GNU bug report logs - #71143
[PATCH] services: gitile: Opt out of Git safe dir check.

Previous Next

Package: guix-patches;

Reported by: Nguyễn Gia Phong <mcsinyx <at> disroot.org>

Date: Thu, 23 May 2024 10:22:02 UTC

Severity: normal

Tags: patch

Full log

Message #11 received at 71143 <at> debbugs.gnu.org (full text, mbox):

From: Julien Lepiller <julien <at> lepiller.eu>
To: Nguyễn Gia Phong <mcsinyx <at> disroot.org>
Cc: Ludovic Courtès <ludo <at> gnu.org>,
 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>, 71143 <at> debbugs.gnu.org,
 Matthew Trzcinski <matt <at> excalamus.com>,
 Florian Pelz <pelzflorian <at> pelzflorian.de>
Subject: Re: [bug#71143] [PATCH v2] services: gitile: Opt out of Git safe
 dir check.
Date: Fri, 24 May 2024 07:28:28 +0200

Hi,

I think it would be better if we had safe-directory = repositories,
instead of *. Otherwise, looks good.

It seems I cheated on my server and rewrote the service to use user
"git" instead, which owns the repositories.

Le Thu, 23 May 2024 19:28:13 +0900,
guix-patches--- via <guix-patches <at> gnu.org> a écrit :

> * gnu/services/version-control.scm (gitile-configuration):
>   Add home-directory field for Git configuration file.  It also stores
>   Gitile's database, so remove the (now redundant) database field.
> * gnu/services/version-control.scm (%gitile-accounts): Move to
> gitile-accounts.
> * gnu/services/version-control.scm (gitile-accounts): Add configurable
>   home directory.
> * doc/gnu.texi (Gitile Service): Document it.
> * gnu/services/version-control.scm (gitile-activation): New function
>   creating Git config file for user gitile setting safe.directory
>   to * (all directories), so libgit parses directories not owned
>   by gitile user in gitile-configuration-repositories.
> 
> Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
> ---
> I accidentally staged the record export hunk to another commit.
>  doc/guix.texi                    |  4 +--
>  gnu/services/version-control.scm | 48
> +++++++++++++++++++------------- 2 files changed, 30 insertions(+),
> 22 deletions(-)
> 
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 8073e3f6d496..ba12f249a98b 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -38981,8 +38981,8 @@ Version Control Services
>  @item @code{port} (default: @code{8080})
>  The port on which gitile is listening.
>  
> -@item @code{database} (default:
> @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database.
> +@item @code{home-directory} (default: @code{"/var/lib/gitile"})
> +Directory in which to store the Gitile database.
>  
>  @item @code{repositories} (default:
> @code{"/var/lib/gitolite/repositories"}) The location of the
> repositories.  Note that only public repositories will diff --git
> a/gnu/services/version-control.scm b/gnu/services/version-control.scm
> index 14ff0a59a6b0..7fedd7327d6e 100644 ---
> a/gnu/services/version-control.scm +++
> b/gnu/services/version-control.scm @@ -68,7 +68,7 @@ (define-module
> (gnu services version-control) gitile-configuration-package
>              gitile-configuration-host
>              gitile-configuration-port
> -            gitile-configuration-database
> +            gitile-configuration-home-directory
>              gitile-configuration-repositories
>              gitile-configuration-git-base-url
>              gitile-configuration-index-title
> @@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
>          (default "127.0.0.1"))
>    (port gitile-configuration-port
>          (default 8080))
> -  (database gitile-configuration-database
> -            (default "/var/lib/gitile/gitile-db.sql"))
> +  (home-directory gitile-configuration-home-directory
> +                  (default "/var/lib/gitile"))
>    (repositories gitile-configuration-repositories
>                  (default "/var/lib/gitolite/repositories"))
>    (base-git-url gitile-configuration-base-git-url)
> @@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
>            (default '()))
>    (nginx gitile-configuration-nginx))
>  
> -(define (gitile-config-file host port database repositories
> base-git-url +(define (gitile-config-file host port home-directory
> repositories base-git-url index-title intro footer)
>    (define build
>      #~(write `(config
>                  (port #$port)
>                  (host #$host)
> -                (database #$database)
> +                (database #$(string-append home-directory
> "/gitile-db.sql")) (repositories #$repositories)
>                  (base-git-url #$base-git-url)
>                  (index-title #$index-title)
> @@ -459,9 +459,14 @@ (define (gitile-config-file host port database
> repositories base-git-url 
>    (computed-file "gitile.conf" build))
>  
> +(define (gitile-activation config)
> +  (match-record config <gitile-configuration> (home-directory)
> +    #~(with-output-to-file #$(string-append home-directory
> "/.gitconfig")
> +        (lambda () (display "[safe]\n  directory = *\n")))))
> +
>  (define gitile-nginx-server-block
>    (match-lambda
> -    (($ <gitile-configuration> package host port database
> repositories
> +    (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
>       (list (nginx-server-configuration
>               (inherit nginx)
> @@ -487,7 +492,7 @@ (define gitile-nginx-server-block
>  
>  (define gitile-shepherd-service
>    (match-lambda
> -    (($ <gitile-configuration> package host port database
> repositories
> +    (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
>       (list (shepherd-service
>               (provision '(gitile))
> @@ -496,7 +501,7 @@ (define gitile-shepherd-service
>               (start (let ((gitile (file-append package
> "/bin/gitile"))) #~(make-forkexec-constructor
>                                `(,#$gitile "-c" #$(gitile-config-file
> -                                                   host port database
> +                                                   host port
> home-directory repositories
>                                                     base-git-url
> index-title intro footer))
> @@ -504,17 +509,18 @@ (define gitile-shepherd-service
>                                #:group "git")))
>               (stop #~(make-kill-destructor)))))))
>  
> -(define %gitile-accounts
> -  (list (user-group
> -         (name "git")
> -         (system? #t))
> -        (user-account
> -          (name "gitile")
> -          (group "git")
> -          (system? #t)
> -          (comment "Gitile user")
> -          (home-directory "/var/empty")
> -          (shell (file-append shadow "/sbin/nologin")))))
> +(define (gitile-accounts config)
> +  (match-record config <gitile-configuration> (home-directory)
> +    (list (user-group
> +            (name "git")
> +            (system? #t))
> +          (user-account
> +            (name "gitile")
> +            (group "git")
> +            (system? #t)
> +            (comment "Gitile user")
> +            (home-directory home-directory)
> +            (shell (file-append shadow "/sbin/nologin"))))))
>  
>  (define gitile-service-type
>    (service-type
> @@ -523,7 +529,9 @@ (define gitile-service-type
>  on the web.")
>      (extensions
>        (list (service-extension account-service-type
> -                               (const %gitile-accounts))
> +                               gitile-accounts)
> +            (service-extension activation-service-type
> +                               gitile-activation)
>              (service-extension shepherd-root-service-type
>                                 gitile-shepherd-service)
>              (service-extension nginx-service-type
> 
> base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
This bug report was last modified 318 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.