diff options
author | Julien Lepiller <julien@lepiller.eu> | 2021-08-25 03:00:44 +0200 |
---|---|---|
committer | Julien Lepiller <julien@lepiller.eu> | 2021-09-02 22:56:44 +0200 |
commit | cc16103861b26836908a7d16e0751739a0e20da2 (patch) | |
tree | 16c560cb394d328a9b4c24943074f212528ef099 | |
parent | 5dac09e263d566ccf99776df97c47eed0d30c172 (diff) | |
download | guix-cc16103861b26836908a7d16e0751739a0e20da2.tar guix-cc16103861b26836908a7d16e0751739a0e20da2.tar.gz |
gnu: gitolite: Add unsafe-pattern configuration option.
* gnu/services/version-control.scm (gitolite-rc-file): Add
unsafe-pattern field.
(gitolite-rc-file-compiler): Write it.
* doc/guix.texi (Version Control Services): Document it.
-rw-r--r-- | doc/guix.texi | 13 | ||||
-rw-r--r-- | gnu/services/version-control.scm | 8 |
2 files changed, 20 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index d2819b259e..ab178a6b06 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -31517,6 +31517,19 @@ A value like @code{#o0027} will give read access to the group used by Gitolite (by default: @code{git}). This is necessary when using Gitolite with software like cgit or gitweb. +@item @code{unsafe-pattern} (default: @code{#f}) +An optional Perl regular expression for catching unsafe configurations in +the configuration file. See +@uref{https://gitolite.com/gitolite/git-config.html#compensating-for-unsafe_patt, +Gitolite's documentation} for more information. + +When the value is not @code{#f}, it should be a string containing a Perl +regular expression, such as @samp{"[`~#\$\&()|;<>]"}, which is the default +value used by gitolite. It rejects any special character in configuration +that might be interpreted by a shell, which is useful when sharing the +administration burden with other people that do not otherwise have shell +access on the server. + @item @code{git-config-keys} (default: @code{""}) Gitolite allows you to set git config values using the @samp{config} keyword. This setting allows control over the config keys to accept. diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index 8cb5633165..ab86f82e62 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -54,6 +54,7 @@ <gitolite-rc-file> gitolite-rc-file gitolite-rc-file-umask + gitolite-rc-file-unsafe-pattern gitolite-rc-file-git-config-keys gitolite-rc-file-roles gitolite-rc-file-enable @@ -226,6 +227,8 @@ access to exported repositories under @file{/srv/git}." gitolite-rc-file? (umask gitolite-rc-file-umask (default #o0077)) + (unsafe-pattern gitolite-rc-file-unsafe-pattern + (default #f)) (git-config-keys gitolite-rc-file-git-config-keys (default "")) (roles gitolite-rc-file-roles @@ -245,7 +248,7 @@ access to exported repositories under @file{/srv/git}." (define-gexp-compiler (gitolite-rc-file-compiler (file <gitolite-rc-file>) system target) (match file - (($ <gitolite-rc-file> umask git-config-keys roles enable) + (($ <gitolite-rc-file> umask unsafe-pattern git-config-keys roles enable) (apply text-file* "gitolite.rc" `("%RC = (\n" " UMASK => " ,(format #f "~4,'0o" umask) ",\n" @@ -264,6 +267,9 @@ access to exported repositories under @file{/srv/git}." " ],\n" ");\n" "\n" + ,(if unsafe-pattern + (string-append "$UNSAFE_PATT = qr(" unsafe-pattern ");") + "") "1;\n"))))) (define-record-type* <gitolite-configuration> |