GNU bug report logs - #25957
gitolite broken: created repositories keep references to /usr/bin for hooks

Previous Next

Package: guix;

Reported by: ng0 <contact.ng0 <at> cryptolab.net>

Date: Fri, 3 Mar 2017 20:50:02 UTC

Severity: normal

Done: "Thompson, David" <dthompson2 <at> worcester.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: "Thompson, David" <dthompson2 <at> worcester.edu>
To: Efraim Flashner <efraim <at> flashner.co.il>, "Thompson, David" <dthompson2 <at> worcester.edu>,  zimoun <zimon.toutoune <at> gmail.com>, 25957 <at> debbugs.gnu.org
Subject: bug#25957: [EXT] Re: bug#25957: gitolite broken: created repositories keep references to /usr/bin for hooks
Date: Fri, 2 Sep 2022 08:50:21 -0400

On Fri, Sep 2, 2022 at 8:44 AM Efraim Flashner <efraim <at> flashner.co.il> wrote:
>
> On Fri, Sep 02, 2022 at 07:11:54AM -0400, Thompson, David wrote:
> > On Fri, Sep 2, 2022 at 3:00 AM Efraim Flashner <efraim <at> flashner.co.il> wrote:
> > >
> > > I took a look at the gitolite service finally and I hadn't realized
> > > there wasn't a running daemon to containerize. I assumed we could do
> > > something like:
> > >
> > > (start $~(make-forkexec-constructor/container
> > >             (list ...)
> > >             #:environment-variables
> > >             '("PATH=...")
> > >             #:mappings ...))
> > >
> > > Given that's not the case then I'd need to look at gitolite itself to
> > > see how it calls the other binaries it expects to be available, and if
> > > wrapping it would be enough or if we would need to just propagate the
> > > other packages for functionality.
> >
> > Gitolite simply expects tools like git to be on $PATH.  It's a pretty
> > naive system, there's nothing like a configure script that is
> > determining the absolute file name of these tools and substituting
> > those names into the built files.
> >
> > The executable is already wrapped so that coreutils, findutils, and
> > git are on $PATH, but notably not openssh:
> >
> > (add-after 'install 'wrap-scripts
> >                     (lambda* (#:key inputs outputs #:allow-other-keys)
> >                       (let ((out (assoc-ref outputs "out"))
> >                             (coreutils (assoc-ref inputs "coreutils"))
> >                             (findutils (assoc-ref inputs "findutils"))
> >                             (git (assoc-ref inputs "git")))
> >                         (wrap-program (string-append out "/bin/gitolite")
> >                           `("PATH" ":" prefix
> >                             ,(map (lambda (dir)
> >                                     (string-append dir "/bin"))
> >                                   (list out coreutils findutils git)))))))
> >
> > However, git and openssh are still propagated inputs. I'm going to
> > move the propagated inputs to regular inputs, potentially add openssh
> > to the wrapper once I remind myself what gitolite does with those
> > tools, and test it all out on my server using the gitolite service.
> > If that all works, we have a good starting point for adding extension
> > support in the service.
>
> I like it. Let us know how it goes.

The problem is that gitolite generates git hooks for the repositories
that it manages, and those hooks invoke git, so the only way those
scripts will be able to work (without input propagation) is to find a
way to inject the proper PATH or find a way to replace references to
things like 'git diff' with '/gnu/store/.../git diff'.  I'm going to
keep exploring and report back when I have something to show.

- Dave
This bug report was last modified 2 years and 272 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.