From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id wPfwLsAaT2bD/AAAA41jLg (envelope-from ) for ; Thu, 23 May 2024 12:30:24 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id AEPkKMAaT2YxvwAA62LTzQ (envelope-from ) for ; Thu, 23 May 2024 12:30:24 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=disroot.org header.s=mail header.b=an0sV0yK; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1716460224; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=o4LJnfTE4N9xUCQSbrk4dfoiFbnErzKvoCblTdCY/k0=; b=On57ukMrhKdnRLdVluKZDtiKLOlPp8qb8PCLrQ3bPHzTYbB5W3PzgAU/4nWq5S22UeXorO VWvKlQGiTXDY4q+4bsextf4+d5SeSO5q3xsR+B3wy1emNaQYIaJqbpCs9vyHVxunwecylt tulMdXpqxLBYrh8aYy/9wIaEFFNvD2m8XHRbai72gqaOGcq3Oye/WMeEmgQmnOl0IDnOVP VnI7VXCw4eYG1DQkAPw47/iE48GJj7Ry+qdb8XfflgCKgZ7metf5W8to6ceaalK1Mpr8ow N0Q2Eb0caQ3oMITrlXM8xvF6rJU54qyE72sg+vrglCMJyT1+10ZKab/l6kPv/Q== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1716460224; a=rsa-sha256; cv=none; b=s277OFXDBdc9R3+SBAhP/KEOmXbjapTo8/DNpAoUcfbjq0WBc17s/DQYPTPtTv1+oe8+f3 TONnKSQ5szFwKdjUzUiwxQYvtBWZ+7J0vucDWeMZ9FXLoUS8Pny0YeMsdVonSNw2B7RnLQ 1lZbPugIV94FeNWAQqzyWkat6fFOZbGwITtuacm9F9QKp86QjrOUy7Wheda1OFkoBQzMPM cjmy4KOICMJ1pKGi+FcfS1fvTXHiHKqPCkHJyLcToQ+T39ocmAxQYVzha3dzGUqK67gFE0 +IOH3s/XFaP+EZTqSi3h2eqmCc6AzQbvnGNAK6ZiNLmvdfsQyvLjrWmKm//Utw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=disroot.org header.s=mail header.b=an0sV0yK; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3B52A82F7 for ; Thu, 23 May 2024 12:30:24 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sA5hu-0006I2-IS; Thu, 23 May 2024 06:29:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sA5hs-0006Gv-R6 for guix-patches@gnu.org; Thu, 23 May 2024 06:29:56 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sA5hs-0001Fk-54; Thu, 23 May 2024 06:29:56 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sA5hy-0006k0-63; Thu, 23 May 2024 06:30:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#71143] [PATCH v2] services: gitile: Opt out of Git safe dir check. Resent-From: =?UTF-8?Q?Nguy=E1=BB=85n?= Gia Phong Original-Sender: "Debbugs-submit" Resent-CC: pelzflorian@pelzflorian.de, ludo@gnu.org, matt@excalamus.com, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Thu, 23 May 2024 10:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 71143 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 71143@debbugs.gnu.org Cc: =?UTF-8?Q?Nguy=E1=BB=85n?= Gia Phong , Florian Pelz , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Matthew Trzcinski , Maxim Cournoyer X-Debbugs-Original-Xcc: Florian Pelz , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Matthew Trzcinski , Maxim Cournoyer Received: via spool by 71143-submit@debbugs.gnu.org id=B71143.171646019025879 (code B ref 71143); Thu, 23 May 2024 10:30:02 +0000 Received: (at 71143) by debbugs.gnu.org; 23 May 2024 10:29:50 +0000 Received: from localhost ([127.0.0.1]:58904 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sA5hl-0006jL-I0 for submit@debbugs.gnu.org; Thu, 23 May 2024 06:29:50 -0400 Received: from layka.disroot.org ([178.21.23.139]:60324) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sA5hj-0006jF-Hf for 71143@debbugs.gnu.org; Thu, 23 May 2024 06:29:48 -0400 X-Virus-Scanned: SPAM Filter at disroot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1716460179; bh=XbH+34ndP3S6fs6eAMw70eV0MOppFsiXgjHfinkGs3U=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=an0sV0yKj3twLB3OUvVgOE2gz8wk9/CMe0sKYELrC3aegMsfENOm9VlclOV70QhwE WhWd8Ke8+bOwuUCb4dvYEvNgdTD0kn92VModxwhxmarVI17ORCch1Osg1Og2MhcGM9 b/PRGTRvBYEHrez6RpDUJremg71azXLnRfTyTNYQfBJpqQ3yF5OvPv4YcGoF84aju+ RKMBS9Kjpv3sauBwlH6LNGvtBjjfpj4DE/m76p4Er2cpQhAZ+7xdZUwsw1koerYaFV D6UQsoYoR/ft9jEs2jvO0cdw8rIwk7Bwapmh9t03jUVwGwXNkngMhhD1kdy9zTLIf/ oT2M7i9Y0nNqg== Date: Thu, 23 May 2024 19:28:13 +0900 Message-ID: <854ccfeb2cf910eda609a026e865b595e64e0cc4.1716460093.git.mcsinyx@disroot.org> In-Reply-To: <604e51b2f51141b2b8d1d3d71bf9412ab7760563.1716459581.git.mcsinyx@disroot.org> References: <604e51b2f51141b2b8d1d3d71bf9412ab7760563.1716459581.git.mcsinyx@disroot.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: =?UTF-8?Q?Nguy=E1=BB=85n?= Gia Phong X-ACL-Warn: , =?utf-8?q?Nguy=E1=BB=85n_Gia_Phong_via_Guix-patches?= From: guix-patches--- via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -1.86 X-Spam-Score: -1.86 X-Migadu-Queue-Id: 3B52A82F7 X-Migadu-Scanner: mx11.migadu.com X-TUID: xmeFYxKAyBrn * gnu/services/version-control.scm (gitile-configuration): Add home-directory field for Git configuration file. It also stores Gitile's database, so remove the (now redundant) database field. * gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts. * gnu/services/version-control.scm (gitile-accounts): Add configurable home directory. * doc/gnu.texi (Gitile Service): Document it. * gnu/services/version-control.scm (gitile-activation): New function creating Git config file for user gitile setting safe.directory to * (all directories), so libgit parses directories not owned by gitile user in gitile-configuration-repositories. Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950 --- I accidentally staged the record export hunk to another commit. doc/guix.texi | 4 +-- gnu/services/version-control.scm | 48 +++++++++++++++++++------------- 2 files changed, 30 insertions(+), 22 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 8073e3f6d496..ba12f249a98b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -38981,8 +38981,8 @@ Version Control Services @item @code{port} (default: @code{8080}) The port on which gitile is listening. -@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database. +@item @code{home-directory} (default: @code{"/var/lib/gitile"}) +Directory in which to store the Gitile database. @item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"}) The location of the repositories. Note that only public repositories will diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index 14ff0a59a6b0..7fedd7327d6e 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -68,7 +68,7 @@ (define-module (gnu services version-control) gitile-configuration-package gitile-configuration-host gitile-configuration-port - gitile-configuration-database + gitile-configuration-home-directory gitile-configuration-repositories gitile-configuration-git-base-url gitile-configuration-index-title @@ -430,8 +430,8 @@ (define-record-type* (default "127.0.0.1")) (port gitile-configuration-port (default 8080)) - (database gitile-configuration-database - (default "/var/lib/gitile/gitile-db.sql")) + (home-directory gitile-configuration-home-directory + (default "/var/lib/gitile")) (repositories gitile-configuration-repositories (default "/var/lib/gitolite/repositories")) (base-git-url gitile-configuration-base-git-url) @@ -443,13 +443,13 @@ (define-record-type* (default '())) (nginx gitile-configuration-nginx)) -(define (gitile-config-file host port database repositories base-git-url +(define (gitile-config-file host port home-directory repositories base-git-url index-title intro footer) (define build #~(write `(config (port #$port) (host #$host) - (database #$database) + (database #$(string-append home-directory "/gitile-db.sql")) (repositories #$repositories) (base-git-url #$base-git-url) (index-title #$index-title) @@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url (computed-file "gitile.conf" build)) +(define (gitile-activation config) + (match-record config (home-directory) + #~(with-output-to-file #$(string-append home-directory "/.gitconfig") + (lambda () (display "[safe]\n directory = *\n"))))) + (define gitile-nginx-server-block (match-lambda - (($ package host port database repositories + (($ package host port home-directory repositories base-git-url index-title intro footer nginx) (list (nginx-server-configuration (inherit nginx) @@ -487,7 +492,7 @@ (define gitile-nginx-server-block (define gitile-shepherd-service (match-lambda - (($ package host port database repositories + (($ package host port home-directory repositories base-git-url index-title intro footer nginx) (list (shepherd-service (provision '(gitile)) @@ -496,7 +501,7 @@ (define gitile-shepherd-service (start (let ((gitile (file-append package "/bin/gitile"))) #~(make-forkexec-constructor `(,#$gitile "-c" #$(gitile-config-file - host port database + host port home-directory repositories base-git-url index-title intro footer)) @@ -504,17 +509,18 @@ (define gitile-shepherd-service #:group "git"))) (stop #~(make-kill-destructor))))))) -(define %gitile-accounts - (list (user-group - (name "git") - (system? #t)) - (user-account - (name "gitile") - (group "git") - (system? #t) - (comment "Gitile user") - (home-directory "/var/empty") - (shell (file-append shadow "/sbin/nologin"))))) +(define (gitile-accounts config) + (match-record config (home-directory) + (list (user-group + (name "git") + (system? #t)) + (user-account + (name "gitile") + (group "git") + (system? #t) + (comment "Gitile user") + (home-directory home-directory) + (shell (file-append shadow "/sbin/nologin")))))) (define gitile-service-type (service-type @@ -523,7 +529,9 @@ (define gitile-service-type on the web.") (extensions (list (service-extension account-service-type - (const %gitile-accounts)) + gitile-accounts) + (service-extension activation-service-type + gitile-activation) (service-extension shepherd-root-service-type gitile-shepherd-service) (service-extension nginx-service-type base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181 -- 2.41.0