From patchwork Thu May 23 10:19:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "ashish.is--- via Guix-patches\" via" X-Patchwork-Id: 64847 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 65B7B27BBE9; Thu, 23 May 2024 11:22:19 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 3F69A27BBE2 for ; Thu, 23 May 2024 11:22:17 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sA5aJ-0003GO-RW; Thu, 23 May 2024 06:22:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sA5aF-0003Fi-7e for guix-patches@gnu.org; Thu, 23 May 2024 06:22:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sA5aE-000088-1g; Thu, 23 May 2024 06:22:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sA5aE-0006eI-O2; Thu, 23 May 2024 06:22:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#71143] [PATCH] services: gitile: Opt out of Git safe dir check. Resent-From: =?utf-8?b?Tmd1eeG7hW4=?= Gia Phong Original-Sender: "Debbugs-submit" Resent-CC: pelzflorian@pelzflorian.de, ludo@gnu.org, matt@excalamus.com, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Thu, 23 May 2024 10:22:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 71143 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 71143@debbugs.gnu.org Cc: =?utf-8?b?Tmd1eeG7hW4=?= Gia Phong , Florian Pelz , Ludovic =?utf-8?q?Court=C3=A8s?= , Matthew Trzcinski , Maxim Cournoyer X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Florian Pelz , Ludovic =?utf-8?q?Court=C3=A8s?= , Matthew Trzcinski , Maxim Cournoyer Received: via spool by submit@debbugs.gnu.org id=B.171645966425533 (code B ref -1); Thu, 23 May 2024 10:22:02 +0000 Received: (at submit) by debbugs.gnu.org; 23 May 2024 10:21:04 +0000 Received: from localhost ([127.0.0.1]:58882 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sA5ZD-0006dN-Jj for submit@debbugs.gnu.org; Thu, 23 May 2024 06:21:04 -0400 Received: from lists.gnu.org ([209.51.188.17]:33162) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sA5Z8-0006dH-Qg for submit@debbugs.gnu.org; Thu, 23 May 2024 06:20:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sA5Yt-0001xr-Rb for guix-patches@gnu.org; Thu, 23 May 2024 06:20:41 -0400 Received: from layka.disroot.org ([178.21.23.139]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sA5Yr-00083U-MZ for guix-patches@gnu.org; Thu, 23 May 2024 06:20:39 -0400 X-Virus-Scanned: SPAM Filter at disroot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1716459634; bh=i4nl3B6lo3BEhYPvHskgUEz7zO4af+6179RdwdOG6Z0=; h=From:To:Cc:Subject:Date; b=Zm6KhO8A0+rgxTjg+DVJmgxb+uXOAadN4sTtKxJc9d/PhiGffC0whUqXZ7xq3U013 oHAldrxSPX+SWQrEVxI70Pd/e883tc0mGcC+TIvh0ts359dKi47Eib53RyZmxDzHYX hhJ3PdVYpr2oU5AjcaSYs01UtCC7nmpbUmEAsrAm+mfNAzeEqFrtZ2d0Ab4tHkxfn1 U7QQ5S62HMzvs6Ed2KmIOYeVLt0TzNQVvT7XF5+mYE5yiyXTAjPph2dQotkmLqAWc9 8SF1X9kMJY4FUmQ3qUSepy4hv8Y7sk2OsOPurYZhsgAqr389HbZn94kfaCt8GrClFx QofyrZmn/IF8Q== Date: Thu, 23 May 2024 19:19:41 +0900 Message-ID: <604e51b2f51141b2b8d1d3d71bf9412ab7760563.1716459581.git.mcsinyx@disroot.org> MIME-Version: 1.0 Received-SPF: pass client-ip=178.21.23.139; envelope-from=mcsinyx@disroot.org; helo=layka.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: =?utf-8?b?Tmd1eeG7hW4=?= Gia Phong X-ACL-Warn: , =?utf-8?q?Nguy=E1=BB=85n_Gia_Phong_via_Guix-patches?= X-Patchwork-Original-From: guix-patches--- via From: "ashish.is--- via Guix-patches\" via" Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/version-control.scm (gitile-configuration): Add home-directory field for Git configuration file. It also stores Gitile's database, so remove the (now redundant) database field. * gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts. * gnu/services/version-control.scm (gitile-accounts): Add configurable home directory. * doc/gnu.texi (Gitile Service): Document it. * gnu/services/version-control.scm (gitile-activation): New function creating Git config file for user gitile setting safe.directory to * (all directories), so libgit parses directories not owned by gitile user in gitile-configuration-repositories. Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950 --- doc/guix.texi | 4 +-- gnu/services/version-control.scm | 46 +++++++++++++++++++------------- 2 files changed, 29 insertions(+), 21 deletions(-) base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181 diff --git a/doc/guix.texi b/doc/guix.texi index 8073e3f6d496..ba12f249a98b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -38981,8 +38981,8 @@ Version Control Services @item @code{port} (default: @code{8080}) The port on which gitile is listening. -@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database. +@item @code{home-directory} (default: @code{"/var/lib/gitile"}) +Directory in which to store the Gitile database. @item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"}) The location of the repositories. Note that only public repositories will diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index 14ff0a59a6b0..00ca7b600efc 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -430,8 +430,8 @@ (define-record-type* (default "127.0.0.1")) (port gitile-configuration-port (default 8080)) - (database gitile-configuration-database - (default "/var/lib/gitile/gitile-db.sql")) + (home-directory gitile-configuration-home-directory + (default "/var/lib/gitile")) (repositories gitile-configuration-repositories (default "/var/lib/gitolite/repositories")) (base-git-url gitile-configuration-base-git-url) @@ -443,13 +443,13 @@ (define-record-type* (default '())) (nginx gitile-configuration-nginx)) -(define (gitile-config-file host port database repositories base-git-url +(define (gitile-config-file host port home-directory repositories base-git-url index-title intro footer) (define build #~(write `(config (port #$port) (host #$host) - (database #$database) + (database #$(string-append home-directory "/gitile-db.sql")) (repositories #$repositories) (base-git-url #$base-git-url) (index-title #$index-title) @@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url (computed-file "gitile.conf" build)) +(define (gitile-activation config) + (match-record config (home-directory) + #~(with-output-to-file #$(string-append home-directory "/.gitconfig") + (lambda () (display "[safe]\n directory = *\n"))))) + (define gitile-nginx-server-block (match-lambda - (($ package host port database repositories + (($ package host port home-directory repositories base-git-url index-title intro footer nginx) (list (nginx-server-configuration (inherit nginx) @@ -487,7 +492,7 @@ (define gitile-nginx-server-block (define gitile-shepherd-service (match-lambda - (($ package host port database repositories + (($ package host port home-directory repositories base-git-url index-title intro footer nginx) (list (shepherd-service (provision '(gitile)) @@ -496,7 +501,7 @@ (define gitile-shepherd-service (start (let ((gitile (file-append package "/bin/gitile"))) #~(make-forkexec-constructor `(,#$gitile "-c" #$(gitile-config-file - host port database + host port home-directory repositories base-git-url index-title intro footer)) @@ -504,17 +509,18 @@ (define gitile-shepherd-service #:group "git"))) (stop #~(make-kill-destructor))))))) -(define %gitile-accounts - (list (user-group - (name "git") - (system? #t)) - (user-account - (name "gitile") - (group "git") - (system? #t) - (comment "Gitile user") - (home-directory "/var/empty") - (shell (file-append shadow "/sbin/nologin"))))) +(define (gitile-accounts config) + (match-record config (home-directory) + (list (user-group + (name "git") + (system? #t)) + (user-account + (name "gitile") + (group "git") + (system? #t) + (comment "Gitile user") + (home-directory home-directory) + (shell (file-append shadow "/sbin/nologin")))))) (define gitile-service-type (service-type @@ -523,7 +529,9 @@ (define gitile-service-type on the web.") (extensions (list (service-extension account-service-type - (const %gitile-accounts)) + gitile-accounts) + (service-extension activation-service-type + gitile-activation) (service-extension shepherd-root-service-type gitile-shepherd-service) (service-extension nginx-service-type