gnu: gitolite: Add unsafe-pattern configuration option.

* gnu/services/version-control.scm (gitolite-rc-file): Add
unsafe-pattern field.
(gitolite-rc-file-compiler): Write it.
* doc/guix.texi (Version Control Services): Document it.
This commit is contained in:
Julien Lepiller 2021-08-25 03:00:44 +02:00
parent 5dac09e263
commit cc16103861
No known key found for this signature in database
GPG key ID: 53D457B2D636EE82
2 changed files with 20 additions and 1 deletions

View file

@ -31517,6 +31517,19 @@ A value like @code{#o0027} will give read access to the group used by Gitolite
(by default: @code{git}). This is necessary when using Gitolite with software
like cgit or gitweb.
@item @code{unsafe-pattern} (default: @code{#f})
An optional Perl regular expression for catching unsafe configurations in
the configuration file. See
@uref{https://gitolite.com/gitolite/git-config.html#compensating-for-unsafe_patt,
Gitolite's documentation} for more information.
When the value is not @code{#f}, it should be a string containing a Perl
regular expression, such as @samp{"[`~#\$\&()|;<>]"}, which is the default
value used by gitolite. It rejects any special character in configuration
that might be interpreted by a shell, which is useful when sharing the
administration burden with other people that do not otherwise have shell
access on the server.
@item @code{git-config-keys} (default: @code{""})
Gitolite allows you to set git config values using the @samp{config}
keyword. This setting allows control over the config keys to accept.

View file

@ -54,6 +54,7 @@ (define-module (gnu services version-control)
<gitolite-rc-file>
gitolite-rc-file
gitolite-rc-file-umask
gitolite-rc-file-unsafe-pattern
gitolite-rc-file-git-config-keys
gitolite-rc-file-roles
gitolite-rc-file-enable
@ -226,6 +227,8 @@ (define-record-type* <gitolite-rc-file>
gitolite-rc-file?
(umask gitolite-rc-file-umask
(default #o0077))
(unsafe-pattern gitolite-rc-file-unsafe-pattern
(default #f))
(git-config-keys gitolite-rc-file-git-config-keys
(default ""))
(roles gitolite-rc-file-roles
@ -245,7 +248,7 @@ (define-record-type* <gitolite-rc-file>
(define-gexp-compiler (gitolite-rc-file-compiler
(file <gitolite-rc-file>) system target)
(match file
(($ <gitolite-rc-file> umask git-config-keys roles enable)
(($ <gitolite-rc-file> umask unsafe-pattern git-config-keys roles enable)
(apply text-file* "gitolite.rc"
`("%RC = (\n"
" UMASK => " ,(format #f "~4,'0o" umask) ",\n"
@ -264,6 +267,9 @@ (define-gexp-compiler (gitolite-rc-file-compiler
" ],\n"
");\n"
"\n"
,(if unsafe-pattern
(string-append "$UNSAFE_PATT = qr(" unsafe-pattern ");")
"")
"1;\n")))))
(define-record-type* <gitolite-configuration>