thu, 23 May 2024 10:22:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 71143 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 71143@debbugs.gnu.org Cc: =?UTF-8?Q?Nguy=E1=BB=85n?= Gia Phong , Florian Pelz , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Matthew Trzcinski , Maxim Cournoyer X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Florian Pelz , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Matthew Trzcinski , Maxim Cournoyer Received: via spool by submit@debbugs.gnu.org id=B.171645966425533 (code B ref -1); Thu, 23 May 2024 10:22:02 +0000 Received: (at submit) by debbugs.gnu.org; 23 May 2024 10:21:04 +0000 Received: from localhost ([127.0.0.1]:58882 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sA5ZD-0006dN-Jj for submit@debbugs.gnu.org; Thu, 23 May 2024 06:21:04 -0400 Received: from lists.gnu.org ([209.51.188.17]:33162) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sA5Z8-0006dH-Qg for submit@debbugs.gnu.org; Thu, 23 May 2024 06:20:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sA5Yt-0001xr-Rb for guix-patches@gnu.org; Thu, 23 May 2024 06:20:41 -0400 Received: from layka.disroot.org ([178.21.23.139]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sA5Yr-00083U-MZ for guix-patches@gnu.org; Thu, 23 May 2024 06:20:39 -0400 X-Virus-Scanned: SPAM Filter at disroot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1716459634; bh=i4nl3B6lo3BEhYPvHskgUEz7zO4af+6179RdwdOG6Z0=; h=From:To:Cc:Subject:Date; b=Zm6KhO8A0+rgxTjg+DVJmgxb+uXOAadN4sTtKxJc9d/PhiGffC0whUqXZ7xq3U013 oHAldrxSPX+SWQrEVxI70Pd/e883tc0mGcC+TIvh0ts359dKi47Eib53RyZmxDzHYX hhJ3PdVYpr2oU5AjcaSYs01UtCC7nmpbUmEAsrAm+mfNAzeEqFrtZ2d0Ab4tHkxfn1 U7QQ5S62HMzvs6Ed2KmIOYeVLt0TzNQVvT7XF5+mYE5yiyXTAjPph2dQotkmLqAWc9 8SF1X9kMJY4FUmQ3qUSepy4hv8Y7sk2OsOPurYZhsgAqr389HbZn94kfaCt8GrClFx QofyrZmn/IF8Q== Date: Thu, 23 May 2024 19:19:41 +0900 Message-ID: <604e51b2f51141b2b8d1d3d71bf9412ab7760563.1716459581.git.mcsinyx@disroot.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=178.21.23.139; envelope-from=mcsinyx@disroot.org; helo=layka.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: =?UTF-8?Q?Nguy=E1=BB=85n?= Gia Phong X-ACL-Warn: , =?utf-8?q?Nguy=E1=BB=85n_Gia_Phong_via_Guix-patches?= From: guix-patches--- via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Queue-Id: D40AB3476E X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: -5.06 X-Spam-Score: -5.06 X-TUID: MczDtRyH5lIB * gnu/services/version-control.scm (gitile-configuration): Add home-directory field for Git configuration file. It also stores Gitile's database, so remove the (now redundant) database field. * gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts. * gnu/services/version-control.scm (gitile-accounts): Add configurable home directory. * doc/gnu.texi (Gitile Service): Document it. * gnu/services/version-control.scm (gitile-activation): New function creating Git config file for user gitile setting safe.directory to * (all directories), so libgit parses directories not owned by gitile user in gitile-configuration-repositories. Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950 --- doc/guix.texi | 4 +-- gnu/services/version-control.scm | 46 +++++++++++++++++++------------- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 8073e3f6d496..ba12f249a98b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -38981,8 +38981,8 @@ Version Control Services @item @code{port} (default: @code{8080}) The port on which gitile is listening. -@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database. +@item @code{home-directory} (default: @code{"/var/lib/gitile"}) +Directory in which to store the Gitile database. @item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"}) The location of the repositories. Note that only public repositories will diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index 14ff0a59a6b0..00ca7b600efc 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -430,8 +430,8 @@ (define-record-type* (default "127.0.0.1")) (port gitile-configuration-port (default 8080)) - (database gitile-configuration-database - (default "/var/lib/gitile/gitile-db.sql")) + (home-directory gitile-configuration-home-directory + (default "/var/lib/gitile")) (repositories gitile-configuration-repositories (default "/var/lib/gitolite/repositories")) (base-git-url gitile-configuration-base-git-url) @@ -443,13 +443,13 @@ (define-record-type* (default '())) (nginx gitile-configuration-nginx)) -(define (gitile-config-file host port database repositories base-git-url +(define (gitile-config-file host port home-directory repositories base-git-url index-title intro footer) (define build #~(write `(config (port #$port) (host #$host) - (database #$database) + (database #$(string-append home-directory "/gitile-db.sql")) (repositories #$repositories) (base-git-url #$base-git-url) (index-title #$index-title) @@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url (computed-file "gitile.conf" build)) +(define (gitile-activation config) + (match-record config (home-directory) + #~(with-output-to-file #$(string-append home-directory "/.gitconfig") + (lambda () (display "[safe]\n directory = *\n"))))) + (define gitile-nginx-server-block (match-lambda - (($ package host port database repositories + (($ package host port home-directory repositories base-git-url index-title intro footer nginx) (list (nginx-server-configuration (inherit nginx) @@ -487,7 +492,7 @@ (define gitile-nginx-server-block (define gitile-shepherd-service (match-lambda - (($ package host port database repositories + (($ package host port home-directory repositories base-git-url index-title intro footer nginx) (list (shepherd-service (provision '(gitile)) @@ -496,7 +501,7 @@ (define gitile-shepherd-service (start (let ((gitile (file-append package "/bin/gitile"))) #~(make-forkexec-constructor `(,#$gitile "-c" #$(gitile-config-file - host port database + host port home-directory repositories base-git-url index-title intro footer)) @@ -504,17 +509,18 @@ (define gitile-shepherd-service #:group "git"))) (stop #~(make-kill-destructor))))))) -(define %gitile-accounts - (list (user-group - (name "git") - (system? #t)) - (user-account - (name "gitile") - (group "git") - (system? #t) - (comment "Gitile user") - (home-directory "/var/empty") - (shell (file-append shadow "/sbin/nologin"))))) +(define (gitile-accounts config) + (match-record config (home-directory) + (list (user-group + (name "git") + (system? #t)) + (user-account + (name "gitile") + (group "git") + (system? #t) + (comment "Gitile user") + (home-directory home-directory) + (shell (file-append shadow "/sbin/nologin")))))) (define gitile-service-type (service-type @@ -523,7 +529,9 @@ (define gitile-service-type on the web.") (extensions (list (service-extension account-service-type - (const %gitile-accounts)) + gitile-accounts) + (service-extension activation-service-type + gitile-activation) (service-extension shepherd-root-service-type gitile-shepherd-service) (service-extension nginx-service-type base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181 -- 2.41.0