[PATCH] services: gitile: Opt out of Git safe dir check.

Open

Details

3 participants

Julien Lepiller
Evgeny Pisemsky
Nguy?n Gia Phong

Owner: unassigned

Submitted by: Nguy?n Gia Phong

Severity: normal

Nguy?n Gia Phong wrote on 23 May 12:19 +0200

Recipients:(address . guix-patches@gnu.org)(name . Nguy?n Gia Phong)(address . mcsinyx@disroot.org)

Message-ID:604e51b2f51141b2b8d1d3d71bf9412ab7760563.1716459581.git.mcsinyx@disroot.org

* gnu/services/version-control.scm (gitile-configuration):
  Add home-directory field for Git configuration file.  It also stores
  Gitile's database, so remove the (now redundant) database field.
* gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts.
* gnu/services/version-control.scm (gitile-accounts): Add configurable
  home directory.
* doc/gnu.texi (Gitile Service): Document it.
* gnu/services/version-control.scm (gitile-activation): New function
  creating Git config file for user gitile setting safe.directory
  to * (all directories), so libgit parses directories not owned
  by gitile user in gitile-configuration-repositories.

Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
---
 doc/guix.texi                    |  4 +--
 gnu/services/version-control.scm | 46 +++++++++++++++++++-------------
 2 files changed, 29 insertions(+), 21 deletions(-)

Toggle diff (125 lines)diff --git a/doc/guix.texi b/doc/guix.texi
index 8073e3f6d496..ba12f249a98b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -38981,8 +38981,8 @@ Version Control Services
 @item @code{port} (default: @code{8080})
 The port on which gitile is listening.
 
-@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"})
-The location of the database.
+@item @code{home-directory} (default: @code{"/var/lib/gitile"})
+Directory in which to store the Gitile database.
 
 @item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"})
 The location of the repositories.  Note that only public repositories will
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 14ff0a59a6b0..00ca7b600efc 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
         (default "127.0.0.1"))
   (port gitile-configuration-port
         (default 8080))
-  (database gitile-configuration-database
-            (default "/var/lib/gitile/gitile-db.sql"))
+  (home-directory gitile-configuration-home-directory
+                  (default "/var/lib/gitile"))
   (repositories gitile-configuration-repositories
                 (default "/var/lib/gitolite/repositories"))
   (base-git-url gitile-configuration-base-git-url)
@@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
           (default '()))
   (nginx gitile-configuration-nginx))
 
-(define (gitile-config-file host port database repositories base-git-url
+(define (gitile-config-file host port home-directory repositories base-git-url
                             index-title intro footer)
   (define build
     #~(write `(config
                 (port #$port)
                 (host #$host)
-                (database #$database)
+                (database #$(string-append home-directory "/gitile-db.sql"))
                 (repositories #$repositories)
                 (base-git-url #$base-git-url)
                 (index-title #$index-title)
@@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url
 
   (computed-file "gitile.conf" build))
 
+(define (gitile-activation config)
+  (match-record config <gitile-configuration> (home-directory)
+    #~(with-output-to-file #$(string-append home-directory "/.gitconfig")
+        (lambda () (display "[safe]\n  directory = *\n")))))
+
 (define gitile-nginx-server-block
   (match-lambda
-    (($ <gitile-configuration> package host port database repositories
+    (($ <gitile-configuration> package host port home-directory repositories
         base-git-url index-title intro footer nginx)
      (list (nginx-server-configuration
              (inherit nginx)
@@ -487,7 +492,7 @@ (define gitile-nginx-server-block
 
 (define gitile-shepherd-service
   (match-lambda
-    (($ <gitile-configuration> package host port database repositories
+    (($ <gitile-configuration> package host port home-directory repositories
         base-git-url index-title intro footer nginx)
      (list (shepherd-service
              (provision '(gitile))
@@ -496,7 +501,7 @@ (define gitile-shepherd-service
              (start (let ((gitile (file-append package "/bin/gitile")))
                           #~(make-forkexec-constructor
                               `(,#$gitile "-c" #$(gitile-config-file
-                                                   host port database
+                                                   host port home-directory
                                                    repositories
                                                    base-git-url index-title
                                                    intro footer))
@@ -504,17 +509,18 @@ (define gitile-shepherd-service
                               #:group "git")))
              (stop #~(make-kill-destructor)))))))
 
-(define %gitile-accounts
-  (list (user-group
-         (name "git")
-         (system? #t))
-        (user-account
-          (name "gitile")
-          (group "git")
-          (system? #t)
-          (comment "Gitile user")
-          (home-directory "/var/empty")
-          (shell (file-append shadow "/sbin/nologin")))))
+(define (gitile-accounts config)
+  (match-record config <gitile-configuration> (home-directory)
+    (list (user-group
+            (name "git")
+            (system? #t))
+          (user-account
+            (name "gitile")
+            (group "git")
+            (system? #t)
+            (comment "Gitile user")
+            (home-directory home-directory)
+            (shell (file-append shadow "/sbin/nologin"))))))
 
 (define gitile-service-type
   (service-type
@@ -523,7 +529,9 @@ (define gitile-service-type
 on the web.")
     (extensions
       (list (service-extension account-service-type
-                               (const %gitile-accounts))
+                               gitile-accounts)
+            (service-extension activation-service-type
+                               gitile-activation)
             (service-extension shepherd-root-service-type
                                gitile-shepherd-service)
             (service-extension nginx-service-type

base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
-- 
2.41.0

Nguy?n Gia Phong wrote on 23 May 12:28 +0200

[PATCH v2] services: gitile: Opt out of Git safe dir check.

Recipients:(address . 71143@debbugs.gnu.org)(name . Nguy?n Gia Phong)(address . mcsinyx@disroot.org)

Message-ID:854ccfeb2cf910eda609a026e865b595e64e0cc4.1716460093.git.mcsinyx@disroot.org

* gnu/services/version-control.scm (gitile-configuration):
  Add home-directory field for Git configuration file.  It also stores
  Gitile's database, so remove the (now redundant) database field.
* gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts.
* gnu/services/version-control.scm (gitile-accounts): Add configurable
  home directory.
* doc/gnu.texi (Gitile Service): Document it.
* gnu/services/version-control.scm (gitile-activation): New function
  creating Git config file for user gitile setting safe.directory
  to * (all directories), so libgit parses directories not owned
  by gitile user in gitile-configuration-repositories.

Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
---
I accidentally staged the record export hunk to another commit.
 doc/guix.texi                    |  4 +--
 gnu/services/version-control.scm | 48 +++++++++++++++++++-------------
 2 files changed, 30 insertions(+), 22 deletions(-)

Toggle diff (134 lines)diff --git a/doc/guix.texi b/doc/guix.texi
index 8073e3f6d496..ba12f249a98b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -38981,8 +38981,8 @@ Version Control Services
 @item @code{port} (default: @code{8080})
 The port on which gitile is listening.
 
-@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"})
-The location of the database.
+@item @code{home-directory} (default: @code{"/var/lib/gitile"})
+Directory in which to store the Gitile database.
 
 @item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"})
 The location of the repositories.  Note that only public repositories will
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 14ff0a59a6b0..7fedd7327d6e 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -68,7 +68,7 @@ (define-module (gnu services version-control)
             gitile-configuration-package
             gitile-configuration-host
             gitile-configuration-port
-            gitile-configuration-database
+            gitile-configuration-home-directory
             gitile-configuration-repositories
             gitile-configuration-git-base-url
             gitile-configuration-index-title
@@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
         (default "127.0.0.1"))
   (port gitile-configuration-port
         (default 8080))
-  (database gitile-configuration-database
-            (default "/var/lib/gitile/gitile-db.sql"))
+  (home-directory gitile-configuration-home-directory
+                  (default "/var/lib/gitile"))
   (repositories gitile-configuration-repositories
                 (default "/var/lib/gitolite/repositories"))
   (base-git-url gitile-configuration-base-git-url)
@@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
           (default '()))
   (nginx gitile-configuration-nginx))
 
-(define (gitile-config-file host port database repositories base-git-url
+(define (gitile-config-file host port home-directory repositories base-git-url
                             index-title intro footer)
   (define build
     #~(write `(config
                 (port #$port)
                 (host #$host)
-                (database #$database)
+                (database #$(string-append home-directory "/gitile-db.sql"))
                 (repositories #$repositories)
                 (base-git-url #$base-git-url)
                 (index-title #$index-title)
@@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url
 
   (computed-file "gitile.conf" build))
 
+(define (gitile-activation config)
+  (match-record config <gitile-configuration> (home-directory)
+    #~(with-output-to-file #$(string-append home-directory "/.gitconfig")
+        (lambda () (display "[safe]\n  directory = *\n")))))
+
 (define gitile-nginx-server-block
   (match-lambda
-    (($ <gitile-configuration> package host port database repositories
+    (($ <gitile-configuration> package host port home-directory repositories
         base-git-url index-title intro footer nginx)
      (list (nginx-server-configuration
              (inherit nginx)
@@ -487,7 +492,7 @@ (define gitile-nginx-server-block
 
 (define gitile-shepherd-service
   (match-lambda
-    (($ <gitile-configuration> package host port database repositories
+    (($ <gitile-configuration> package host port home-directory repositories
         base-git-url index-title intro footer nginx)
      (list (shepherd-service
              (provision '(gitile))
@@ -496,7 +501,7 @@ (define gitile-shepherd-service
              (start (let ((gitile (file-append package "/bin/gitile")))
                           #~(make-forkexec-constructor
                               `(,#$gitile "-c" #$(gitile-config-file
-                                                   host port database
+                                                   host port home-directory
                                                    repositories
                                                    base-git-url index-title
                                                    intro footer))
@@ -504,17 +509,18 @@ (define gitile-shepherd-service
                               #:group "git")))
              (stop #~(make-kill-destructor)))))))
 
-(define %gitile-accounts
-  (list (user-group
-         (name "git")
-         (system? #t))
-        (user-account
-          (name "gitile")
-          (group "git")
-          (system? #t)
-          (comment "Gitile user")
-          (home-directory "/var/empty")
-          (shell (file-append shadow "/sbin/nologin")))))
+(define (gitile-accounts config)
+  (match-record config <gitile-configuration> (home-directory)
+    (list (user-group
+            (name "git")
+            (system? #t))
+          (user-account
+            (name "gitile")
+            (group "git")
+            (system? #t)
+            (comment "Gitile user")
+            (home-directory home-directory)
+            (shell (file-append shadow "/sbin/nologin"))))))
 
 (define gitile-service-type
   (service-type
@@ -523,7 +529,9 @@ (define gitile-service-type
 on the web.")
     (extensions
       (list (service-extension account-service-type
-                               (const %gitile-accounts))
+                               gitile-accounts)
+            (service-extension activation-service-type
+                               gitile-activation)
             (service-extension shepherd-root-service-type
                                gitile-shepherd-service)
             (service-extension nginx-service-type

base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
-- 
2.41.0

Julien Lepiller wrote on 24 May 07:28 +0200

Recipients:(name . Nguy?n Gia Phong)(address . mcsinyx@disroot.org)

Message-ID:20240524072828.4868b031@lepiller.eu

Hi,

I think it would be better if we had safe-directory = repositories,

instead of *. Otherwise, looks good.

It seems I cheated on my server and rewrote the service to use user

"git" instead, which owns the repositories.

Le Thu, 23 May 2024 19:28:13 +0900,

guix-patches--- via <guix-patches@gnu.org> a écrit :

Toggle quote (156 lines)> * gnu/services/version-control.scm (gitile-configuration):
>   Add home-directory field for Git configuration file.  It also stores
>   Gitile's database, so remove the (now redundant) database field.
> * gnu/services/version-control.scm (%gitile-accounts): Move to
> gitile-accounts.
> * gnu/services/version-control.scm (gitile-accounts): Add configurable
>   home directory.
> * doc/gnu.texi (Gitile Service): Document it.
> * gnu/services/version-control.scm (gitile-activation): New function
>   creating Git config file for user gitile setting safe.directory
>   to * (all directories), so libgit parses directories not owned
>   by gitile user in gitile-configuration-repositories.
> 
> Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
> ---
> I accidentally staged the record export hunk to another commit.
>  doc/guix.texi                    |  4 +--
>  gnu/services/version-control.scm | 48
> +++++++++++++++++++------------- 2 files changed, 30 insertions(+),
> 22 deletions(-)
> 
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 8073e3f6d496..ba12f249a98b 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -38981,8 +38981,8 @@ Version Control Services
>  @item @code{port} (default: @code{8080})
>  The port on which gitile is listening.
>  
> -@item @code{database} (default:
> @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database.
> +@item @code{home-directory} (default: @code{"/var/lib/gitile"})
> +Directory in which to store the Gitile database.
>  
>  @item @code{repositories} (default:
> @code{"/var/lib/gitolite/repositories"}) The location of the
> repositories.  Note that only public repositories will diff --git
> a/gnu/services/version-control.scm b/gnu/services/version-control.scm
> index 14ff0a59a6b0..7fedd7327d6e 100644 ---
> a/gnu/services/version-control.scm +++
> b/gnu/services/version-control.scm @@ -68,7 +68,7 @@ (define-module
> (gnu services version-control) gitile-configuration-package
>              gitile-configuration-host
>              gitile-configuration-port
> -            gitile-configuration-database
> +            gitile-configuration-home-directory
>              gitile-configuration-repositories
>              gitile-configuration-git-base-url
>              gitile-configuration-index-title
> @@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
>          (default "127.0.0.1"))
>    (port gitile-configuration-port
>          (default 8080))
> -  (database gitile-configuration-database
> -            (default "/var/lib/gitile/gitile-db.sql"))
> +  (home-directory gitile-configuration-home-directory
> +                  (default "/var/lib/gitile"))
>    (repositories gitile-configuration-repositories
>                  (default "/var/lib/gitolite/repositories"))
>    (base-git-url gitile-configuration-base-git-url)
> @@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
>            (default '()))
>    (nginx gitile-configuration-nginx))
>  
> -(define (gitile-config-file host port database repositories
> base-git-url +(define (gitile-config-file host port home-directory
> repositories base-git-url index-title intro footer)
>    (define build
>      #~(write `(config
>                  (port #$port)
>                  (host #$host)
> -                (database #$database)
> +                (database #$(string-append home-directory
> "/gitile-db.sql")) (repositories #$repositories)
>                  (base-git-url #$base-git-url)
>                  (index-title #$index-title)
> @@ -459,9 +459,14 @@ (define (gitile-config-file host port database
> repositories base-git-url 
>    (computed-file "gitile.conf" build))
>  
> +(define (gitile-activation config)
> +  (match-record config <gitile-configuration> (home-directory)
> +    #~(with-output-to-file #$(string-append home-directory
> "/.gitconfig")
> +        (lambda () (display "[safe]\n  directory = *\n")))))
> +
>  (define gitile-nginx-server-block
>    (match-lambda
> -    (($ <gitile-configuration> package host port database
> repositories
> +    (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
>       (list (nginx-server-configuration
>               (inherit nginx)
> @@ -487,7 +492,7 @@ (define gitile-nginx-server-block
>  
>  (define gitile-shepherd-service
>    (match-lambda
> -    (($ <gitile-configuration> package host port database
> repositories
> +    (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
>       (list (shepherd-service
>               (provision '(gitile))
> @@ -496,7 +501,7 @@ (define gitile-shepherd-service
>               (start (let ((gitile (file-append package
> "/bin/gitile"))) #~(make-forkexec-constructor
>                                `(,#$gitile "-c" #$(gitile-config-file
> -                                                   host port database
> +                                                   host port
> home-directory repositories
>                                                     base-git-url
> index-title intro footer))
> @@ -504,17 +509,18 @@ (define gitile-shepherd-service
>                                #:group "git")))
>               (stop #~(make-kill-destructor)))))))
>  
> -(define %gitile-accounts
> -  (list (user-group
> -         (name "git")
> -         (system? #t))
> -        (user-account
> -          (name "gitile")
> -          (group "git")
> -          (system? #t)
> -          (comment "Gitile user")
> -          (home-directory "/var/empty")
> -          (shell (file-append shadow "/sbin/nologin")))))
> +(define (gitile-accounts config)
> +  (match-record config <gitile-configuration> (home-directory)
> +    (list (user-group
> +            (name "git")
> +            (system? #t))
> +          (user-account
> +            (name "gitile")
> +            (group "git")
> +            (system? #t)
> +            (comment "Gitile user")
> +            (home-directory home-directory)
> +            (shell (file-append shadow "/sbin/nologin"))))))
>  
>  (define gitile-service-type
>    (service-type
> @@ -523,7 +529,9 @@ (define gitile-service-type
>  on the web.")
>      (extensions
>        (list (service-extension account-service-type
> -                               (const %gitile-accounts))
> +                               gitile-accounts)
> +            (service-extension activation-service-type
> +                               gitile-activation)
>              (service-extension shepherd-root-service-type
>                                 gitile-shepherd-service)
>              (service-extension nginx-service-type
> 
> base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181

Nguy?n Gia Phong wrote on 26 May 14:11 +0200

Re: [PATCH v2] services: gitile: Opt out of Git safe dir check.

Recipients:

Message-ID:D1JKAOPZDQBE.PHI9Y7U3ZD7R@guix

On 2024-05-24 at 07:28+02:00, Julien Lepiller wrote:

Toggle quote (9 lines)

> On 2024-05-23 at 19:28+09:00, Nguy?n Gia Phong wrote:

> > * gnu/services/version-control.scm (gitile-activation): New function

> > creating Git config file for user gitile setting safe.directory

> > to * (all directories), so libgit parses directories not owned

> > by gitile user in gitile-configuration-repositories.

> I think it would be better if we had safe-directory = repositories,

> instead of *. Otherwise, looks good.

Thanks, although * seems to be magic string rather than a glob pattern:

https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory

Setting safe-directory to repositories or repositories/*

doesn't make it work for me.

P.S. Huh for some reason GNU Debbugs keep bouncing mails from loang.net.

Evgeny Pisemsky wrote on 5 Aug 10:11 +0200

Re: [PATCH] services: gitile: Opt out of Git safe dir check.

Recipients:(address . 71143@debbugs.gnu.org)

Message-ID:87plqnfkxj.fsf@pisemsky.site

In the meantime I did some searching and found out that owner check

can be disabled right from guile without any external config files:

https://gitlab.com/guile-git/guile-git/-/blob/47541c4eb28ca81530b5541834a4d105a808954f/git/settings.scm#L77

Attached example of gitile package with modified source that works for

me with existing service. It can even be made optional in gitile code.

Attachment: gitile.scm

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 71143@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 71143

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date