[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/03: gnu: gitolite: Add unsafe-pattern configuration option.
|
From: |
guix-commits |
|
Subject: |
02/03: gnu: gitolite: Add unsafe-pattern configuration option. |
|
Date: |
Thu, 2 Sep 2021 17:22:25 -0400 (EDT) |
roptat pushed a commit to branch master
in repository guix.
commit cc16103861b26836908a7d16e0751739a0e20da2
Author: Julien Lepiller <julien@lepiller.eu>
AuthorDate: Wed Aug 25 03:00:44 2021 +0200
gnu: gitolite: Add unsafe-pattern configuration option.
* gnu/services/version-control.scm (gitolite-rc-file): Add
unsafe-pattern field.
(gitolite-rc-file-compiler): Write it.
* doc/guix.texi (Version Control Services): Document it.
---
doc/guix.texi | 13 +++++++++++++
gnu/services/version-control.scm | 8 +++++++-
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index d2819b2..ab178a6 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -31517,6 +31517,19 @@ A value like @code{#o0027} will give read access to
the group used by Gitolite
(by default: @code{git}). This is necessary when using Gitolite with software
like cgit or gitweb.
+@item @code{unsafe-pattern} (default: @code{#f})
+An optional Perl regular expression for catching unsafe configurations in
+the configuration file. See
+@uref{https://gitolite.com/gitolite/git-config.html#compensating-for-unsafe_patt,
+Gitolite's documentation} for more information.
+
+When the value is not @code{#f}, it should be a string containing a Perl
+regular expression, such as @samp{"[`~#\$\&()|;<>]"}, which is the default
+value used by gitolite. It rejects any special character in configuration
+that might be interpreted by a shell, which is useful when sharing the
+administration burden with other people that do not otherwise have shell
+access on the server.
+
@item @code{git-config-keys} (default: @code{""})
Gitolite allows you to set git config values using the @samp{config}
keyword. This setting allows control over the config keys to accept.
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 8cb5633..ab86f82 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -54,6 +54,7 @@
<gitolite-rc-file>
gitolite-rc-file
gitolite-rc-file-umask
+ gitolite-rc-file-unsafe-pattern
gitolite-rc-file-git-config-keys
gitolite-rc-file-roles
gitolite-rc-file-enable
@@ -226,6 +227,8 @@ access to exported repositories under @file{/srv/git}."
gitolite-rc-file?
(umask gitolite-rc-file-umask
(default #o0077))
+ (unsafe-pattern gitolite-rc-file-unsafe-pattern
+ (default #f))
(git-config-keys gitolite-rc-file-git-config-keys
(default ""))
(roles gitolite-rc-file-roles
@@ -245,7 +248,7 @@ access to exported repositories under @file{/srv/git}."
(define-gexp-compiler (gitolite-rc-file-compiler
(file <gitolite-rc-file>) system target)
(match file
- (($ <gitolite-rc-file> umask git-config-keys roles enable)
+ (($ <gitolite-rc-file> umask unsafe-pattern git-config-keys roles enable)
(apply text-file* "gitolite.rc"
`("%RC = (\n"
" UMASK => " ,(format #f "~4,'0o" umask) ",\n"
@@ -264,6 +267,9 @@ access to exported repositories under @file{/srv/git}."
" ],\n"
");\n"
"\n"
+ ,(if unsafe-pattern
+ (string-append "$UNSAFE_PATT = qr(" unsafe-pattern ");")
+ "")
"1;\n")))))
(define-record-type* <gitolite-configuration>