Received: (at 72400) by debbugs.gnu.org; 5 Aug 2024 10:14:26 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Aug 05 06:14:26 2024 Received: from localhost ([127.0.0.1]:57967 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1saujR-0006cO-P5 for submit <at> debbugs.gnu.org; Mon, 05 Aug 2024 06:14:26 -0400 Received: from roxy-shared.hosting.energy ([137.74.182.160]:44088 helo=roxy.hosting.energy) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <mail@HIDDEN>) id 1saujP-0006c1-Rh for 72400 <at> debbugs.gnu.org; Mon, 05 Aug 2024 06:14:24 -0400 Received: from [45.137.112.13] (helo=laptop) by roxy.hosting.energy with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from <mail@HIDDEN>) id 1sauiy-000000007l4-18rE; Mon, 05 Aug 2024 13:13:56 +0300 From: Evgeny Pisemsky <mail@HIDDEN> To: =?utf-8?Q?Nguy=E1=BB=85n?= Gia Phong <mcsinyx@HIDDEN> Subject: Re: [PATCH] services: gitile: Allow to set user and group. In-Reply-To: <D35K5Z1Y8NE5.WSFOEXAOJOA@HIDDEN> (=?utf-8?Q?=22Nguy?= =?utf-8?Q?=E1=BB=85n?= Gia Phong"'s message of "Sat, 03 Aug 2024 01:15:15 +0900") References: <87frroeinc.fsf@HIDDEN> <D35K5Z1Y8NE5.WSFOEXAOJOA@HIDDEN> Date: Mon, 05 Aug 2024 13:13:52 +0300 Message-ID: <87ikwfffa7.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Scanned-By: ClamAV 0.101.4; Mon, 05 Aug 2024 13:13:56 +0300 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 72400 Cc: julien@HIDDEN, 72400 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Nguy=E1=BB=85n Gia Phong <mcsinyx@HIDDEN> writes: > Seconded, and IMHO the Guix service documentation should mention > that the default user for gitile is to match the owner > of the repositories: As I understand running from git is not secure as it gives gitile write access to the repos with possibility to corrupt them on error. I've commented at #71143 about fixing group access for gitile. TLDR: > (use-modules (git settings)) > (set-owner-validation! #f) > (run-server ...) I agree that documentation update is needed. IMO the following, while being a breaking change, can make the service more sane and flexible: 1. Allow to change user and group as proposed in the initial patch. 2. Set default user and group to "gitile" and document that if they changed to other values, they expected to exist on a system, to avoid warnings like "the following groups appear more than once". 3. Remove the default value of the "repositories" field to enforce users to specify what they want to serve. Document that gitile's user/group must have at least read access to this directory. 4. Provide configuration for gitolite as an example, not as default. 5. Remove unnecessary fields like "database" from configuration. I'm interested what authors and maintainers think about all of this.
guix-patches@HIDDEN:bug#72400; Package guix-patches.
Full text available.
Received: (at 72400) by debbugs.gnu.org; 2 Aug 2024 16:15:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Aug 02 12:15:48 2024
Received: from localhost ([127.0.0.1]:53690 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sZuwV-000557-O9
for submit <at> debbugs.gnu.org; Fri, 02 Aug 2024 12:15:47 -0400
Received: from layka.disroot.org ([178.21.23.139]:38908)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <mcsinyx@HIDDEN>) id 1sZuwT-00054y-Je
for 72400 <at> debbugs.gnu.org; Fri, 02 Aug 2024 12:15:46 -0400
Received: from localhost (localhost [127.0.0.1])
by disroot.org (Postfix) with ESMTP id 9717D41941;
Fri, 2 Aug 2024 18:15:25 +0200 (CEST)
X-Virus-Scanned: SPAM Filter at disroot.org
Received: from layka.disroot.org ([127.0.0.1])
by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 4mJUeQChZ2cT; Fri, 2 Aug 2024 18:15:24 +0200 (CEST)
Mime-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
t=1722615324; bh=aXG1Oh07GVZPaPCA8bdxW1lcrIEYy7SImxeI/B7hQQU=;
h=Date:Subject:To:From:Cc:References:In-Reply-To;
b=Zy++TMzAoYm0YZ5vKlRfGRQpvWQeRhyLGQ2O0uh9E1VJ0qbw29TUVcOiEZwuzrQHU
ndXW5fETrqZsKNToOop6At/3g5Ynl857oz3ii7j0a3kYpj6AJwhEF00qHz+79p4zLG
BKyfDwFFAntnuzsnV5gDAhkwlxz3bsB+MeffgyQgPZg4vsYiaHzmZe2QVrcNMKksbZ
E3zJ4a6Br9KLI1ckC1ma7rDHjLE7s5lzO/Evccb7U6A5KxMVNichrx8KCiiB9eszLn
5NM/afvJVlTcvJkomsl7yXayZ83t/3EfMNWsHB3zqLOLaS76OTujciThpBauVgyYKU
RseNuMUTsRIFw==
Content-Type: multipart/signed;
boundary=d23ab33c941c6d18b9ce184926d6c9763ec621c2efc7aa0627c7ed03917f;
micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Sat, 03 Aug 2024 01:15:15 +0900
Message-Id: <D35K5Z1Y8NE5.WSFOEXAOJOA@HIDDEN>
Subject: Re: [PATCH] services: gitile: Allow to set user and group.
To: "Evgeny Pisemsky" <mail@HIDDEN>, <72400 <at> debbugs.gnu.org>
From: =?utf-8?q?Nguy=E1=BB=85n_Gia_Phong?= <mcsinyx@HIDDEN>
References: <87frroeinc.fsf@HIDDEN>
In-Reply-To: <87frroeinc.fsf@HIDDEN>
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 72400
Cc: julien@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--d23ab33c941c6d18b9ce184926d6c9763ec621c2efc7aa0627c7ed03917f
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
On 2024-08-01 at 11:45+03:00, Evgeny Pisemsky wrote:
> Hello! It does not work, and that is the reason for this patch.
>
> At this point group access is not enough, I have to run gitile from
> git user (of gitolite) who owns repositories. Same for fcgiwrap.
>
> Changing default user to git may be quite radical, but since the
> documentation states this:
>
> > Gitile works best in collaboration with Gitolite, and will serve the
> > public repositories from Gitolite by default.
>
> I think it is sane.
Seconded, and IMHO the Guix service documentation should mention
that the default user for gitile is to match the owner
of the repositories:
On 2024-07-31 at 18:00+03:00, Evgeny Pisemsky wrote:
+@item @code{user} (default: @code{"git"})
+Owner of the @code{gitile} process.
--d23ab33c941c6d18b9ce184926d6c9763ec621c2efc7aa0627c7ed03917f
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQHIBAABCAAyFiEE6Q4RuASTNDthMuOUJxSLLAaiIksFAmatBhcUHG1jc2lueXhA
ZGlzcm9vdC5vcmcACgkQJxSLLAaiIkvXQAv/eK6YlzjBpk1uPM24Q6ILq6ylWI7Y
V8HvJPDWdxvj/YZq3OjuxOJNtcidHxIaEWyKpjvl3LY4bxILyxIwq4slqor0HbYv
IvU5KiV92EpKCgCiGrSDiG8SSR1H0c1oz78z2nIo65mwubGhziBEHGgNPvGcUg97
4dC+shtSIpsA2VPKvYxztjX5F0suJZZ2Ypq8PNnOiIc/U3Eqree1bfQ0+5UMOPI7
86tvYdh0Fp+58H0ZXWdUUgw1hsbiuBfB0ZKZZSiAFBa6mmnLKytJLUH4UXdLEPJY
8hNYgb/Vr5omc2NmNwdTdil5bjpvuKHmBUrKt2/76gNINKoj5p5N6twAn9QzIukj
8P3woaXzuvaoRgUdehu+ytUfnvqYlGz5JO6YrEfOh7P3iwRbad+bZrYigmwXyHJa
fFgCnHn9FfImXdeLTeslNNIdP+kaDMW0WSaaPBLxTfTnTFlnih8Mwt6wYzzQt1T3
4q8jenVH6p7J/AHqRTYe6eASU472vAM7Y9wJ
=I39M
-----END PGP SIGNATURE-----
--d23ab33c941c6d18b9ce184926d6c9763ec621c2efc7aa0627c7ed03917f--
guix-patches@HIDDEN:bug#72400; Package guix-patches.
Full text available.Received: (at 72400) by debbugs.gnu.org; 1 Aug 2024 08:45:43 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Aug 01 04:45:43 2024 Received: from localhost ([127.0.0.1]:50849 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sZRRP-00055D-3D for submit <at> debbugs.gnu.org; Thu, 01 Aug 2024 04:45:43 -0400 Received: from roxy-shared.hosting.energy ([137.74.182.160]:55146 helo=roxy.hosting.energy) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <mail@HIDDEN>) id 1sZRRM-00054v-Td for 72400 <at> debbugs.gnu.org; Thu, 01 Aug 2024 04:45:41 -0400 Received: from [45.137.112.91] (helo=laptop) by roxy.hosting.energy with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from <mail@HIDDEN>) id 1sZRR0-000000005d9-2WVP; Thu, 01 Aug 2024 11:45:18 +0300 From: Evgeny Pisemsky <mail@HIDDEN> To: 72400 <at> debbugs.gnu.org Subject: Re: [PATCH] services: gitile: Allow to set user and group. Date: Thu, 01 Aug 2024 11:45:11 +0300 Message-ID: <87frroeinc.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 72400 Cc: mcsinyx@HIDDEN, julien@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hello! It does not work, and that is the reason for this patch. At this point group access is not enough, I have to run gitile from git user (of gitolite) who owns repositories. Same for fcgiwrap. This problem is related to the change in libgit2, and for a long time I just kept it downgraded, but this cannot be forever. I also tried to play with safe-directory option without any success, but even if it worked setting config for every service that works with git seems like a huge overhead. Changing default user to git may be quite radical, but since the documentation states this: > Gitile works best in collaboration with Gitolite, and will serve the > public repositories from Gitolite by default. I think it is sane.
guix-patches@HIDDEN:bug#72400; Package guix-patches.
Full text available.Received: (at 72400) by debbugs.gnu.org; 1 Aug 2024 03:16:11 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jul 31 23:16:11 2024 Received: from localhost ([127.0.0.1]:50616 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sZMIU-0004c8-MI for submit <at> debbugs.gnu.org; Wed, 31 Jul 2024 23:16:10 -0400 Received: from layka.disroot.org ([178.21.23.139]:53380) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <mcsinyx@HIDDEN>) id 1sZMIS-0004bz-OG for 72400 <at> debbugs.gnu.org; Wed, 31 Jul 2024 23:16:09 -0400 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id EC16D412FF; Thu, 1 Aug 2024 05:15:50 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3C-yTXzjhfW7; Thu, 1 Aug 2024 05:15:50 +0200 (CEST) MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1722482150; bh=gNkD2lmQ3Lu9ulhJjpPgO9bT33vlnbYEcEpEYgsKSls=; h=Date:From:To:Cc:Subject; b=TRqby7SaF5cKa8YG1lBEKDSsa8akD+/g/KKdJrH95l4YEdp6WrC7bSfDgSKngaNNS xdyieuS/6GOfSzJ20zEuuQA8NUWcZyg+9NdzKiqGcYpf6U5APZ5uiRIwCNuUSyCXxo B+Su7vhT5IzuvBk2dvNlZID7OrQA6wlZElSMeOH32Uh9StbYj8P1xpb78YJaD2WuFv Y0wFyJBKyXoGQ+cZYfoopnZN6LJ5ILCwwHQMrqyuyQ2WYCHG5KRMiCHiXlZ3er0blA VINwcY2o2VkTWXlXduuP0nn5P2SCAsVhOWQkTS8+cK0Ft0hKrjO3oMI11qJ8J0Y2dS W3WwJeKohmqSg== Date: Thu, 01 Aug 2024 03:15:49 +0000 From: =?UTF-8?Q?Nguy=E1=BB=85n_Gia_Phong?= <mcsinyx@HIDDEN> To: 72400 <at> debbugs.gnu.org Subject: Re: [PATCH] services: gitile: Allow to set user and group. Message-ID: <cbf724453a33a16165dc78ce80ccbf5c@HIDDEN> X-Sender: mcsinyx@HIDDEN Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 72400 Cc: julien@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi, does the default gitile user work for you out of the box? I'm asking as I'm speculating you have the git user own the repositories. I sent out https://issues.guix.gnu.org/71143#1 a while ago to fix it.
guix-patches@HIDDEN:bug#72400; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 31 Jul 2024 15:01:27 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jul 31 11:01:27 2024
Received: from localhost ([127.0.0.1]:50133 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sZApS-0002ht-GO
for submit <at> debbugs.gnu.org; Wed, 31 Jul 2024 11:01:26 -0400
Received: from lists.gnu.org ([209.51.188.17]:41364)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <mail@HIDDEN>) id 1sZApP-0002hh-A5
for submit <at> debbugs.gnu.org; Wed, 31 Jul 2024 11:01:24 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <mail@HIDDEN>)
id 1sZAp7-0007aL-2E
for guix-patches@HIDDEN; Wed, 31 Jul 2024 11:01:05 -0400
Received: from roxy-shared.hosting.energy ([137.74.182.160]
helo=roxy.hosting.energy)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <mail@HIDDEN>)
id 1sZAp3-0001D7-Is
for guix-patches@HIDDEN; Wed, 31 Jul 2024 11:01:04 -0400
Received: from [45.137.112.91] (helo=laptop)
by roxy.hosting.energy with esmtpsa (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1)
(envelope-from <mail@HIDDEN>) id 1sZAp1-000000007FG-2B84
for guix-patches@HIDDEN; Wed, 31 Jul 2024 18:00:59 +0300
From: Evgeny Pisemsky <mail@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] services: gitile: Allow to set user and group.
Date: Wed, 31 Jul 2024 18:00:55 +0300
Message-ID: <87sevpehco.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: attachment;
filename=0001-services-gitile-Allow-to-set-user-and-group.patch
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=137.74.182.160; envelope-from=mail@HIDDEN;
helo=roxy.hosting.energy
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_FAIL=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
From 91ec60142ea1220cf4a87883915bf086e1344f69 Mon Sep 17 00:00:00 2001
Message-ID: <91ec60142ea1220cf4a87883915bf086e1344f69.1722437974.git.mail@p=
isemsky.site>
From: Evgeny Pisemsky <mail@HIDDEN>
Date: Wed, 31 Jul 2024 17:30:50 +0300
Subject: [PATCH] services: gitile: Allow to set user and group.
Change-Id: I757d7a6c2690326272f0437eda2ba4b2fae409a0
---
doc/guix.texi | 7 +++++
gnu/services/version-control.scm | 45 ++++++++++++++++++++------------
2 files changed, 36 insertions(+), 16 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 41814042f5..9b04a0b0e5 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -129,6 +129,7 @@
Copyright @copyright{} 2024 Richard Sent@*
Copyright @copyright{} 2024 Dariqq@*
Copyright @copyright{} 2024 Denis 'GNUtoo' Carikli@*
+Copyright @copyright{} 2024 Evgeny Pisemsky@*
=20
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -39287,6 +39288,12 @@ Version Control Services
The footer content, as a list of sxml expressions. This is shown on every
page served by Gitile.
=20
+@item @code{user} (default: @code{"git"})
+Owner of the @code{gitile} process.
+
+@item @code{group} (default: @code{"git"})
+Owner's group of the @code{gitile} process.
+
@item @code{nginx}
An nginx server block that will be extended and used as a reverse proxy by
Gitile to serve its pages, and as a normal web server to serve its assets.
diff --git a/gnu/services/version-control.scm b/gnu/services/version-contro=
l.scm
index 14ff0a59a6..d61675345f 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -5,6 +5,7 @@
;;; Copyright =C2=A9 2017 Cl=C3=A9ment Lassieur <clement@HIDDEN>
;;; Copyright =C2=A9 2018 Christopher Baines <mail@HIDDEN>
;;; Copyright =C2=A9 2021 Julien Lepiller <julien@HIDDEN>
+;;; Copyright =C2=A9 2024 Evgeny Pisemsky <mail@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -74,6 +75,8 @@ (define-module (gnu services version-control)
gitile-configuration-index-title
gitile-configuration-intro
gitile-configuration-footer
+ gitile-configuration-user
+ gitile-configuration-group
gitile-configuration-nginx
=20
gitile-service-type))
@@ -441,6 +444,10 @@ (define-record-type* <gitile-configuration>
(default '()))
(footer gitile-configuration-footer
(default '()))
+ (user gitile-configuration-user
+ (default "git"))
+ (group gitile-configuration-group
+ (default "git"))
(nginx gitile-configuration-nginx))
=20
(define (gitile-config-file host port database repositories base-git-url
@@ -462,7 +469,7 @@ (define (gitile-config-file host port database reposito=
ries base-git-url
(define gitile-nginx-server-block
(match-lambda
(($ <gitile-configuration> package host port database repositories
- base-git-url index-title intro footer nginx)
+ base-git-url index-title intro footer user group nginx)
(list (nginx-server-configuration
(inherit nginx)
(locations
@@ -488,7 +495,7 @@ (define gitile-nginx-server-block
(define gitile-shepherd-service
(match-lambda
(($ <gitile-configuration> package host port database repositories
- base-git-url index-title intro footer nginx)
+ base-git-url index-title intro footer user group nginx)
(list (shepherd-service
(provision '(gitile))
(requirement '(loopback))
@@ -500,21 +507,27 @@ (define gitile-shepherd-service
repositories
base-git-url index-title
intro footer))
- #:user "gitile"
- #:group "git")))
+ #:user #$user
+ #:group #$group)))
(stop #~(make-kill-destructor)))))))
=20
-(define %gitile-accounts
- (list (user-group
- (name "git")
- (system? #t))
- (user-account
- (name "gitile")
- (group "git")
- (system? #t)
- (comment "Gitile user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
+(define (gitile-accounts config)
+ (let ((user (gitile-configuration-user config))
+ (group (gitile-configuration-group config)))
+ (filter identity
+ (list
+ (and (equal? group "gitile")
+ (user-group
+ (name "gitile")
+ (system? #t)))
+ (and (equal? user "gitile")
+ (user-account
+ (name "gitile")
+ (group group)
+ (system? #t)
+ (comment "Gitile user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin"))))))))
=20
(define gitile-service-type
(service-type
@@ -523,7 +536,7 @@ (define gitile-service-type
on the web.")
(extensions
(list (service-extension account-service-type
- (const %gitile-accounts))
+ gitile-accounts)
(service-extension shepherd-root-service-type
gitile-shepherd-service)
(service-extension nginx-service-type
base-commit: 01d4363168ed10ea223047f7a7b83201f161ec0b
--=20
2.45.2
Evgeny Pisemsky <mail@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#72400; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.