kreyren/guix-kreyren
1
0
Fork 0
Code Issues 1 Pull Requests 1 Releases Activity

services: gitolite: Relax permissions on service user home directory.

Browse Source 
Fixes https://issues.guix.gnu.org/56444

* gnu/services/version-control.scm (gitolite-activation): Modify permissions
  on home directory so that git group has read access.

Reported-by: Evgeny Pisemsky <evgeny@pisemsky.com>

Experienced by David Thompson for years, wondering what was wrong. Thanks for
finding the root cause, Evgeny! :)
This commit is contained in:
David Thompson 2022-08-19 09:20:06 -04:00
parent c19a432652
commit 9b5b1dde32
No known key found for this signature in database
GPG Key ID: 8328C7470FF1D807
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
gnu/services/version-control.scm
View File

@ -331,6 +331,14 @@ access to exported repositories under @file{/srv/git}."
(strip-store-file-name admin-pubkey)))) (strip-store-file-name admin-pubkey))))
(rc-file #$(string-append home "/.gitolite.rc"))) (rc-file #$(string-append home "/.gitolite.rc")))
;; activate-users+groups in (gnu build activation) sets the
;; permission flags of home directories to #o700 and mentions that
;; services needing looser permissions should chmod it during
;; service activation. We also want the git group to be able to
;; read from the gitolite home directory, so a chmod'ing we will
;; go!
(chmod #$home #o750)
(simple-format #t "guix: gitolite: installing ~A\n" #$rc-file) (simple-format #t "guix: gitolite: installing ~A\n" #$rc-file)
(copy-file #$rc-file rc-file) (copy-file #$rc-file rc-file)
;; ensure gitolite's user can read the configuration ;; ensure gitolite's user can read the configuration