GNU bug report logs - #72400
[PATCH] services: gitile: Allow to set user and group.

Previous Next

Full log

Message #17 received at 72400 <at> debbugs.gnu.org (full text, mbox):

From: Evgeny Pisemsky <mail <at> pisemsky.site>
To: Nguyễn Gia Phong <mcsinyx <at> disroot.org>
Cc: julien <at> lepiller.eu, 72400 <at> debbugs.gnu.org
Subject: Re: [PATCH] services: gitile: Allow to set user and group.
Date: Mon, 05 Aug 2024 13:13:52 +0300

Nguyễn Gia Phong <mcsinyx <at> disroot.org> writes:

> Seconded, and IMHO the Guix service documentation should mention
> that the default user for gitile is to match the owner
> of the repositories:

As I understand running from git is not secure as it gives gitile
write access to the repos with possibility to corrupt them on error.

I've commented at #71143 about fixing group access for gitile. TLDR:

> (use-modules (git settings))
> (set-owner-validation! #f)
> (run-server ...)

I agree that documentation update is needed. IMO the following, while
being a breaking change, can make the service more sane and flexible:

1. Allow to change user and group as proposed in the initial patch.
2. Set default user and group to "gitile" and document that if they
   changed to other values, they expected to exist on a system, to
   avoid warnings like "the following groups appear more than once".
3. Remove the default value of the "repositories" field to enforce
   users to specify what they want to serve. Document that gitile's
   user/group must have at least read access to this directory.
4. Provide configuration for gitolite as an example, not as default.
5. Remove unnecessary fields like "database" from configuration.

I'm interested what authors and maintainers think about all of this.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.