Package: guix-patches;
Reported by: Nguyễn Gia Phong <mcsinyx <at> disroot.org>
Date: Thu, 23 May 2024 10:22:02 UTC
Severity: normal
Tags: patch
To reply to this bug, email your comments to 71143 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
pelzflorian <at> pelzflorian.de, ludo <at> gnu.org, matt <at> excalamus.com, maxim.cournoyer <at> gmail.com, guix-patches <at> gnu.org:bug#71143; Package guix-patches.
(Thu, 23 May 2024 10:22:02 GMT) Full text and rfc822 format available.Nguyễn Gia Phong <mcsinyx <at> disroot.org>:pelzflorian <at> pelzflorian.de, ludo <at> gnu.org, matt <at> excalamus.com, maxim.cournoyer <at> gmail.com, guix-patches <at> gnu.org.
(Thu, 23 May 2024 10:22:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Nguyễn Gia Phong <mcsinyx <at> disroot.org> To: guix-patches <at> gnu.org Cc: Nguyễn Gia Phong <mcsinyx <at> disroot.org> Subject: [PATCH] services: gitile: Opt out of Git safe dir check. Date: Thu, 23 May 2024 19:19:41 +0900
* gnu/services/version-control.scm (gitile-configuration):
Add home-directory field for Git configuration file. It also stores
Gitile's database, so remove the (now redundant) database field.
* gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts.
* gnu/services/version-control.scm (gitile-accounts): Add configurable
home directory.
* doc/gnu.texi (Gitile Service): Document it.
* gnu/services/version-control.scm (gitile-activation): New function
creating Git config file for user gitile setting safe.directory
to * (all directories), so libgit parses directories not owned
by gitile user in gitile-configuration-repositories.
Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
---
doc/guix.texi | 4 +--
gnu/services/version-control.scm | 46 +++++++++++++++++++-------------
2 files changed, 29 insertions(+), 21 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8073e3f6d496..ba12f249a98b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -38981,8 +38981,8 @@ Version Control Services
@item @code{port} (default: @code{8080})
The port on which gitile is listening.
-@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"})
-The location of the database.
+@item @code{home-directory} (default: @code{"/var/lib/gitile"})
+Directory in which to store the Gitile database.
@item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"})
The location of the repositories. Note that only public repositories will
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 14ff0a59a6b0..00ca7b600efc 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
(default "127.0.0.1"))
(port gitile-configuration-port
(default 8080))
- (database gitile-configuration-database
- (default "/var/lib/gitile/gitile-db.sql"))
+ (home-directory gitile-configuration-home-directory
+ (default "/var/lib/gitile"))
(repositories gitile-configuration-repositories
(default "/var/lib/gitolite/repositories"))
(base-git-url gitile-configuration-base-git-url)
@@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
(default '()))
(nginx gitile-configuration-nginx))
-(define (gitile-config-file host port database repositories base-git-url
+(define (gitile-config-file host port home-directory repositories base-git-url
index-title intro footer)
(define build
#~(write `(config
(port #$port)
(host #$host)
- (database #$database)
+ (database #$(string-append home-directory "/gitile-db.sql"))
(repositories #$repositories)
(base-git-url #$base-git-url)
(index-title #$index-title)
@@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url
(computed-file "gitile.conf" build))
+(define (gitile-activation config)
+ (match-record config <gitile-configuration> (home-directory)
+ #~(with-output-to-file #$(string-append home-directory "/.gitconfig")
+ (lambda () (display "[safe]\n directory = *\n")))))
+
(define gitile-nginx-server-block
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (nginx-server-configuration
(inherit nginx)
@@ -487,7 +492,7 @@ (define gitile-nginx-server-block
(define gitile-shepherd-service
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (shepherd-service
(provision '(gitile))
@@ -496,7 +501,7 @@ (define gitile-shepherd-service
(start (let ((gitile (file-append package "/bin/gitile")))
#~(make-forkexec-constructor
`(,#$gitile "-c" #$(gitile-config-file
- host port database
+ host port home-directory
repositories
base-git-url index-title
intro footer))
@@ -504,17 +509,18 @@ (define gitile-shepherd-service
#:group "git")))
(stop #~(make-kill-destructor)))))))
-(define %gitile-accounts
- (list (user-group
- (name "git")
- (system? #t))
- (user-account
- (name "gitile")
- (group "git")
- (system? #t)
- (comment "Gitile user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
+(define (gitile-accounts config)
+ (match-record config <gitile-configuration> (home-directory)
+ (list (user-group
+ (name "git")
+ (system? #t))
+ (user-account
+ (name "gitile")
+ (group "git")
+ (system? #t)
+ (comment "Gitile user")
+ (home-directory home-directory)
+ (shell (file-append shadow "/sbin/nologin"))))))
(define gitile-service-type
(service-type
@@ -523,7 +529,9 @@ (define gitile-service-type
on the web.")
(extensions
(list (service-extension account-service-type
- (const %gitile-accounts))
+ gitile-accounts)
+ (service-extension activation-service-type
+ gitile-activation)
(service-extension shepherd-root-service-type
gitile-shepherd-service)
(service-extension nginx-service-type
base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
--
2.41.0
pelzflorian <at> pelzflorian.de, ludo <at> gnu.org, matt <at> excalamus.com, maxim.cournoyer <at> gmail.com, guix-patches <at> gnu.org:bug#71143; Package guix-patches.
(Thu, 23 May 2024 10:30:02 GMT) Full text and rfc822 format available.Message #8 received at 71143 <at> debbugs.gnu.org (full text, mbox):
From: Nguyễn Gia Phong <mcsinyx <at> disroot.org> To: 71143 <at> debbugs.gnu.org Cc: Nguyễn Gia Phong <mcsinyx <at> disroot.org> Subject: [PATCH v2] services: gitile: Opt out of Git safe dir check. Date: Thu, 23 May 2024 19:28:13 +0900
* gnu/services/version-control.scm (gitile-configuration):
Add home-directory field for Git configuration file. It also stores
Gitile's database, so remove the (now redundant) database field.
* gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts.
* gnu/services/version-control.scm (gitile-accounts): Add configurable
home directory.
* doc/gnu.texi (Gitile Service): Document it.
* gnu/services/version-control.scm (gitile-activation): New function
creating Git config file for user gitile setting safe.directory
to * (all directories), so libgit parses directories not owned
by gitile user in gitile-configuration-repositories.
Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
---
I accidentally staged the record export hunk to another commit.
doc/guix.texi | 4 +--
gnu/services/version-control.scm | 48 +++++++++++++++++++-------------
2 files changed, 30 insertions(+), 22 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8073e3f6d496..ba12f249a98b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -38981,8 +38981,8 @@ Version Control Services
@item @code{port} (default: @code{8080})
The port on which gitile is listening.
-@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"})
-The location of the database.
+@item @code{home-directory} (default: @code{"/var/lib/gitile"})
+Directory in which to store the Gitile database.
@item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"})
The location of the repositories. Note that only public repositories will
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 14ff0a59a6b0..7fedd7327d6e 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -68,7 +68,7 @@ (define-module (gnu services version-control)
gitile-configuration-package
gitile-configuration-host
gitile-configuration-port
- gitile-configuration-database
+ gitile-configuration-home-directory
gitile-configuration-repositories
gitile-configuration-git-base-url
gitile-configuration-index-title
@@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
(default "127.0.0.1"))
(port gitile-configuration-port
(default 8080))
- (database gitile-configuration-database
- (default "/var/lib/gitile/gitile-db.sql"))
+ (home-directory gitile-configuration-home-directory
+ (default "/var/lib/gitile"))
(repositories gitile-configuration-repositories
(default "/var/lib/gitolite/repositories"))
(base-git-url gitile-configuration-base-git-url)
@@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
(default '()))
(nginx gitile-configuration-nginx))
-(define (gitile-config-file host port database repositories base-git-url
+(define (gitile-config-file host port home-directory repositories base-git-url
index-title intro footer)
(define build
#~(write `(config
(port #$port)
(host #$host)
- (database #$database)
+ (database #$(string-append home-directory "/gitile-db.sql"))
(repositories #$repositories)
(base-git-url #$base-git-url)
(index-title #$index-title)
@@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url
(computed-file "gitile.conf" build))
+(define (gitile-activation config)
+ (match-record config <gitile-configuration> (home-directory)
+ #~(with-output-to-file #$(string-append home-directory "/.gitconfig")
+ (lambda () (display "[safe]\n directory = *\n")))))
+
(define gitile-nginx-server-block
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (nginx-server-configuration
(inherit nginx)
@@ -487,7 +492,7 @@ (define gitile-nginx-server-block
(define gitile-shepherd-service
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (shepherd-service
(provision '(gitile))
@@ -496,7 +501,7 @@ (define gitile-shepherd-service
(start (let ((gitile (file-append package "/bin/gitile")))
#~(make-forkexec-constructor
`(,#$gitile "-c" #$(gitile-config-file
- host port database
+ host port home-directory
repositories
base-git-url index-title
intro footer))
@@ -504,17 +509,18 @@ (define gitile-shepherd-service
#:group "git")))
(stop #~(make-kill-destructor)))))))
-(define %gitile-accounts
- (list (user-group
- (name "git")
- (system? #t))
- (user-account
- (name "gitile")
- (group "git")
- (system? #t)
- (comment "Gitile user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
+(define (gitile-accounts config)
+ (match-record config <gitile-configuration> (home-directory)
+ (list (user-group
+ (name "git")
+ (system? #t))
+ (user-account
+ (name "gitile")
+ (group "git")
+ (system? #t)
+ (comment "Gitile user")
+ (home-directory home-directory)
+ (shell (file-append shadow "/sbin/nologin"))))))
(define gitile-service-type
(service-type
@@ -523,7 +529,9 @@ (define gitile-service-type
on the web.")
(extensions
(list (service-extension account-service-type
- (const %gitile-accounts))
+ gitile-accounts)
+ (service-extension activation-service-type
+ gitile-activation)
(service-extension shepherd-root-service-type
gitile-shepherd-service)
(service-extension nginx-service-type
base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
--
2.41.0
guix-patches <at> gnu.org:bug#71143; Package guix-patches.
(Fri, 24 May 2024 05:30:02 GMT) Full text and rfc822 format available.Message #11 received at 71143 <at> debbugs.gnu.org (full text, mbox):
From: Julien Lepiller <julien <at> lepiller.eu> To: Nguyễn Gia Phong <mcsinyx <at> disroot.org> Cc: Ludovic Courtès <ludo <at> gnu.org>, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>, 71143 <at> debbugs.gnu.org, Matthew Trzcinski <matt <at> excalamus.com>, Florian Pelz <pelzflorian <at> pelzflorian.de> Subject: Re: [bug#71143] [PATCH v2] services: gitile: Opt out of Git safe dir check. Date: Fri, 24 May 2024 07:28:28 +0200
Hi,
I think it would be better if we had safe-directory = repositories,
instead of *. Otherwise, looks good.
It seems I cheated on my server and rewrote the service to use user
"git" instead, which owns the repositories.
Le Thu, 23 May 2024 19:28:13 +0900,
guix-patches--- via <guix-patches <at> gnu.org> a écrit :
> * gnu/services/version-control.scm (gitile-configuration):
> Add home-directory field for Git configuration file. It also stores
> Gitile's database, so remove the (now redundant) database field.
> * gnu/services/version-control.scm (%gitile-accounts): Move to
> gitile-accounts.
> * gnu/services/version-control.scm (gitile-accounts): Add configurable
> home directory.
> * doc/gnu.texi (Gitile Service): Document it.
> * gnu/services/version-control.scm (gitile-activation): New function
> creating Git config file for user gitile setting safe.directory
> to * (all directories), so libgit parses directories not owned
> by gitile user in gitile-configuration-repositories.
>
> Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
> ---
> I accidentally staged the record export hunk to another commit.
> doc/guix.texi | 4 +--
> gnu/services/version-control.scm | 48
> +++++++++++++++++++------------- 2 files changed, 30 insertions(+),
> 22 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 8073e3f6d496..ba12f249a98b 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -38981,8 +38981,8 @@ Version Control Services
> @item @code{port} (default: @code{8080})
> The port on which gitile is listening.
>
> -@item @code{database} (default:
> @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database.
> +@item @code{home-directory} (default: @code{"/var/lib/gitile"})
> +Directory in which to store the Gitile database.
>
> @item @code{repositories} (default:
> @code{"/var/lib/gitolite/repositories"}) The location of the
> repositories. Note that only public repositories will diff --git
> a/gnu/services/version-control.scm b/gnu/services/version-control.scm
> index 14ff0a59a6b0..7fedd7327d6e 100644 ---
> a/gnu/services/version-control.scm +++
> b/gnu/services/version-control.scm @@ -68,7 +68,7 @@ (define-module
> (gnu services version-control) gitile-configuration-package
> gitile-configuration-host
> gitile-configuration-port
> - gitile-configuration-database
> + gitile-configuration-home-directory
> gitile-configuration-repositories
> gitile-configuration-git-base-url
> gitile-configuration-index-title
> @@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
> (default "127.0.0.1"))
> (port gitile-configuration-port
> (default 8080))
> - (database gitile-configuration-database
> - (default "/var/lib/gitile/gitile-db.sql"))
> + (home-directory gitile-configuration-home-directory
> + (default "/var/lib/gitile"))
> (repositories gitile-configuration-repositories
> (default "/var/lib/gitolite/repositories"))
> (base-git-url gitile-configuration-base-git-url)
> @@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
> (default '()))
> (nginx gitile-configuration-nginx))
>
> -(define (gitile-config-file host port database repositories
> base-git-url +(define (gitile-config-file host port home-directory
> repositories base-git-url index-title intro footer)
> (define build
> #~(write `(config
> (port #$port)
> (host #$host)
> - (database #$database)
> + (database #$(string-append home-directory
> "/gitile-db.sql")) (repositories #$repositories)
> (base-git-url #$base-git-url)
> (index-title #$index-title)
> @@ -459,9 +459,14 @@ (define (gitile-config-file host port database
> repositories base-git-url
> (computed-file "gitile.conf" build))
>
> +(define (gitile-activation config)
> + (match-record config <gitile-configuration> (home-directory)
> + #~(with-output-to-file #$(string-append home-directory
> "/.gitconfig")
> + (lambda () (display "[safe]\n directory = *\n")))))
> +
> (define gitile-nginx-server-block
> (match-lambda
> - (($ <gitile-configuration> package host port database
> repositories
> + (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
> (list (nginx-server-configuration
> (inherit nginx)
> @@ -487,7 +492,7 @@ (define gitile-nginx-server-block
>
> (define gitile-shepherd-service
> (match-lambda
> - (($ <gitile-configuration> package host port database
> repositories
> + (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
> (list (shepherd-service
> (provision '(gitile))
> @@ -496,7 +501,7 @@ (define gitile-shepherd-service
> (start (let ((gitile (file-append package
> "/bin/gitile"))) #~(make-forkexec-constructor
> `(,#$gitile "-c" #$(gitile-config-file
> - host port database
> + host port
> home-directory repositories
> base-git-url
> index-title intro footer))
> @@ -504,17 +509,18 @@ (define gitile-shepherd-service
> #:group "git")))
> (stop #~(make-kill-destructor)))))))
>
> -(define %gitile-accounts
> - (list (user-group
> - (name "git")
> - (system? #t))
> - (user-account
> - (name "gitile")
> - (group "git")
> - (system? #t)
> - (comment "Gitile user")
> - (home-directory "/var/empty")
> - (shell (file-append shadow "/sbin/nologin")))))
> +(define (gitile-accounts config)
> + (match-record config <gitile-configuration> (home-directory)
> + (list (user-group
> + (name "git")
> + (system? #t))
> + (user-account
> + (name "gitile")
> + (group "git")
> + (system? #t)
> + (comment "Gitile user")
> + (home-directory home-directory)
> + (shell (file-append shadow "/sbin/nologin"))))))
>
> (define gitile-service-type
> (service-type
> @@ -523,7 +529,9 @@ (define gitile-service-type
> on the web.")
> (extensions
> (list (service-extension account-service-type
> - (const %gitile-accounts))
> + gitile-accounts)
> + (service-extension activation-service-type
> + gitile-activation)
> (service-extension shepherd-root-service-type
> gitile-shepherd-service)
> (service-extension nginx-service-type
>
> base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
guix-patches <at> gnu.org:bug#71143; Package guix-patches.
(Sun, 26 May 2024 12:13:01 GMT) Full text and rfc822 format available.Message #14 received at 71143 <at> debbugs.gnu.org (full text, mbox):
From: Nguyễn Gia Phong <mcsinyx <at> disroot.org> To: <71143 <at> debbugs.gnu.org>, "Julien Lepiller" <julien <at> lepiller.eu> Subject: Re: [PATCH v2] services: gitile: Opt out of Git safe dir check. Date: Sun, 26 May 2024 21:11:48 +0900
[Message part 1 (text/plain, inline)]
On 2024-05-24 at 07:28+02:00, Julien Lepiller wrote: > On 2024-05-23 at 19:28+09:00, Nguyễn Gia Phong wrote: > > * gnu/services/version-control.scm (gitile-activation): New function > > creating Git config file for user gitile setting safe.directory > > to * (all directories), so libgit parses directories not owned > > by gitile user in gitile-configuration-repositories. > > I think it would be better if we had safe-directory = repositories, > instead of *. Otherwise, looks good. Thanks, although * seems to be magic string rather than a glob pattern: https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory Setting safe-directory to repositories or repositories/* doesn't make it work for me. P.S. Huh for some reason GNU Debbugs keep bouncing mails from loang.net.
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#71143; Package guix-patches.
(Mon, 05 Aug 2024 08:13:02 GMT) Full text and rfc822 format available.Message #17 received at 71143 <at> debbugs.gnu.org (full text, mbox):
From: Evgeny Pisemsky <mail <at> pisemsky.site> To: 71143 <at> debbugs.gnu.org Subject: Re: [PATCH] services: gitile: Opt out of Git safe dir check. Date: Mon, 05 Aug 2024 11:11:52 +0300
[Message part 1 (text/plain, inline)]
In the meantime I did some searching and found out that owner check can be disabled right from guile without any external config files: https://gitlab.com/guile-git/guile-git/-/blob/47541c4eb28ca81530b5541834a4d105a808954f/git/settings.scm#L77 Attached example of gitile package with modified source that works for me with existing service. It can even be made optional in gitile code.
[gitile.scm (application/octet-stream, attachment)]
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.