From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: [PATCH] gnu: service: Add git-service. Date: Tue, 27 Sep 2016 08:20:01 +0000 Message-ID: <877f9xpxe6.fsf@we.make.ritual.n0.is> References: <87poor4tgx.fsf@we.make.ritual.n0.is> <878tvf7jfd.fsf@igalia.com> <878tvfr6ec.fsf@we.make.ritual.n0.is> <87eg57tk6t.fsf@we.make.ritual.n0.is> <87eg5666y4.fsf@igalia.com> <874m62pjjx.fsf@we.make.ritual.n0.is> <87bn0a4fsb.fsf@igalia.com> <871t16qh83.fsf@we.make.ritual.n0.is> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53523) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bond1-00020P-A3 for guix-devel@gnu.org; Tue, 27 Sep 2016 04:20:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1boncv-0002gp-Rc for guix-devel@gnu.org; Tue, 27 Sep 2016 04:20:38 -0400 Received: from aibo.runbox.com ([91.220.196.211]:37377) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boncv-0002gf-D6 for guix-devel@gnu.org; Tue, 27 Sep 2016 04:20:33 -0400 Received: from [10.9.9.211] (helo=mailfront11.runbox.com) by bars.runbox.com with esmtp (Exim 4.71) (envelope-from ) id 1boncu-0004o7-Rb for guix-devel@gnu.org; Tue, 27 Sep 2016 10:20:32 +0200 Received: from xd9bb8a2f.dyn.telefonica.de ([217.187.138.47] helo=localhost) by mailfront11.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1boncQ-0001if-Kk for guix-devel@gnu.org; Tue, 27 Sep 2016 10:20:03 +0200 In-Reply-To: <871t16qh83.fsf@we.make.ritual.n0.is> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org So almost one month passed now. To continue testing this, I need help on this first. Thanks. ng0 writes: > I tried to address most of what you've written. > > While I was correcting the documentation I decided to add more options, > now it doesn't work anymore, probably because of the ifs I added. > > Andy Wingo writes: > >> On Tue 30 Aug 2016 13:45, ng0 writes: >> >>>>I also think that "path" might >>>> not be the right word, which in GNU manuals is only used for search >>>> paths. See the "GNU Manuals" section of standards.texi for more. >>>> Anyway I suggest #:base-directory. Make sure the port is an integer and >>>> not a string. >>> >>> See 'man git daemon'. >> >> I ran this and it did not work -- first showed me a page for git then >> for daemon. I believe you want "man git-daemon"? >> >>> The switch is called --base-path. Looking at the openrc conf.d/git or >>> what the config file was called again, they stick to this name too. >>> It would just cause confusion if we go ahead and call it differently. >>> Upstream should be fixed, but I'm not going there. If you think we >>> should break expectations, I can rename it. >> >> "Fixing" upstream is out of our remit :) All I can ask is that we do >> not introduce new uses of the word "path". >> >>>>> +Return a service to run the @uref{https://git-scm.com, git} daemon version control >>>>> +daemon. >>>> >>>> Extra "daemon" here. Probably needs a sentence on what running the >>>> daemon will do (namely, expose local repositories for remote access). >>>> >>>> What about authentication? Is this purely anonymous? >>> >>> Exactly, authentication is handled via other daemons, for example ssh or >>> gitolite. git daemon supports no authentication and is read-only, as far >>> as I know. At the servers I use and setup, I pull via >>> git://,http://,https:// and push via ssh. >>> Its selfdescription is: >>> git-daemon - A really simple server for Git repositories. >> >> This needs to be documented in the manual, is what I was getting at :) >> Mention that this is for anonymous read-only access please. > > read-only was wrong, anonymous write-access for all the world can be set > up but it is not default. > >> >>>>Use "file name" instead of path in general. >>> >>> Why? >> >> It is because it is standard in the GNU project. I mentioned this >> before. See "info standards" and go to "GNU manuals". >> >>>>> +Furthermore it takes the parameter @var{port} which defaults to 9418. >>>>> +Run @command{man git daemon} for information about the options. >>>> >>>> This man command does not work. >>> >>> Works for me. As far as I know man pages were merged into git package >>> recently. When I run this on debian with guix, 'man git daemon' works >>> too. >> >> It does not work for me on NixOS with Guix. Maybe I am out of date >> though. >> >>>>> +(define %git-accounts >>>>> + ;; User account and groups for git-daemon. >>>>> + ;; We can give it git-shell for now, otherwise we can switch to /bin/sh. >>>> >>>> What does this comment mean? Why would we switch? >>> >>> I am not sure about the limitations of git-shell compared to >>> /bin/sh. If this turns out to be a mistake, it can be corrected. The >>> only thing I know about git-shell is that it allows no logins. >> >> If you do not want a login then probably what you want is >> #~(string-append #$shadow "/sbin/nologin"). >> >> Andy > > From d1d7eb59ca53833098cea2d6eddaa59f1494b579 Mon Sep 17 00:00:00 2001 > From: ng0 > Date: Fri, 8 Jul 2016 15:42:55 +0000 > Subject: [PATCH] gnu: services: Add git-service. > > * gnu/services/version-control.scm: New file, create it. > (git-service): New Procedures. > (git-service-type): New variable. > * doc/guix.texi: Add documentation. > --- > doc/guix.texi | 37 ++++++++ > gnu/local.mk | 1 + > gnu/services/version-control.scm | 196 +++++++++++++++++++++++++++++++++++++++ > 3 files changed, 234 insertions(+) > create mode 100644 gnu/services/version-control.scm > > diff --git a/doc/guix.texi b/doc/guix.texi > index b22cf4a..78d7ee1 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -7494,6 +7494,7 @@ declaration. > * Database Services:: SQL databases. > * Mail Services:: IMAP, POP3, SMTP, and all that. > * Web Services:: Web servers. > +* Version Control:: Git and others. > * Various Services:: Other services. > @end menu > > @@ -9910,6 +9911,42 @@ directories are created when the service is activated. > > @end deffn > > +@node Version Control > +@subsubsection Version Control > + > +The @code{(gnu services version-control)} module provides the following services: > + > +@deffn {Scheme Procedure} git-service [#:git @var{git}] @ > + [#:base-directory "/var/git/repositories"] @ > + [#:user-directory? #f ""] [#:port 9418] @ > + [#:directory? #f ""] [#:max-connections 32] @ > + [#:pid-file? #t "/var/run/git-daemon.pid"] > + > +Return a service to run the @uref{https://git-scm.com, Git} daemon, a really simple > +TCP Git service which exposes local repositories for anonymous remote access. > + > +The git daemon runs as the @code{git} unprivileged user. It is started with > +the fixed parameters @code{--syslog}, @code{--reuseaddr} and > +@code{"--no-informative-errors"}. > +You can pass the parameter @var{base-directory}, which remaps all the directory > +requests as relative to the given directory. If you run git-service with > +@var{base-directory "/var/git/repositories"} on example.com, then if you later try > +to pull @code{git://example.com/hello.git}, git-service will interpret the directory > +as @code{/var/git/repositories/hello.git}. > +@var{max-connections} sets the maximum number of concurrent clients, it defaults to 32. > +Set it to 0 for no limit. > +@var{user-directory} allows allows ~user notation to be used in requests. When > +specified with no parameter, requests to @code{git://host/~alice/foo} is taken as a > +request to access @code{foo} repository in the home directory of user @code{alice}. > +If @var{user-directory "path"} is specified, the same request is taken as a request > +to access @code{path/foo} repository in the home directory of user @code{alice}. > +The parameter @var{directory "foo"} adds the directory "foo" and its subdirectories > +to the whitelist of allowed directories. > +Furthermore git-service takes the parameter @var{port}, which defaults to 9418. > +Run @command{man git daemon} for information about the options. > + > +@end deffn > + > @node Various Services > @subsubsection Various Services > > diff --git a/gnu/local.mk b/gnu/local.mk > index d75ab54..9220d06 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -390,6 +390,7 @@ GNU_SYSTEM_MODULES = \ > %D%/services/herd.scm \ > %D%/services/spice.scm \ > %D%/services/ssh.scm \ > + %D%/services/version-control.scm \ > %D%/services/web.scm \ > %D%/services/xorg.scm \ > \ > diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm > new file mode 100644 > index 0000000..5578003 > --- /dev/null > +++ b/gnu/services/version-control.scm > @@ -0,0 +1,196 @@ > +;;; GNU Guix --- Functional package management for GNU > +;;; Copyright © 2016 ng0 > +;;; > +;;; This file is part of GNU Guix. > +;;; > +;;; GNU Guix is free software; you can redistribute it and/or modify it > +;;; under the terms of the GNU General Public License as published by > +;;; the Free Software Foundation; either version 3 of the License, or (at > +;;; your option) any later version. > +;;; > +;;; GNU Guix is distributed in the hope that it will be useful, but > +;;; WITHOUT ANY WARRANTY; without even the implied warranty of > +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +;;; GNU General Public License for more details. > +;;; > +;;; You should have received a copy of the GNU General Public License > +;;; along with GNU Guix. If not, see . > + > +(define-module (gnu services version-control) > + #:use-module (gnu services) > + #:use-module (gnu services base) > + #:use-module (gnu services shepherd) > + #:use-module (gnu system shadow) > + #:use-module (gnu packages version-control) > + #:use-module (gnu packages admin) > + #:use-module (guix records) > + #:use-module (guix gexp) > + #:use-module (srfi srfi-1) > + #:use-module (ice-9 match) > + #:export (git-service > + git-service-type > + git-configuration > + git-configuration? > + git-configuration-git > + git-configuration-port > + git-configuration-base-directory > + git-configuration-pid-file > + git-configuration-max-connections > + git-configuration-user-directory > + git-configuration-directory)) > + > +;;; Commentary: > +;;; > +;;; Version Control related services. > +;;; > +;;; Code: > + > + > +;;; > +;;; git > +;;; > + > +(define-record-type* git-configuration > + make-git-configuration > + git-configuration? > + (git git-configuration-git ;package > + (default git)) > + (pid-file? git-configuration-pid-file) ;string > + (base-directory git-configuration-base-directory) ;string > + (user-directory? git-configuration-user-directory) ;string > + (directory? git-configuration-directory) ;string > + (max-connections git-configuration-max-connections) ;number > + (port git-configuration-port)) ;number > + > +(define (git-shepherd-service config) > + "Return a for git with CONFIG." > + (define git (git-configuration-git config)) > + > + ;; Comments do not list all the features available, but the commented ones are > + ;; features which are a TODO for this service. > + (define git-command > + #~(list > + (string-append #$git "/bin/git") "daemon" > + > + ;; Log to syslog instead of stderr. Note that this option does not imply > + ;; --verbose, thus by default only error conditions will be logged. > + "--syslog" > + > + ;; Convenient for clients, but may leak information about the existence of > + ;; unexported repositories. When informative errors are not enabled, all > + ;; errors report "access denied" to the client. > + "--no-informative-errors" > + > + ;; Use SO_REUSEADDR when binding the listening socket. This allows the > + ;; server to restart without waiting for old connections to time out. > + "--reuseaddr" > + > + ;; A directory to add to the whitelist of allowed directories. Unless > + ;; --strict-paths is specified this will also include subdirectories of > + ;; each named directory. > + ;; --directory > + ;; TODO: Add the option to add multiple occurences of --directory > + (if (git-configuration-directory? config) > + (string-append "--directory=" #$(git-configuration-directory config)) > + "") > + > + ;; --interpolated-path= > + ;; To support virtual hosting, an interpolated path template can be used to > + ;; dynamically construct alternate paths. The template supports %H for the target > + ;; hostname as supplied by the client but converted to all lowercase, > + ;; %CH for the canonical hostname, %IP for the server’s IP address, > + ;; %P for the port number, and %D for the absolute path of the named repository. > + ;; After interpolation, the path is validated against the directory whitelist. > + > + ;; --export-all > + ;; Allow pulling from all directories that look like Git repositories (have the > + ;; objects and refs subdirectories), even if they do not have the git-daemon-export-ok > + ;; file. > + > + ;; --listen= > + ;; Listen on a specific IP address or hostname. IP addresses can be either an IPv4 > + ;; address or an IPv6 address if supported. If IPv6 is not supported, then > + ;; --listen=hostname is also not supported and --listen must be given an IPv4 address. > + ;; Can be given more than once. Incompatible with --inetd option. > + > + ;; Maximum number of concurrent clients, defaults to 32. Set it to zero for no limit. > + (string-append "--max-connections=" #$(number->string > + (git-configuration-max-connections config))) > + > + ;; --user-path, --user-path= > + ;; Allow ~user notation to be used in requests. When specified with no parameter, > + ;; requests to git://host/~alice/foo is taken as a request to access foo repository > + ;; in the home directory of user alice. If --user-path=path is specified, the same > + ;; request is taken as a request to access path/foo repository in the home > + ;; directory of user alice. > + (if (git-configuration-user-directory? config) > + "--user-path" "") > + > + ;; Save the process id in file. Ignored when the daemon is run under --inetd. > + (if (git-configuration-pid-file? config) > + (string-append "--pid-file=" #$(git-configuration-pid-file config)) > + "") > + (string-append "--port=" #$(number->string (git-configuration-port config))) > + (string-append "--base-path=" #$(git-configuration-base-directory config)))) > + > + (define requires > + '(networking syslogd)) > + > + (list (shepherd-service > + (documentation "Git daemon server for git repositories") > + (requirement requires) > + (provision '(git)) > + (start #~(make-forkexec-constructor #$git-command)) > + (stop #~(make-kill-destructor))))) > + > +(define %git-accounts > + ;; User account and groups for git-daemon. > + (list (user-group > + (name "git") > + (system? #t)) > + (user-account > + (name "git") > + (system? #t) > + (group "git") > + (comment "Shepherd created user for the git-daemon service") > + (home-directory "/var/git") > + (shell #~(string-append #$shadow "/bin/git-shell"))))) > + > +(define (git-activation config) > + "Return the activation gexp for CONFIG." > + #~(begin (use-modules (guix build utils)) > + ;; Create the default base-directory, see `man git daemon'. > + (mkdir-p "/var/git/repositories"))) > + > +(define git-service-type > + (service-type (name 'git) > + (extensions > + (list (service-extension shepherd-root-service-type > + git-shepherd-service) > + (service-extension activation-service-type > + git-activation))))) > + > +(define* (git-service #:key > + (git git) > + (base-directory "/var/git/repositories") > + (user-directory? #f) > + (user-directory? "") > + (directory? #f) > + (directory "") > + (port 9418) > + (pid-file? #t) > + (pid-file "/var/run/git-daemon.pid") > + (max-connections 32)) > + "Return a service that runs @url{https://git-scm.org,git} as a daemon. > +The daemon will listen on the port specified in @var{port}. > +In addition, @var{base-path} specifies the path which will repositories > +which can be exported by adding 'git-daemon-export-ok' files to them." > + (service git-service-type > + (git-configuration > + (git git) > + (base-directory base-directory) > + (user-directory? user-directory?) > + (directory? directory?) > + (port port) > + (pid-file? pid-file?) > + (max-connections max-connections)))) > -- > 2.9.3 > > > -- > ng0 > For non-prism friendly talk find me on http://www.psyced.org -- ng0