[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: service: Add git-service.
|
From: |
ng0 |
|
Subject: |
Re: [PATCH] gnu: service: Add git-service. |
|
Date: |
Tue, 30 Aug 2016 17:50:04 +0000 |
I tried to address most of what you've written.
While I was correcting the documentation I decided to add more options,
now it doesn't work anymore, probably because of the ifs I added.
Andy Wingo <address@hidden> writes:
> On Tue 30 Aug 2016 13:45, ng0 <address@hidden> writes:
>
>>>I also think that "path" might
>>> not be the right word, which in GNU manuals is only used for search
>>> paths. See the "GNU Manuals" section of standards.texi for more.
>>> Anyway I suggest #:base-directory. Make sure the port is an integer and
>>> not a string.
>>
>> See 'man git daemon'.
>
> I ran this and it did not work -- first showed me a page for git then
> for daemon. I believe you want "man git-daemon"?
>
>> The switch is called --base-path. Looking at the openrc conf.d/git or
>> what the config file was called again, they stick to this name too.
>> It would just cause confusion if we go ahead and call it differently.
>> Upstream should be fixed, but I'm not going there. If you think we
>> should break expectations, I can rename it.
>
> "Fixing" upstream is out of our remit :) All I can ask is that we do
> not introduce new uses of the word "path".
>
>>>> +Return a service to run the @uref{https://git-scm.com, git} daemon
>>>> version control
>>>> +daemon.
>>>
>>> Extra "daemon" here. Probably needs a sentence on what running the
>>> daemon will do (namely, expose local repositories for remote access).
>>>
>>> What about authentication? Is this purely anonymous?
>>
>> Exactly, authentication is handled via other daemons, for example ssh or
>> gitolite. git daemon supports no authentication and is read-only, as far
>> as I know. At the servers I use and setup, I pull via
>> git://,http://,https:// and push via ssh.
>> Its selfdescription is:
>> git-daemon - A really simple server for Git repositories.
>
> This needs to be documented in the manual, is what I was getting at :)
> Mention that this is for anonymous read-only access please.
read-only was wrong, anonymous write-access for all the world can be set
up but it is not default.
>
>>>Use "file name" instead of path in general.
>>
>> Why?
>
> It is because it is standard in the GNU project. I mentioned this
> before. See "info standards" and go to "GNU manuals".
>
>>>> +Furthermore it takes the parameter @var{port} which defaults to 9418.
>>>> +Run @command{man git daemon} for information about the options.
>>>
>>> This man command does not work.
>>
>> Works for me. As far as I know man pages were merged into git package
>> recently. When I run this on debian with guix, 'man git daemon' works
>> too.
>
> It does not work for me on NixOS with Guix. Maybe I am out of date
> though.
>
>>>> +(define %git-accounts
>>>> + ;; User account and groups for git-daemon.
>>>> + ;; We can give it git-shell for now, otherwise we can switch to /bin/sh.
>>>
>>> What does this comment mean? Why would we switch?
>>
>> I am not sure about the limitations of git-shell compared to
>> /bin/sh. If this turns out to be a mistake, it can be corrected. The
>> only thing I know about git-shell is that it allows no logins.
>
> If you do not want a login then probably what you want is
> #~(string-append #$shadow "/sbin/nologin").
>
> Andy
>From d1d7eb59ca53833098cea2d6eddaa59f1494b579 Mon Sep 17 00:00:00 2001
From: ng0 <address@hidden>
Date: Fri, 8 Jul 2016 15:42:55 +0000
Subject: [PATCH] gnu: services: Add git-service.
* gnu/services/version-control.scm: New file, create it.
(git-service): New Procedures.
(git-service-type): New variable.
* doc/guix.texi: Add documentation.
---
doc/guix.texi | 37 ++++++++
gnu/local.mk | 1 +
gnu/services/version-control.scm | 196 +++++++++++++++++++++++++++++++++++++++
3 files changed, 234 insertions(+)
create mode 100644 gnu/services/version-control.scm
diff --git a/doc/guix.texi b/doc/guix.texi
index b22cf4a..78d7ee1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7494,6 +7494,7 @@ declaration.
* Database Services:: SQL databases.
* Mail Services:: IMAP, POP3, SMTP, and all that.
* Web Services:: Web servers.
+* Version Control:: Git and others.
* Various Services:: Other services.
@end menu
@@ -9910,6 +9911,42 @@ directories are created when the service is activated.
@end deffn
address@hidden Version Control
address@hidden Version Control
+
+The @code{(gnu services version-control)} module provides the following
services:
+
address@hidden {Scheme Procedure} git-service [#:git @var{git}] @
+ [#:base-directory "/var/git/repositories"] @
+ [#:user-directory? #f ""] [#:port 9418] @
+ [#:directory? #f ""] [#:max-connections 32] @
+ [#:pid-file? #t "/var/run/git-daemon.pid"]
+
+Return a service to run the @uref{https://git-scm.com, Git} daemon, a really
simple
+TCP Git service which exposes local repositories for anonymous remote access.
+
+The git daemon runs as the @code{git} unprivileged user. It is started with
+the fixed parameters @code{--syslog}, @code{--reuseaddr} and
address@hidden"--no-informative-errors"}.
+You can pass the parameter @var{base-directory}, which remaps all the directory
+requests as relative to the given directory. If you run git-service with
address@hidden "/var/git/repositories"} on example.com, then if you later try
+to pull @code{git://example.com/hello.git}, git-service will interpret the
directory
+as @code{/var/git/repositories/hello.git}.
address@hidden sets the maximum number of concurrent clients, it defaults to 32.
+Set it to 0 for no limit.
address@hidden allows allows ~user notation to be used in requests. When
+specified with no parameter, requests to @code{git://host/~alice/foo} is taken
as a
+request to access @code{foo} repository in the home directory of user
@code{alice}.
+If @var{user-directory "path"} is specified, the same request is taken as a
request
+to access @code{path/foo} repository in the home directory of user
@code{alice}.
+The parameter @var{directory "foo"} adds the directory "foo" and its
subdirectories
+to the whitelist of allowed directories.
+Furthermore git-service takes the parameter @var{port}, which defaults to 9418.
+Run @command{man git daemon} for information about the options.
+
address@hidden deffn
+
@node Various Services
@subsubsection Various Services
diff --git a/gnu/local.mk b/gnu/local.mk
index d75ab54..9220d06 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -390,6 +390,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/herd.scm \
%D%/services/spice.scm \
%D%/services/ssh.scm \
+ %D%/services/version-control.scm \
%D%/services/web.scm \
%D%/services/xorg.scm \
\
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
new file mode 100644
index 0000000..5578003
--- /dev/null
+++ b/gnu/services/version-control.scm
@@ -0,0 +1,196 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 ng0 <address@hidden>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services version-control)
+ #:use-module (gnu services)
+ #:use-module (gnu services base)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu packages version-control)
+ #:use-module (gnu packages admin)
+ #:use-module (guix records)
+ #:use-module (guix gexp)
+ #:use-module (srfi srfi-1)
+ #:use-module (ice-9 match)
+ #:export (git-service
+ git-service-type
+ git-configuration
+ git-configuration?
+ git-configuration-git
+ git-configuration-port
+ git-configuration-base-directory
+ git-configuration-pid-file
+ git-configuration-max-connections
+ git-configuration-user-directory
+ git-configuration-directory))
+
+;;; Commentary:
+;;;
+;;; Version Control related services.
+;;;
+;;; Code:
+
+�
+;;;
+;;; git
+;;;
+
+(define-record-type* <git-configuration> git-configuration
+ make-git-configuration
+ git-configuration?
+ (git git-configuration-git ;package
+ (default git))
+ (pid-file? git-configuration-pid-file) ;string
+ (base-directory git-configuration-base-directory) ;string
+ (user-directory? git-configuration-user-directory) ;string
+ (directory? git-configuration-directory) ;string
+ (max-connections git-configuration-max-connections) ;number
+ (port git-configuration-port)) ;number
+
+(define (git-shepherd-service config)
+ "Return a <shepherd-service> for git with CONFIG."
+ (define git (git-configuration-git config))
+
+ ;; Comments do not list all the features available, but the commented ones
are
+ ;; features which are a TODO for this service.
+ (define git-command
+ #~(list
+ (string-append #$git "/bin/git") "daemon"
+
+ ;; Log to syslog instead of stderr. Note that this option does not imply
+ ;; --verbose, thus by default only error conditions will be logged.
+ "--syslog"
+
+ ;; Convenient for clients, but may leak information about the existence
of
+ ;; unexported repositories. When informative errors are not enabled,
all
+ ;; errors report "access denied" to the client.
+ "--no-informative-errors"
+
+ ;; Use SO_REUSEADDR when binding the listening socket. This allows the
+ ;; server to restart without waiting for old connections to time out.
+ "--reuseaddr"
+
+ ;; A directory to add to the whitelist of allowed directories. Unless
+ ;; --strict-paths is specified this will also include subdirectories of
+ ;; each named directory.
+ ;; --directory
+ ;; TODO: Add the option to add multiple occurences of --directory
+ (if (git-configuration-directory? config)
+ (string-append "--directory=" #$(git-configuration-directory
config))
+ "")
+
+ ;; --interpolated-path=<pathtemplate>
+ ;; To support virtual hosting, an interpolated path template can be
used to
+ ;; dynamically construct alternate paths. The template supports %H for
the target
+ ;; hostname as supplied by the client but converted to all lowercase,
+ ;; %CH for the canonical hostname, %IP for the server’s IP address,
+ ;; %P for the port number, and %D for the absolute path of the named
repository.
+ ;; After interpolation, the path is validated against the directory
whitelist.
+
+ ;; --export-all
+ ;; Allow pulling from all directories that look like Git repositories
(have the
+ ;; objects and refs subdirectories), even if they do not have the
git-daemon-export-ok
+ ;; file.
+
+ ;; --listen=<host_or_ipaddr>
+ ;; Listen on a specific IP address or hostname. IP addresses can be
either an IPv4
+ ;; address or an IPv6 address if supported. If IPv6 is not supported,
then
+ ;; --listen=hostname is also not supported and --listen must be given
an IPv4 address.
+ ;; Can be given more than once. Incompatible with --inetd option.
+
+ ;; Maximum number of concurrent clients, defaults to 32. Set it to zero
for no limit.
+ (string-append "--max-connections=" #$(number->string
+
(git-configuration-max-connections config)))
+
+ ;; --user-path, --user-path=<path>
+ ;; Allow ~user notation to be used in requests. When specified with no
parameter,
+ ;; requests to git://host/~alice/foo is taken as a request to access
foo repository
+ ;; in the home directory of user alice. If --user-path=path is
specified, the same
+ ;; request is taken as a request to access path/foo repository in the
home
+ ;; directory of user alice.
+ (if (git-configuration-user-directory? config)
+ "--user-path" "")
+
+ ;; Save the process id in file. Ignored when the daemon is run under
--inetd.
+ (if (git-configuration-pid-file? config)
+ (string-append "--pid-file=" #$(git-configuration-pid-file config))
+ "")
+ (string-append "--port=" #$(number->string (git-configuration-port
config)))
+ (string-append "--base-path=" #$(git-configuration-base-directory
config))))
+
+ (define requires
+ '(networking syslogd))
+
+ (list (shepherd-service
+ (documentation "Git daemon server for git repositories")
+ (requirement requires)
+ (provision '(git))
+ (start #~(make-forkexec-constructor #$git-command))
+ (stop #~(make-kill-destructor)))))
+
+(define %git-accounts
+ ;; User account and groups for git-daemon.
+ (list (user-group
+ (name "git")
+ (system? #t))
+ (user-account
+ (name "git")
+ (system? #t)
+ (group "git")
+ (comment "Shepherd created user for the git-daemon service")
+ (home-directory "/var/git")
+ (shell #~(string-append #$shadow "/bin/git-shell")))))
+
+(define (git-activation config)
+ "Return the activation gexp for CONFIG."
+ #~(begin (use-modules (guix build utils))
+ ;; Create the default base-directory, see `man git daemon'.
+ (mkdir-p "/var/git/repositories")))
+
+(define git-service-type
+ (service-type (name 'git)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ git-shepherd-service)
+ (service-extension activation-service-type
+ git-activation)))))
+
+(define* (git-service #:key
+ (git git)
+ (base-directory "/var/git/repositories")
+ (user-directory? #f)
+ (user-directory? "")
+ (directory? #f)
+ (directory "")
+ (port 9418)
+ (pid-file? #t)
+ (pid-file "/var/run/git-daemon.pid")
+ (max-connections 32))
+ "Return a service that runs @url{https://git-scm.org,git} as a daemon.
+The daemon will listen on the port specified in @var{port}.
+In addition, @var{base-path} specifies the path which will repositories
+which can be exported by adding 'git-daemon-export-ok' files to them."
+ (service git-service-type
+ (git-configuration
+ (git git)
+ (base-directory base-directory)
+ (user-directory? user-directory?)
+ (directory? directory?)
+ (port port)
+ (pid-file? pid-file?)
+ (max-connections max-connections))))
--
2.9.3
--
ng0
For non-prism friendly talk find me on http://www.psyced.org