From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36388) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fkcO9-0007rt-U5 for guix-patches@gnu.org; Tue, 31 Jul 2018 17:41:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fkcO6-0002dq-N0 for guix-patches@gnu.org; Tue, 31 Jul 2018 17:41:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:59965) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fkcO6-0002dk-IU for guix-patches@gnu.org; Tue, 31 Jul 2018 17:41:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fkcO6-0000ph-Ch for guix-patches@gnu.org; Tue, 31 Jul 2018 17:41:02 -0400 Subject: [bug#30809] [PATCH 2/2] services: Add Gitolite. Resent-Message-ID: References: <20180729201822.12372-1-mail@cbaines.net> <20180729201822.12372-2-mail@cbaines.net> <87r2jk8faj.fsf@lassieur.org> From: Christopher Baines In-reply-to: <87r2jk8faj.fsf@lassieur.org> Date: Tue, 31 Jul 2018 22:40:16 +0100 Message-ID: <87wotbm6db.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Cc: 30809@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cl=C3=A9ment Lassieur writes: > Hey Christopher! > > Thank you for the update. Thanks for taking another look, I've sent some updated patches again. > Christopher Baines writes: > > [...] > >> +@example >> +git clone git@@example.com:gitolite-admin >> +@end example >> + >> +When the Gitolite service is activated, the provided @code{admin-pubkey= } will >> +be inserted in to the @file{keydir} directory in the gitolite-admin >> +repository. If this results in a change in the repository, it will be >> +committed using the message ``gitolite setup by GNU Guix''. >> + >> +@deftp {Data Type} gitolite-configuration >> +Data type representing the configuration for @code{gitolite-service-typ= e}. >> + >> +@table @asis >> +@item @code{package} (default: @var{gitolite}) >> +Gitolite package to use. >> + >> +@item @code{user} (default: @var{git}) > ^ > It should be a string --------------- > > I don't think you should use @var for default values. @code would be bet= ter. Ah, ok, I think I've corrected these issues where appropriate. >> +@item @code{admin-pubkey} (default: @var{#f}) > > Actually, there is no default :-) Good spot, I've removed it now. >> + (match-lambda >> + (($ package user group home >> + rc-file admin-pubkey) >> + #~(let* ((user-info (getpwnam #$user)) >> + (admin-pubkey #$admin-pubkey) >> + (pubkey-file (string-append >> + #$home "/" >> + (basename >> + (strip-store-file-name admin-pubkey))))) >> + (use-modules (guix build utils)) >> + >> + (simple-format #t "guix: gitolite: installing ~A\n" #$rc-file) >> + (copy-file #$rc-file #$(string-append home "/.gitolite.rc")) > ^ > Maybe a symlink here? I had some concerns that the store item might be removed, but I guess it must be safe as it's referenced by the activation script. I've now changed it to use a symlink. >> + ;; The key must be writable, so copy it from the store >> + (copy-file admin-pubkey pubkey-file) >> + >> + (chmod pubkey-file #o500) > > I don't think it must be writable, because #o500 isn't writable. I can't quite remember why I added this... I've removed it, and everything still seems to work. >> + ;; Run Gitolite setup, as this updates the hooks and include t= he >> + ;; admin pubkey if specified. The admin pubkey is required for >> + ;; initial setup, and will replace the previous key if run aft= er >> + ;; initial setup >> + (let ((pid (primitive-fork))) >> + (if (eq? pid 0) >> + ;; Exit with a non-zero status code if an exception is t= hrown. >> + (dynamic-wind >> + (const #t) >> + (lambda () >> + (setenv "HOME" (passwd:dir user-info)) >> + (setenv "USER" #$user) >> + (setgid (passwd:gid user-info)) >> + (setuid (passwd:uid user-info)) >> + (primitive-exit >> + (system* #$(file-append package "/bin/gitolite") >> + "setup" >> + "-m" "gitolite setup by GNU Guix" >> + "-pk" pubkey-file))) >> + (lambda () >> + (primitive-exit 1))) >> + (waitpid pid))) > > This works (with the (ice-9 match) module added): Unfortunately, when I try, I'm still hitting the same problem. To better explain, match seems to run the code for the forked process, in both processes. Adding in some peek statements [1] gives: ;;; ("FORK" 273) ;;; ("PID SHOULD BE 0") ;;; ("FORK" 0) ;;; ("PID SHOULD BE 0") [ 1.817611] Kernel panic - not syncing: Attempted to kill init! exitco= de=3D0x00000000 This can't be due to a missing import, as removing the import gives a different error message. Unbound variable: match [ 1.638616] Kernel panic - not syncing: Attempted to kill init! exitco= de=3D0x00000000 I'm at a loss regarding what is going on here. I've tried testing on top of 8b8978ade and a previous commit, I've also reproduced this on two different computers. I've pushed up a branch here [2] in case you're interested in checking out the exact code I'm using. 1: (match (peek "FORK" (primitive-fork)) (0 ;; Exit with a non-zero status code if an exception is thrown. (dynamic-wind (const #t) (lambda () (setenv "HOME" (passwd:dir user-info)) (setenv "USER" #$user) (setgid (passwd:gid user-info)) (setuid (passwd:uid user-info)) (peek "PID SHOULD BE 0") (primitive-exit (system* #$(file-append package "/bin/gitolite") "setup" "-m" "gitolite setup by GNU Guix" "-pk" pubkey-file))) (lambda () (primitive-exit 1)))) (pid (waitpid (peek "WAITING FOR PID ->" pid)))) 2: https://git.cbaines.net/guix/commit/?h=3Dgitolite-service-broken-match&i= d=3Db70a26a7875e0d1106290d583ee34db7159bbf60 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAltg10BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XfYPA/9FJDeM6CSCqIT2EZZwD0M1nJ0wXbpQfsvEjb3OGlQohM6xooVbIAZFJ0R KMtpz6YQFNeT9nANCzJW5Zxz7Cf3XqstVEQncSZM6iy+jNKWwIz/beXxE15MG/3k KraZ4OsiRDFaKXM1/lI3rvqx2raWiBpzCSe/A4f1P+xu/iRfr/9dCsavJl4hXHzv gcDMLZ9I6pXovvBaibGIDWn3mtlP0txxaJovqc0esb/WZuo4clxRKccreCmX9uTt mutMl6UUbuOftcR/oxlKbTcdI7brvGiNqS9ETC+80wI+67TFhrpI3CRSepkj0Nwn ZdQSBz4YOovCiTK3sNyRI2HU5Ub4o0RdxaqfJ6mfMc6NtMcSLksf7g8+0Bx/3+Kp AngTE3QzLAl6gXkOy5E1b1pZBMVg8rI4UN5A6NnZNz0OQ9fV9Vr7FpGh8UbzEuPf /4zNx3wq1btrKK5kqjXep0kI5lWMYgIn6EIrZKCBCG8GuWl5Y1/4+nR5rT0IPdWw bd7m9EepMEn1ZXIxiBdHmp2FZh8FQq6k1e6DMdkI16psk6IS/baIuPfOGeIZtpq+ QsOv8a6dKi6y6f3RgbEDbJz+lAUSN+YjDjcvzOOELHao6ziZbW2PCeTOizpaas3R 2IM5BIqPwErVvP4nagX61DAl1gmuM3qFdyJeqqnzmg1vriRztHg= =CIcR -----END PGP SIGNATURE----- --=-=-=--