From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id WOYUOWLMEGNBUgAAbAwnHQ (envelope-from ) for ; Thu, 01 Sep 2022 17:14:43 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id QEdKOGLMEGNYeQAAG6o9tA (envelope-from ) for ; Thu, 01 Sep 2022 17:14:42 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 05D842FEC9 for ; Thu, 1 Sep 2022 16:47:32 +0200 (CEST) Received: from localhost ([::1]:45346 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oTlTf-0001EM-Lb for larch@yhetil.org; Thu, 01 Sep 2022 10:47:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34116) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oTlSz-0001Bt-9h for bug-guix@gnu.org; Thu, 01 Sep 2022 10:46:50 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54078) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oTlOM-0008Po-0c for bug-guix@gnu.org; Thu, 01 Sep 2022 10:42:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oTlOL-0003X3-Or for bug-guix@gnu.org; Thu, 01 Sep 2022 10:42:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#25957: [EXT] Re: [EXT] bug#25957: gitolite broken: created repositories keep references to /usr/bin for hooks Resent-From: "Thompson, David" Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 01 Sep 2022 14:42:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 25957 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Efraim Flashner , "Thompson, David" , Maxime Devos , zimoun , 25957@debbugs.gnu.org Received: via spool by 25957-submit@debbugs.gnu.org id=B25957.166204330113551 (code B ref 25957); Thu, 01 Sep 2022 14:42:01 +0000 Received: (at 25957) by debbugs.gnu.org; 1 Sep 2022 14:41:41 +0000 Received: from localhost ([127.0.0.1]:43827 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oTlO0-0003WV-WF for submit@debbugs.gnu.org; Thu, 01 Sep 2022 10:41:41 -0400 Received: from mail-lf1-f46.google.com ([209.85.167.46]:38851) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oTlNz-0003WG-CG for 25957@debbugs.gnu.org; Thu, 01 Sep 2022 10:41:40 -0400 Received: by mail-lf1-f46.google.com with SMTP id q7so24727061lfu.5 for <25957@debbugs.gnu.org>; Thu, 01 Sep 2022 07:41:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=worcester-edu.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date; bh=PwD0MIxgrGwDc3SffHFWttqDmvD8XhjLVKM5Lkmy9JE=; b=8PohvdlS22T4IqaBQQRDhMuEQXCBzxvHePIPe5DP4Qc+9RCbgJ/CMexBqiA/g/FAGW ruhxE5S4gyw1hVXRa0/3sCJtDTvWnUW0xjnzIAGPOyZxMSV0W0GuIH1v1JXPSsk9TUxD EkwLNsVB/ojWCbH9xWhIkGgwYQxIf1dvWC0Y62SbsXKpM9Dxn7RV1nHElKyef+eGHTbI L7UuC3sgQJiiJnB1I8Dc4dImh/du7xuOalrxfDcoy4t95J+3xi/fsg9w6Lbys+I98+gD QaWcNytMZdzoB6RUfdifl+MTt0S+R8DfNcT7TO4ZbFlHVWqQRp3+MHcF7VJ5G0fqQZVM 4oWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date; bh=PwD0MIxgrGwDc3SffHFWttqDmvD8XhjLVKM5Lkmy9JE=; b=ZKGB3YoWUgC2BxW8YAD5YhnQyVWx3rkQT1vpt9YRmKgYT8jHS7iYU5L0uG/hPpSdsR jU4SNZNfN0s1hv/JHRFXSl9vpuD4Z33F1x+ufpsjkOd9og0ggtvV9egxgg093lpbxLEt pDzqoDv7c3TWXqHHnbg+G8UfW7McpwEbcjMvoDQg5ar0WtKz8YxwPfhtGxdUGv1wqKri araKFXg1nQgKRhBpkf7HRQuUFCnHle9qFAWlOLi0wTuWY/JXYWQ1PqUjoZ53fWBdtNbI 36DPCa++Ic3tXGdze4CVoO8X4vfaclhOJTvRSaQXfDnmMaUBb+9jf3wnk5FpQnXd24ly robA== X-Gm-Message-State: ACgBeo2Xm3sRQ+NcZ8nqQtgvJjkFL5BU7dGfQpsXSMt4hdbfcbHjaW8q vqh0kEh1v5qLj//7KvPNY25WMwKWNCQaCvgQhmrk3w== X-Google-Smtp-Source: AA6agR6xCAOoZl9s2Mmkntq/5pgj63gOMoKJa6Dv92GVxJI8D35lS97MLc3ERKFTnFWu8GBIXJF2sWAl1iVdeLJVqu4= X-Received: by 2002:ac2:4c88:0:b0:494:96d0:334 with SMTP id d8-20020ac24c88000000b0049496d00334mr1867619lfl.146.1662043293089; Thu, 01 Sep 2022 07:41:33 -0700 (PDT) MIME-Version: 1.0 References: <20170303222743.wf777eedaauuof3f@abyayala> <20170304133242.towlmzdcm6x43hvi@abyayala> <86k0ff9has.fsf_-_@gmail.com> <8635l01x7a.fsf@gmail.com> <86lex10wwr.fsf@gmail.com> <6a325301e7cc55ee08652c67e49c3eb8a0802baa.camel@telenet.be> In-Reply-To: From: "Thompson, David" Date: Thu, 1 Sep 2022 10:41:21 -0400 Message-ID: Content-Type: text/plain; charset="UTF-8" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1662043653; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=PwD0MIxgrGwDc3SffHFWttqDmvD8XhjLVKM5Lkmy9JE=; b=JnxqeUQRSqexGRZGjQW0/Bt0FTk4MjZH+L/h53nLnyofF21SqnSVDB7XDNSyBHI1OBmiGq Bic3BFnKJg2/xQ7E0JBMJGXV8Cy3zGN6fKXIuzMMlHD2T6agdSmEidI8se2wcf7yGaABJc P6M3rdZGElneiE4zyLspP/Z7myZWqoNFAd6j4Ns4Ya0JEvcMRZYho2MCyi6HQnYMw0IoYd qviW8+AaoxPGkX8usIbYmYXfOOPeCOkfSrC0XTx5ayn4ZqL8kmunkSoI/YBS1r2lnLDNC8 bBBSHnWODXFd/vkv7aiu3NgwMoNuxMOMT5u/WLCo7HppqNTZ6x9VtkLl6Jmq/g== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1662043653; a=rsa-sha256; cv=none; b=q06WwnYAZFiV0eOvrS0xoZgrhLKF4W+GBvEF+XxweahUpk47QOAp0wh0dNbtG5vtTAcRkD dqXeFx4Y+4TXrM4LhE1fonwW1cTlSuIDWjNeU/O4HlTa3MyF5EJOf2v6X/FCleXZsc9RSg t8730CNNxwnc/fDokQUZ27g4D/NnNzbVUdarzARwjRrjzjLQUMrj5q/D3sXR0jXB6yLHNC hQ/swtvup3j4KIYL2KtutE/SanmmSkxsoAbvnQeAPoJY8F9CgHtpvf9N+BNH+Ku4evxlO8 sf6DFL6f2fmHSttKcD97WMDyAlq5Ai3cmvGzSp2vL22J8t9dx3S/MC7eCghb2g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=worcester-edu.20210112.gappssmtp.com header.s=20210112 header.b=8PohvdlS; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 2.73 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=worcester-edu.20210112.gappssmtp.com header.s=20210112 header.b=8PohvdlS; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 05D842FEC9 X-Spam-Score: 2.73 X-Migadu-Scanner: scn1.migadu.com X-TUID: hAg1p9QNgQGf Hi Efraim, On Thu, Sep 1, 2022 at 10:20 AM Efraim Flashner wrote: > > On Thu, Sep 01, 2022 at 09:59:55AM -0400, Thompson, David wrote: > > Hi all, > > > > Reviving this old thread. > > > > On Mon, Mar 28, 2022 at 2:51 AM Efraim Flashner wrote: > > > > > > > > Seems like all we have to do is 'substitute*' a '/usr/bin/svnserve' > > > > into a '/gnu/store/...' (untested), so seems actionable to me. > > > > Alternatively, as Efraim wrote, let it search the $PATH (that might be > > > > useful if adding svnserve would increase the closure too much and it is > > > > an optional dependency in practice?). > > > > > > I spent some time looking at gitolite and the service. As I understand > > > it, with the exception of svnserve, it searches $PATH for a number of > > > different binaries, including git-annex. I believe that this would only > > > work if git-annex (and potentially other packages) are installed > > > globally. > > > > > > In addition, git (not git-minimal) and openssh are propagated inputs AND > > > wrapped. I haven't tested to see if wrapping only is enough. > > > > > > I think the best choice is to: > > > A: Replace /usr/bin/svnserve with svnserve so it will just search $PATH, > > > like it does with the other helpers. > > > > I see that you have done this. Thanks! We could also replace the > > reference to /usr/sbin/redis-server in src/lib/Gitolite/Cache.pm. > > That's the only other /usr reference I can find (that isn't in a > > comment) in the output. I have the patch ready if that sounds good to > > you. > > Sounds good to me Thanks, pushed as commit c053dfa52dc778eb3d965f58a85c435ae7fab0dd. > > > B: Adjust the service so that it automatically creates a variant (or > > > just a wrapped version) of the package which is wrapped with a list of > > > additional packages so that they can be in gitolite's path. If I were > > > deploying this to an arm device I wouldn't want it wrapped with > > > git-annex since it doesn't build, but would definitely want it for an > > > x86_64 machine. > > > > The service configuration record could accept a list of addons like > > '(git-annex cache svnserve), with a default of no addons '(), and > > create a package that extends the gitolite package with the > > appropriate propagated inputs. Does that sound like what you had in > > mind? A more robust solution could modify the build to hardcode the > > store paths needed for the add-ons but given that we already propagate > > git and openssh I don't think it's necessary right now. > > Assuming this is deployed into some sort of container then propagated > inputs wouldn't help much, we'd need either the PATH for the container > to be extended to include those extra packages or to have gitolite > itself wrapped similar to icedove/wayland. Just extending the PATH in > the #:environment-variables would be enough I'd think. Hmm, I hadn't thought about the container use case. Your approach sounds like the way to go. For what it's worth, I think the gitolite service as-is would suffer the same issue in a containerized environment because it relies upon the git and openssh propagated inputs to do anything at all. With the gitolite service in my system, /run/current-system/profile/bin has both git and ssh in it due to the propagation. So it sounds like there's 2 steps needed: 1) Use a wrapper like icedove/wayland for the base gitolite package so that git and openssh no longer need propagation, and then 2) extend the gitolite service to wrap up additional packages needed for the desired extensions. Sound good? > > > I suppose we should try to find someone who is using the gitolite > > > service and see if they can be our test subject for wrapping the package > > > with optional addons. > > > > I use the gitolite service and can be the test subject. I don't > > currently use any add-ons, but the redis one sounds easy enough to try > > and hey maybe it's a good excuse to finally learn how to use > > git-annex. > > > > As a longer term thing, it would be cool to revisit propagating git > > and openssh in this package. I punted on it back in 2015 for the > > reason stated in the source comments but maybe there's a reasonable > > and reliable way to directly embed the store paths now. > > It's actually been forever since I looked at gitolite so I don't know > remember what those inputs were needed for, but it'd be great to improve > the service. Are you referring to git and openssh or redis, svnserve, git-annex, etc.? I'm no expert and I really don't like Perl, but I know gitolite well enough to explain some of this stuff. > Interestingly, I almost have a working ghc-8.6 for aarch64 after all > these years. Some things move at a glacial pace, but eventually they get done. Best of luck wrapping that up. :) - Dave