[PATCH] services: gitile: Opt out of Git safe dir check.

  • Open
  • quality assurance status badge
Details
3 participants
  • Julien Lepiller
  • Evgeny Pisemsky
  • Nguy?n Gia Phong
Owner
unassigned
Submitted by
Nguy?n Gia Phong
Severity
normal
N
N
Nguy?n Gia Phong wrote on 23 May 12:19 +0200
(address . guix-patches@gnu.org)(name . Nguy?n Gia Phong)(address . mcsinyx@disroot.org)
604e51b2f51141b2b8d1d3d71bf9412ab7760563.1716459581.git.mcsinyx@disroot.org
* gnu/services/version-control.scm (gitile-configuration):
Add home-directory field for Git configuration file. It also stores
Gitile's database, so remove the (now redundant) database field.
* gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts.
* gnu/services/version-control.scm (gitile-accounts): Add configurable
home directory.
* doc/gnu.texi (Gitile Service): Document it.
* gnu/services/version-control.scm (gitile-activation): New function
creating Git config file for user gitile setting safe.directory
to * (all directories), so libgit parses directories not owned
by gitile user in gitile-configuration-repositories.

Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
---
doc/guix.texi | 4 +--
gnu/services/version-control.scm | 46 +++++++++++++++++++-------------
2 files changed, 29 insertions(+), 21 deletions(-)

Toggle diff (125 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8073e3f6d496..ba12f249a98b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -38981,8 +38981,8 @@ Version Control Services
@item @code{port} (default: @code{8080})
The port on which gitile is listening.
-@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"})
-The location of the database.
+@item @code{home-directory} (default: @code{"/var/lib/gitile"})
+Directory in which to store the Gitile database.
@item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"})
The location of the repositories. Note that only public repositories will
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 14ff0a59a6b0..00ca7b600efc 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
(default "127.0.0.1"))
(port gitile-configuration-port
(default 8080))
- (database gitile-configuration-database
- (default "/var/lib/gitile/gitile-db.sql"))
+ (home-directory gitile-configuration-home-directory
+ (default "/var/lib/gitile"))
(repositories gitile-configuration-repositories
(default "/var/lib/gitolite/repositories"))
(base-git-url gitile-configuration-base-git-url)
@@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
(default '()))
(nginx gitile-configuration-nginx))
-(define (gitile-config-file host port database repositories base-git-url
+(define (gitile-config-file host port home-directory repositories base-git-url
index-title intro footer)
(define build
#~(write `(config
(port #$port)
(host #$host)
- (database #$database)
+ (database #$(string-append home-directory "/gitile-db.sql"))
(repositories #$repositories)
(base-git-url #$base-git-url)
(index-title #$index-title)
@@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url
(computed-file "gitile.conf" build))
+(define (gitile-activation config)
+ (match-record config <gitile-configuration> (home-directory)
+ #~(with-output-to-file #$(string-append home-directory "/.gitconfig")
+ (lambda () (display "[safe]\n directory = *\n")))))
+
(define gitile-nginx-server-block
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (nginx-server-configuration
(inherit nginx)
@@ -487,7 +492,7 @@ (define gitile-nginx-server-block
(define gitile-shepherd-service
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (shepherd-service
(provision '(gitile))
@@ -496,7 +501,7 @@ (define gitile-shepherd-service
(start (let ((gitile (file-append package "/bin/gitile")))
#~(make-forkexec-constructor
`(,#$gitile "-c" #$(gitile-config-file
- host port database
+ host port home-directory
repositories
base-git-url index-title
intro footer))
@@ -504,17 +509,18 @@ (define gitile-shepherd-service
#:group "git")))
(stop #~(make-kill-destructor)))))))
-(define %gitile-accounts
- (list (user-group
- (name "git")
- (system? #t))
- (user-account
- (name "gitile")
- (group "git")
- (system? #t)
- (comment "Gitile user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
+(define (gitile-accounts config)
+ (match-record config <gitile-configuration> (home-directory)
+ (list (user-group
+ (name "git")
+ (system? #t))
+ (user-account
+ (name "gitile")
+ (group "git")
+ (system? #t)
+ (comment "Gitile user")
+ (home-directory home-directory)
+ (shell (file-append shadow "/sbin/nologin"))))))
(define gitile-service-type
(service-type
@@ -523,7 +529,9 @@ (define gitile-service-type
on the web.")
(extensions
(list (service-extension account-service-type
- (const %gitile-accounts))
+ gitile-accounts)
+ (service-extension activation-service-type
+ gitile-activation)
(service-extension shepherd-root-service-type
gitile-shepherd-service)
(service-extension nginx-service-type

base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
--
2.41.0
N
N
Nguy?n Gia Phong wrote on 23 May 12:28 +0200
[PATCH v2] services: gitile: Opt out of Git safe dir check.
(address . 71143@debbugs.gnu.org)(name . Nguy?n Gia Phong)(address . mcsinyx@disroot.org)
854ccfeb2cf910eda609a026e865b595e64e0cc4.1716460093.git.mcsinyx@disroot.org
* gnu/services/version-control.scm (gitile-configuration):
Add home-directory field for Git configuration file. It also stores
Gitile's database, so remove the (now redundant) database field.
* gnu/services/version-control.scm (%gitile-accounts): Move to gitile-accounts.
* gnu/services/version-control.scm (gitile-accounts): Add configurable
home directory.
* doc/gnu.texi (Gitile Service): Document it.
* gnu/services/version-control.scm (gitile-activation): New function
creating Git config file for user gitile setting safe.directory
to * (all directories), so libgit parses directories not owned
by gitile user in gitile-configuration-repositories.

Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
---
I accidentally staged the record export hunk to another commit.
doc/guix.texi | 4 +--
gnu/services/version-control.scm | 48 +++++++++++++++++++-------------
2 files changed, 30 insertions(+), 22 deletions(-)

Toggle diff (134 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8073e3f6d496..ba12f249a98b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -38981,8 +38981,8 @@ Version Control Services
@item @code{port} (default: @code{8080})
The port on which gitile is listening.
-@item @code{database} (default: @code{"/var/lib/gitile/gitile-db.sql"})
-The location of the database.
+@item @code{home-directory} (default: @code{"/var/lib/gitile"})
+Directory in which to store the Gitile database.
@item @code{repositories} (default: @code{"/var/lib/gitolite/repositories"})
The location of the repositories. Note that only public repositories will
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 14ff0a59a6b0..7fedd7327d6e 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -68,7 +68,7 @@ (define-module (gnu services version-control)
gitile-configuration-package
gitile-configuration-host
gitile-configuration-port
- gitile-configuration-database
+ gitile-configuration-home-directory
gitile-configuration-repositories
gitile-configuration-git-base-url
gitile-configuration-index-title
@@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
(default "127.0.0.1"))
(port gitile-configuration-port
(default 8080))
- (database gitile-configuration-database
- (default "/var/lib/gitile/gitile-db.sql"))
+ (home-directory gitile-configuration-home-directory
+ (default "/var/lib/gitile"))
(repositories gitile-configuration-repositories
(default "/var/lib/gitolite/repositories"))
(base-git-url gitile-configuration-base-git-url)
@@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
(default '()))
(nginx gitile-configuration-nginx))
-(define (gitile-config-file host port database repositories base-git-url
+(define (gitile-config-file host port home-directory repositories base-git-url
index-title intro footer)
(define build
#~(write `(config
(port #$port)
(host #$host)
- (database #$database)
+ (database #$(string-append home-directory "/gitile-db.sql"))
(repositories #$repositories)
(base-git-url #$base-git-url)
(index-title #$index-title)
@@ -459,9 +459,14 @@ (define (gitile-config-file host port database repositories base-git-url
(computed-file "gitile.conf" build))
+(define (gitile-activation config)
+ (match-record config <gitile-configuration> (home-directory)
+ #~(with-output-to-file #$(string-append home-directory "/.gitconfig")
+ (lambda () (display "[safe]\n directory = *\n")))))
+
(define gitile-nginx-server-block
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (nginx-server-configuration
(inherit nginx)
@@ -487,7 +492,7 @@ (define gitile-nginx-server-block
(define gitile-shepherd-service
(match-lambda
- (($ <gitile-configuration> package host port database repositories
+ (($ <gitile-configuration> package host port home-directory repositories
base-git-url index-title intro footer nginx)
(list (shepherd-service
(provision '(gitile))
@@ -496,7 +501,7 @@ (define gitile-shepherd-service
(start (let ((gitile (file-append package "/bin/gitile")))
#~(make-forkexec-constructor
`(,#$gitile "-c" #$(gitile-config-file
- host port database
+ host port home-directory
repositories
base-git-url index-title
intro footer))
@@ -504,17 +509,18 @@ (define gitile-shepherd-service
#:group "git")))
(stop #~(make-kill-destructor)))))))
-(define %gitile-accounts
- (list (user-group
- (name "git")
- (system? #t))
- (user-account
- (name "gitile")
- (group "git")
- (system? #t)
- (comment "Gitile user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
+(define (gitile-accounts config)
+ (match-record config <gitile-configuration> (home-directory)
+ (list (user-group
+ (name "git")
+ (system? #t))
+ (user-account
+ (name "gitile")
+ (group "git")
+ (system? #t)
+ (comment "Gitile user")
+ (home-directory home-directory)
+ (shell (file-append shadow "/sbin/nologin"))))))
(define gitile-service-type
(service-type
@@ -523,7 +529,9 @@ (define gitile-service-type
on the web.")
(extensions
(list (service-extension account-service-type
- (const %gitile-accounts))
+ gitile-accounts)
+ (service-extension activation-service-type
+ gitile-activation)
(service-extension shepherd-root-service-type
gitile-shepherd-service)
(service-extension nginx-service-type

base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
--
2.41.0
J
J
Julien Lepiller wrote on 24 May 07:28 +0200
(name . Nguy?n Gia Phong)(address . mcsinyx@disroot.org)
20240524072828.4868b031@lepiller.eu
Hi,

I think it would be better if we had safe-directory = repositories,
instead of *. Otherwise, looks good.

It seems I cheated on my server and rewrote the service to use user
"git" instead, which owns the repositories.

Le Thu, 23 May 2024 19:28:13 +0900,
guix-patches--- via <guix-patches@gnu.org> a écrit :

Toggle quote (156 lines)
> * gnu/services/version-control.scm (gitile-configuration):
> Add home-directory field for Git configuration file. It also stores
> Gitile's database, so remove the (now redundant) database field.
> * gnu/services/version-control.scm (%gitile-accounts): Move to
> gitile-accounts.
> * gnu/services/version-control.scm (gitile-accounts): Add configurable
> home directory.
> * doc/gnu.texi (Gitile Service): Document it.
> * gnu/services/version-control.scm (gitile-activation): New function
> creating Git config file for user gitile setting safe.directory
> to * (all directories), so libgit parses directories not owned
> by gitile user in gitile-configuration-repositories.
>
> Change-Id: I9d26a74bf021168ce82ac96810c171b2101fd950
> ---
> I accidentally staged the record export hunk to another commit.
> doc/guix.texi | 4 +--
> gnu/services/version-control.scm | 48
> +++++++++++++++++++------------- 2 files changed, 30 insertions(+),
> 22 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 8073e3f6d496..ba12f249a98b 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -38981,8 +38981,8 @@ Version Control Services
> @item @code{port} (default: @code{8080})
> The port on which gitile is listening.
>
> -@item @code{database} (default:
> @code{"/var/lib/gitile/gitile-db.sql"}) -The location of the database.
> +@item @code{home-directory} (default: @code{"/var/lib/gitile"})
> +Directory in which to store the Gitile database.
>
> @item @code{repositories} (default:
> @code{"/var/lib/gitolite/repositories"}) The location of the
> repositories. Note that only public repositories will diff --git
> a/gnu/services/version-control.scm b/gnu/services/version-control.scm
> index 14ff0a59a6b0..7fedd7327d6e 100644 ---
> a/gnu/services/version-control.scm +++
> b/gnu/services/version-control.scm @@ -68,7 +68,7 @@ (define-module
> (gnu services version-control) gitile-configuration-package
> gitile-configuration-host
> gitile-configuration-port
> - gitile-configuration-database
> + gitile-configuration-home-directory
> gitile-configuration-repositories
> gitile-configuration-git-base-url
> gitile-configuration-index-title
> @@ -430,8 +430,8 @@ (define-record-type* <gitile-configuration>
> (default "127.0.0.1"))
> (port gitile-configuration-port
> (default 8080))
> - (database gitile-configuration-database
> - (default "/var/lib/gitile/gitile-db.sql"))
> + (home-directory gitile-configuration-home-directory
> + (default "/var/lib/gitile"))
> (repositories gitile-configuration-repositories
> (default "/var/lib/gitolite/repositories"))
> (base-git-url gitile-configuration-base-git-url)
> @@ -443,13 +443,13 @@ (define-record-type* <gitile-configuration>
> (default '()))
> (nginx gitile-configuration-nginx))
>
> -(define (gitile-config-file host port database repositories
> base-git-url +(define (gitile-config-file host port home-directory
> repositories base-git-url index-title intro footer)
> (define build
> #~(write `(config
> (port #$port)
> (host #$host)
> - (database #$database)
> + (database #$(string-append home-directory
> "/gitile-db.sql")) (repositories #$repositories)
> (base-git-url #$base-git-url)
> (index-title #$index-title)
> @@ -459,9 +459,14 @@ (define (gitile-config-file host port database
> repositories base-git-url
> (computed-file "gitile.conf" build))
>
> +(define (gitile-activation config)
> + (match-record config <gitile-configuration> (home-directory)
> + #~(with-output-to-file #$(string-append home-directory
> "/.gitconfig")
> + (lambda () (display "[safe]\n directory = *\n")))))
> +
> (define gitile-nginx-server-block
> (match-lambda
> - (($ <gitile-configuration> package host port database
> repositories
> + (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
> (list (nginx-server-configuration
> (inherit nginx)
> @@ -487,7 +492,7 @@ (define gitile-nginx-server-block
>
> (define gitile-shepherd-service
> (match-lambda
> - (($ <gitile-configuration> package host port database
> repositories
> + (($ <gitile-configuration> package host port home-directory
> repositories base-git-url index-title intro footer nginx)
> (list (shepherd-service
> (provision '(gitile))
> @@ -496,7 +501,7 @@ (define gitile-shepherd-service
> (start (let ((gitile (file-append package
> "/bin/gitile"))) #~(make-forkexec-constructor
> `(,#$gitile "-c" #$(gitile-config-file
> - host port database
> + host port
> home-directory repositories
> base-git-url
> index-title intro footer))
> @@ -504,17 +509,18 @@ (define gitile-shepherd-service
> #:group "git")))
> (stop #~(make-kill-destructor)))))))
>
> -(define %gitile-accounts
> - (list (user-group
> - (name "git")
> - (system? #t))
> - (user-account
> - (name "gitile")
> - (group "git")
> - (system? #t)
> - (comment "Gitile user")
> - (home-directory "/var/empty")
> - (shell (file-append shadow "/sbin/nologin")))))
> +(define (gitile-accounts config)
> + (match-record config <gitile-configuration> (home-directory)
> + (list (user-group
> + (name "git")
> + (system? #t))
> + (user-account
> + (name "gitile")
> + (group "git")
> + (system? #t)
> + (comment "Gitile user")
> + (home-directory home-directory)
> + (shell (file-append shadow "/sbin/nologin"))))))
>
> (define gitile-service-type
> (service-type
> @@ -523,7 +529,9 @@ (define gitile-service-type
> on the web.")
> (extensions
> (list (service-extension account-service-type
> - (const %gitile-accounts))
> + gitile-accounts)
> + (service-extension activation-service-type
> + gitile-activation)
> (service-extension shepherd-root-service-type
> gitile-shepherd-service)
> (service-extension nginx-service-type
>
> base-commit: aeba4849b42b4d3ac75341ac4b61843c1fe48181
N
N
Nguy?n Gia Phong wrote on 26 May 14:11 +0200
Re: [PATCH v2] services: gitile: Opt out of Git safe dir check.
D1JKAOPZDQBE.PHI9Y7U3ZD7R@guix
On 2024-05-24 at 07:28+02:00, Julien Lepiller wrote:
Toggle quote (9 lines)
> On 2024-05-23 at 19:28+09:00, Nguy?n Gia Phong wrote:
> > * gnu/services/version-control.scm (gitile-activation): New function
> > creating Git config file for user gitile setting safe.directory
> > to * (all directories), so libgit parses directories not owned
> > by gitile user in gitile-configuration-repositories.
>
> I think it would be better if we had safe-directory = repositories,
> instead of *. Otherwise, looks good.

Thanks, although * seems to be magic string rather than a glob pattern:

Setting safe-directory to repositories or repositories/*
doesn't make it work for me.

P.S. Huh for some reason GNU Debbugs keep bouncing mails from loang.net.
-----BEGIN PGP SIGNATURE-----

iQHIBAABCAAyFiEE6Q4RuASTNDthMuOUJxSLLAaiIksFAmZTJwoUHG1jc2lueXhA
ZGlzcm9vdC5vcmcACgkQJxSLLAaiIktNKgv+K81PYMLeCL1GDLYDcSCG8/lGYmrL
8jXyYvRPXM3+ud8lewFEdKOT9jIyQSuwWwM9Nyu2xfi5NNloAv88UKywEH0ZA5nI
7kIutN4C9+RVUzw6HoMPi6T3yTgQuiaMbTNf7l+Dhb7DKGwPtk9jQ/8qYqQjy1rC
Md/ytYqNHiPjWN3ro31z0/AONaB8gb+BT0aAIfjBh+fy9YgmEH7BUwCWEMFkAaR7
PZJ2Qt6VbtlGReLKyGEj1mZdkIdriQ+feWpp8vdk1iDcJlvpR2MgIlh+YtQSePQk
sWpdOUc9KKltbbTS+UQYcDjo/XaeP+zaOAHr2WvrglPX5dNxT+gTjFkewKmI7qDU
ATdoY7Qz7ur6CN3/UrqXEebm5hcxMHGq7pwzbvew3UIawVZCdyg+bg5mOQl2CDXc
6CzMTDNyZcQOft6sDhuhSpGcop3CH3UaJat4ZQ4D9sEIuDy3xNK9ZP2Av9uoN9Up
mAb4V5jrQzjFxdXlURVJfWeLcKevQg2INvn5
=0c/5
-----END PGP SIGNATURE-----


E
E
Evgeny Pisemsky wrote on 5 Aug 10:11 +0200
Re: [PATCH] services: gitile: Opt out of Git safe dir check.
(address . 71143@debbugs.gnu.org)
87plqnfkxj.fsf@pisemsky.site
In the meantime I did some searching and found out that owner check
can be disabled right from guile without any external config files:


Attached example of gitile package with modified source that works for
me with existing service. It can even be made optional in gitile code.
Attachment: gitile.scm
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 71143@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 71143
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch