From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41589) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhiyv-0006IG-J1 for guix-patches@gnu.org; Mon, 23 Jul 2018 18:07:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fhiys-0001Ti-AF for guix-patches@gnu.org; Mon, 23 Jul 2018 18:07:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:49397) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fhiys-0001TX-4S for guix-patches@gnu.org; Mon, 23 Jul 2018 18:07:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fhiyr-0001Dp-RO for guix-patches@gnu.org; Mon, 23 Jul 2018 18:07:01 -0400 Subject: [bug#30809] [PATCH 2/2] services: Add Gitolite. Resent-Message-ID: References: <20180714062855.18705-1-mail@cbaines.net> <20180714062855.18705-2-mail@cbaines.net> <87va96q4ye.fsf@lassieur.org> From: Christopher Baines In-reply-to: <87va96q4ye.fsf@lassieur.org> Date: Mon, 23 Jul 2018 23:06:47 +0100 Message-ID: <87efftwqrs.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Cc: 30809@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cl=C3=A9ment Lassieur writes: > Christopher Baines writes: > >> * gnu/services/version-control.scm (, >> ): New record types. >> (gitolite-accounts, gitolite-setup, gitolite-activation): New procedures. >> (gitolite-service-type): New variables. >> * gnu/tests/version-control.scm (%gitolite-test-admin-keypair, %gitolite= -os, >> %test-gitolite): New variables. >> (run-gitolite-test): New procedure. >> * doc/guix.texi (Version Control): Document the gitolite service. >> --- >> doc/guix.texi | 90 ++++++++++++++++ >> gnu/services/version-control.scm | 169 ++++++++++++++++++++++++++++++- >> gnu/tests/version-control.scm | 103 ++++++++++++++++++- >> 3 files changed, 360 insertions(+), 2 deletions(-) > > Great :-) Thanks for taking a look Cl=C3=A9ment, I too was looking at the these patch= es over the last few days, and I've sent some updated patches with some changes. >> +@item @code{admin-pubkey} (default: @var{#f}) >> +A ``file-like'' object (@pxref{G-Expressions, file-like objects}) used = to >> +setup Gitolite. This can be omitted once Gitolite has successfully been >> +setup. > > It looks like almost everything else can be ommited once Gitolite has > successfully been setup :-), I put another comment about it below. Well, maybe things like the rc-file could be omitted, but that's probably worth keeping. >> +(define-record-type* >> + gitolite-configuration make-gitolite-configuration >> + gitolite-configuration? >> + (package gitolite-configuration-package >> + (default gitolite)) >> + (user gitolite-configuration-user >> + (default "git")) >> + (rc-file gitolite-configuration-rc-file >> + (default (gitolite-rc-file))) >> + (admin-pubkey gitolite-configuration-admin-pubkey >> + (default #f))) >> + >> +(define (gitolite-accounts config) >> + (let ((user (gitolite-configuration-user config))) >> + ;; User group and account to run Gitolite. >> + (list (user-group (name user) (system? #t)) >> + (user-account >> + (name user) >> + (group user) > > It would be great to make the group and home directory configurable > too. I personally use other settings for them. Sure, I've made those configurable now. >> + (system? #t) >> + (comment "Gitolite user") >> + (home-directory "/var/lib/gitolite"))))) >> + >> +(define gitolite-setup >> + (match-lambda >> + (($ package user rc-file admin-pubkey) >> + #~(begin >> + (use-modules (ice-9 match) >> + (guix build utils)) >> + (if (not (file-exists? "/var/lib/gitolite/.gitolite")) > > 'unless', instead of 'if not'. > > Also, is there a way to update the config once .gitolite exists? If the > users update their config, they'd expect the new config to be applied I > guess. Maybe we could override the symlink in that case. Would that be > safe? WDYT? So, I've rewritten some of this now. gitolite setup will be run each time the service is activated, and this is important to ensure that the hooks are updated. >> + (let ((user-info (getpwnam #$user))) >> + (simple-format #t "guix: gitolite: installing ~A\n" >> + #$rc-file) >> + (symlink #$rc-file "/var/lib/gitolite/.gitolite.rc") >> + >> + ;; The key must be writable, so copy it from the store >> + (copy-file #$admin-pubkey "/var/lib/gitolite/id_rsa.pub") >> + >> + (chmod "/var/lib/gitolite/id_rsa.pub" #o500) >> + (chown "/var/lib/gitolite/id_rsa.pub" >> + (passwd:uid user-info) >> + (passwd:gid user-info)) >> + >> + ;; Set the git configuration, to avoid gitolite trying t= o use >> + ;; the hostname command, as the network might not be up = yet >> + (with-output-to-file "/var/lib/gitolite/.gitconfig" >> + (lambda () >> + (display "[user] >> + name =3D GNU Guix >> + email =3D guix@localhost >> +"))) >> + >> + (match (primitive-fork) >> + (0 >> + ;; Exit with a non-zero status code if an exception i= s thrown. >> + (dynamic-wind >> + (const #t) >> + (lambda () >> + (setenv "HOME" (passwd:dir user-info)) >> + (setenv "USER" #$user) >> + (setgid (passwd:gid user-info)) >> + (setuid (passwd:uid user-info)) >> + (primitive-exit >> + (system* #$(file-append package "/bin/gitolite") >> + "setup" >> + "-pk" "/var/lib/gitolite/id_rsa.pub"))) >> + (lambda () >> + (primitive-exit 1)))) >> + (pid (waitpid pid))) >> + >> + (delete-file "/var/lib/gitolite/id_rsa.pub"))))))) > > [...] > >> diff --git a/gnu/tests/version-control.scm b/gnu/tests/version-control.s= cm > > Could you add your copyright header for this file? I've done this now :) >> index 3b935a1b4..e4cd3fc3f 100644 >> --- a/gnu/tests/version-control.scm >> +++ b/gnu/tests/version-control.scm >> @@ -27,14 +27,17 @@ >> #:use-module (gnu services) >> #:use-module (gnu services version-control) >> #:use-module (gnu services cgit) >> + #:use-module (gnu services ssh) >> #:use-module (gnu services web) >> #:use-module (gnu services networking) >> #:use-module (gnu packages version-control) >> + #:use-module (gnu packages ssh) >> #:use-module (guix gexp) >> #:use-module (guix store) >> #:use-module (guix modules) >> #:export (%test-cgit >> - %test-git-http)) >> + %test-git-http >> + %test-gitolite)) >> >> (define README-contents >> "Hello! This is what goes inside the 'README' file.") >> @@ -300,3 +303,101 @@ HTTP-PORT." >> (name "git-http") >> (description "Connect to a running Git HTTP server.") >> (value (run-git-http-test)))) >> + >> + >> +;;; >> +;;; Gitolite. >> +;;; >> + >> +(define %gitolite-test-admin-keypair >> + (computed-file >> + "gitolite-test-admin-keypair" >> + (with-imported-modules (source-module-closure >> + '((guix build utils))) > ^ > Here indentation is not correct ;-) Ah, yep, I've corrected this. >> + ;; Wait for sshd to be up and running. >> + (test-eq "service running" >> + 'running! >> + (marionette-eval >> + '(begin >> + (use-modules (gnu services herd)) >> + (start-service 'ssh-daemon) >> + 'running!) >> + marionette)) > > Here the test produces a false positive because the return value of > 'start-service' isn't used. It should be > > (test-assert ... (start-service ...)) > > instead. Ok, I've made this change now. >> + (display #$%gitolite-test-admin-keypair) >> + >> + (setenv "GIT_SSH_VARIANT" "ssh") >> + (setenv "GIT_SSH_COMMAND" >> + (string-join >> + '(#$(file-append openssh "/bin/ssh") >> + "-i" #$(file-append %gitolite-test-admin-keypair "= /id_rsa") >> + "-o" "UserKnownHostsFile=3D/dev/null" >> + "-o" "StrictHostKeyChecking=3Dno"))) >> + >> + ;; Make sure we can clone the repo from the host. >> + (test-eq "clone" >> + #t >> + (invoke #$(file-append git "/bin/git") >> + "clone" "-v" >> + "ssh://git@localhost:2222/gitolite-admin" >> + "/tmp/clone")) >> + >> + (test-end) >> + (exit (=3D (test-runner-fail-count (test-runner-current)) 0))= ))) >> + >> + (gexp->derivation "gitolite" test)) >> + >> +(define %test-gitolite >> + (system-test >> + (name "gitolite") >> + (description "Clone the Gitolite admin repository.") >> + (value (run-gitolite-test)))) > > Also, did you encounter bugs https://bugs.gnu.org/25957 and > https://bugs.gnu.org/30401? Do you know if they are still here? So, 25957 should be fixed. That's now handled in the 'patch-source phase of the package. As for 30401, I'm not too sure. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAltWUXdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XcK9hAAuSreMgaYFT3/ucaBw+dMXq95+bFtXHXmhuYTFQGJgsj3+ifRbANMV4DG S4WtwBk8+mujSqzapSM2bY1cETg4zVJXZUAtsQSje6Y0yBDMcOsIc0vK6owJVjFb h+zdC1txJBwF9L7K0IKzlXYLgIWcBcVVLLhaY98w15sqXhjKEGfF7NKcmJjDa2XS 6QXv8bEyMyqlWFqoQrcoQMUDOXDaUKWwAWlWx9QV1MPuhTCVGn5+cKL+0E+znrhc Tx/+ea3KFjvmX5MJfIO3mmJ4yejxv5hljUQKT8Gw5qzHUDZr+yzia2fomzyYCcT0 dD5j5iroeLFji9vWCsG5Rwwe1UCKR6trkXqI+y0bXngL1hgIbY7r68jx5caBXMnL D3cbweLZM7xCEqCCfIGGLKRynOe3Fo4jwywMVuch0gvfNPboKHpaygntpyFoIS2n v/xXt3tWk6pDBAebffCJabpmovksoydL71Sq9gJTJiBzFGhagfmrth7qxpFiJSaT XIJs69CTh4p4kFrlyzPHzr8Bdj09kUGGxgpBCgcv7Zj7ZDR1MasFTwgM/KvEy+ox DC7RUdECuyttqRqo9fBIE0uVG7nVjfEhnRqdRn5lR4oF/diS3jrqLhAjNj1EU57N 2m8kMgHfZh1ttujw57na58qkqsAts1qpRHdmJ2k/AK8+8h47Qgs= =QQDE -----END PGP SIGNATURE----- --=-=-=--