aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Lepiller <julien@lepiller.eu>2021-08-25 03:00:44 +0200
committerJulien Lepiller <julien@lepiller.eu>2021-09-02 22:56:44 +0200
commitcc16103861b26836908a7d16e0751739a0e20da2 (patch)
tree16c560cb394d328a9b4c24943074f212528ef099
parent5dac09e263d566ccf99776df97c47eed0d30c172 (diff)
downloadguix-cc16103861b26836908a7d16e0751739a0e20da2.tar
guix-cc16103861b26836908a7d16e0751739a0e20da2.tar.gz
gnu: gitolite: Add unsafe-pattern configuration option.
* gnu/services/version-control.scm (gitolite-rc-file): Add unsafe-pattern field. (gitolite-rc-file-compiler): Write it. * doc/guix.texi (Version Control Services): Document it.
-rw-r--r--doc/guix.texi13
-rw-r--r--gnu/services/version-control.scm8
2 files changed, 20 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index d2819b259e..ab178a6b06 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -31517,6 +31517,19 @@ A value like @code{#o0027} will give read access to the group used by Gitolite
(by default: @code{git}). This is necessary when using Gitolite with software
like cgit or gitweb.
+@item @code{unsafe-pattern} (default: @code{#f})
+An optional Perl regular expression for catching unsafe configurations in
+the configuration file. See
+@uref{https://gitolite.com/gitolite/git-config.html#compensating-for-unsafe_patt,
+Gitolite's documentation} for more information.
+
+When the value is not @code{#f}, it should be a string containing a Perl
+regular expression, such as @samp{"[`~#\$\&()|;<>]"}, which is the default
+value used by gitolite. It rejects any special character in configuration
+that might be interpreted by a shell, which is useful when sharing the
+administration burden with other people that do not otherwise have shell
+access on the server.
+
@item @code{git-config-keys} (default: @code{""})
Gitolite allows you to set git config values using the @samp{config}
keyword. This setting allows control over the config keys to accept.
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 8cb5633165..ab86f82e62 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -54,6 +54,7 @@
<gitolite-rc-file>
gitolite-rc-file
gitolite-rc-file-umask
+ gitolite-rc-file-unsafe-pattern
gitolite-rc-file-git-config-keys
gitolite-rc-file-roles
gitolite-rc-file-enable
@@ -226,6 +227,8 @@ access to exported repositories under @file{/srv/git}."
gitolite-rc-file?
(umask gitolite-rc-file-umask
(default #o0077))
+ (unsafe-pattern gitolite-rc-file-unsafe-pattern
+ (default #f))
(git-config-keys gitolite-rc-file-git-config-keys
(default ""))
(roles gitolite-rc-file-roles
@@ -245,7 +248,7 @@ access to exported repositories under @file{/srv/git}."
(define-gexp-compiler (gitolite-rc-file-compiler
(file <gitolite-rc-file>) system target)
(match file
- (($ <gitolite-rc-file> umask git-config-keys roles enable)
+ (($ <gitolite-rc-file> umask unsafe-pattern git-config-keys roles enable)
(apply text-file* "gitolite.rc"
`("%RC = (\n"
" UMASK => " ,(format #f "~4,'0o" umask) ",\n"
@@ -264,6 +267,9 @@ access to exported repositories under @file{/srv/git}."
" ],\n"
");\n"
"\n"
+ ,(if unsafe-pattern
+ (string-append "$UNSAFE_PATT = qr(" unsafe-pattern ");")
+ "")
"1;\n")))))
(define-record-type* <gitolite-configuration>