| Message ID | 854ccfeb2cf910eda609a026e865b595e64e0cc4.1716460093.git.mcsinyx@disroot.org |
|---|---|
| State | New |
| Headers | show |
| Series | [bug#71143,v2] services: gitile: Opt out of Git safe dir check. | expand |
Hi, I think it would be better if we had safe-directory = repositories, instead of *. Otherwise, looks good. It seems I cheated on my server and rewrote the service to use user "git" instead, which owns the repositories. Le Thu, 23 May 2024 19:28:13 +0900, guix-patches--- via <guix-patches@gnu.org> a écrit : > * gnu/services/version-control.scm (gitile-configuration): > Add home-directory field for Git configuration file. It also stores > Gitile's database, so remove the (now redundant) database field. > * gnu/services/version-control.scm (%gitile-accounts): Move to > gitile-accounts. > * gnu/services/version-control.scm (gitile-accounts): Add configurable > home directory. > * doc/gnu.texi (Gitile Service): Document it. > * gnu/services/version-control.scm (gitile-activation): New function > creating Git config file for user gitile setting safe.directory > to * (all directories), so libgit parses directories not owned > by gitile user in gitile-configuration-repositories. > > Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950 > --- > I accidentally staged the record export hunk to another commit. > doc/guix.texi | 4 +-- > gnu/services/version-control.scm | 48 > +++++++++++++++++++------------- 2 files changed, 30 insertions(+), > 22 deletions(-) > > diff --git a/doc/guix.texi b/doc/guix.texi > index 8073e3f6d496..ba12f249a98b 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -38981,8 +38981,8 @@ Version Control Services > @item @code{port} (default: @code{8080}) > The port on which gitile is listening. > > -@item @code{database} (default: > @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database. > +@item @code{home-directory} (default: @code{"/var/lib/gitile"}) > +Directory in which to store the Gitile database. > > @item @code{repositories} (default: > @code{"/var/lib/gitolite/repositories"}) The location of the > repositories. Note that only public repositories will diff --git > a/gnu/services/version-control.scm b/gnu/services/version-control.scm > index 14ff0a59a6b0..7fedd7327d6e 100644 --- > a/gnu/services/version-control.scm +++ > b/gnu/services/version-control.scm @@ -68,7 +68,7 @@ (define-module > (gnu services version-control) gitile-configuration-package > gitile-configuration-host > gitile-configuration-port > - gitile-configuration-database > + gitile-configuration-home-directory > gitile-configuration-repositories > gitile-configuration-git-base-url > gitile-configuration-index-title > @@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration> > (default "127.0.0.1")) > (port gitile-configuration-port > (default 8080)) > - (database gitile-configuration-database > - (default "/var/lib/gitile/gitile-db.sql")) > + (home-directory gitile-configuration-home-directory > + (default "/var/lib/gitile")) > (repositories gitile-configuration-repositories > (default "/var/lib/gitolite/repositories")) > (base-git-url gitile-configuration-base-git-url) > @@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration> > (default '())) > (nginx gitile-configuration-nginx)) > > -(define (gitile-config-file host port database repositories > base-git-url +(define (gitile-config-file host port home-directory > repositories base-git-url index-title intro footer) > (define build > #~(write `(config > (port #$port) > (host #$host) > - (database #$database) > + (database #$(string-append home-directory > "/gitile-db.sql")) (repositories #$repositories) > (base-git-url #$base-git-url) > (index-title #$index-title) > @@ -459,9 +459,14 @@ (define (gitile-config-file host port database > repositories base-git-url > (computed-file "gitile.conf" build)) > > +(define (gitile-activation config) > + (match-record config <gitile-configuration> (home-directory) > + #~(with-output-to-file #$(string-append home-directory > "/.gitconfig") > + (lambda () (display "[safe]\n directory = *\n"))))) > + > (define gitile-nginx-server-block > (match-lambda > - (($ <gitile-configuration> package host port database > repositories > + (($ <gitile-configuration> package host port home-directory > repositories base-git-url index-title intro footer nginx) > (list (nginx-server-configuration > (inherit nginx) > @@ -487,7 +492,7 @@ (define gitile-nginx-server-block > > (define gitile-shepherd-service > (match-lambda > - (($ <gitile-configuration> package host port database > repositories > + (($ <gitile-configuration> package host port home-directory > repositories base-git-url index-title intro footer nginx) > (list (shepherd-service > (provision '(gitile)) > @@ -496,7 +501,7 @@ (define gitile-shepherd-service > (start (let ((gitile (file-append package > "/bin/gitile"))) #~(make-forkexec-constructor > `(,#$gitile "-c" #$(gitile-config-file > - host port database > + host port > home-directory repositories > base-git-url > index-title intro footer)) > @@ -504,17 +509,18 @@ (define gitile-shepherd-service > #:group "git"))) > (stop #~(make-kill-destructor))))))) > > -(define %gitile-accounts > - (list (user-group > - (name "git") > - (system? #t)) > - (user-account > - (name "gitile") > - (group "git") > - (system? #t) > - (comment "Gitile user") > - (home-directory "/var/empty") > - (shell (file-append shadow "/sbin/nologin"))))) > +(define (gitile-accounts config) > + (match-record config <gitile-configuration> (home-directory) > + (list (user-group > + (name "git") > + (system? #t)) > + (user-account > + (name "gitile") > + (group "git") > + (system? #t) > + (comment "Gitile user") > + (home-directory home-directory) > + (shell (file-append shadow "/sbin/nologin")))))) > > (define gitile-service-type > (service-type > @@ -523,7 +529,9 @@ (define gitile-service-type > on the web.") > (extensions > (list (service-extension account-service-type > - (const %gitile-accounts)) > + gitile-accounts) > + (service-extension activation-service-type > + gitile-activation) > (service-extension shepherd-root-service-type > gitile-shepherd-service) > (service-extension nginx-service-type > > base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
diff --git a/doc/guix.texi b/doc/guix.texi index 8073e3f6d496..ba12f249a98b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -38981,8 +38981,8 @@ Version Control Services @item @code{port} (default: @code{8080}) The port on which gitile is listening. -@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database. +@item @code{home-directory} (default: @code{"/var/lib/gitile"}) +Directory in which to store the Gitile database. @item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"}) The location of the repositories. Note that only public repositories will diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index 14ff0a59a6b0..7fedd7327d6e 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -68,7 +68,7 @@ (define-module (gnu services version-control) gitile-configuration-package gitile-configuration-host gitile-configuration-port - gitile-configuration-database + gitile-configuration-home-directory gitile-configuration-repositories gitile-configuration-git-base-url gitile-configuration-index-title @@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration> (default "127.0.0.1")) (port gitile-configuration-port (default 8080)) - (database gitile-configuration-database - (default "/var/lib/gitile/gitile-db.sql")) + (home-directory gitile-configuration-home-directory + (default "/var/lib/gitile")) (repositories gitile-configuration-repositories (default "/var/lib/gitolite/repositories")) (base-git-url gitile-configuration-base-git-url) @@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration> (default '())) (nginx gitile-configuration-nginx)) -(define (gitile-config-file host port database repositories base-git-url +(define (gitile-config-file host port home-directory repositories base-git-url index-title intro footer) (define build #~(write `(config (port #$port) (host #$host) - (database #$database) + (database #$(string-append home-directory "/gitile-db.sql")) (repositories #$repositories) (base-git-url #$base-git-url) (index-title #$index-title) @@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url (computed-file "gitile.conf" build)) +(define (gitile-activation config) + (match-record config <gitile-configuration> (home-directory) + #~(with-output-to-file #$(string-append home-directory "/.gitconfig") + (lambda () (display "[safe]\n directory = *\n"))))) + (define gitile-nginx-server-block (match-lambda - (($ <gitile-configuration> package host port database repositories + (($ <gitile-configuration> package host port home-directory repositories base-git-url index-title intro footer nginx) (list (nginx-server-configuration (inherit nginx) @@ -487,7 +492,7 @@ (define gitile-nginx-server-block (define gitile-shepherd-service (match-lambda - (($ <gitile-configuration> package host port database repositories + (($ <gitile-configuration> package host port home-directory repositories base-git-url index-title intro footer nginx) (list (shepherd-service (provision '(gitile)) @@ -496,7 +501,7 @@ (define gitile-shepherd-service (start (let ((gitile (file-append package "/bin/gitile"))) #~(make-forkexec-constructor `(,#$gitile "-c" #$(gitile-config-file - host port database + host port home-directory repositories base-git-url index-title intro footer)) @@ -504,17 +509,18 @@ (define gitile-shepherd-service #:group "git"))) (stop #~(make-kill-destructor))))))) -(define %gitile-accounts - (list (user-group - (name "git") - (system? #t)) - (user-account - (name "gitile") - (group "git") - (system? #t) - (comment "Gitile user") - (home-directory "/var/empty") - (shell (file-append shadow "/sbin/nologin"))))) +(define (gitile-accounts config) + (match-record config <gitile-configuration> (home-directory) + (list (user-group + (name "git") + (system? #t)) + (user-account + (name "gitile") + (group "git") + (system? #t) + (comment "Gitile user") + (home-directory home-directory) + (shell (file-append shadow "/sbin/nologin")))))) (define gitile-service-type (service-type @@ -523,7 +529,9 @@ (define gitile-service-type on the web.") (extensions (list (service-extension account-service-type - (const %gitile-accounts)) + gitile-accounts) + (service-extension activation-service-type + gitile-activation) (service-extension shepherd-root-service-type gitile-shepherd-service) (service-extension nginx-service-type