From cc16103861b26836908a7d16e0751739a0e20da2 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Wed, 25 Aug 2021 03:00:44 +0200 Subject: gnu: gitolite: Add unsafe-pattern configuration option. * gnu/services/version-control.scm (gitolite-rc-file): Add unsafe-pattern field. (gitolite-rc-file-compiler): Write it. * doc/guix.texi (Version Control Services): Document it. --- doc/guix.texi | 13 +++++++++++++ gnu/services/version-control.scm | 8 +++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index d2819b259e..ab178a6b06 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -31517,6 +31517,19 @@ A value like @code{#o0027} will give read access to the group used by Gitolite (by default: @code{git}). This is necessary when using Gitolite with software like cgit or gitweb. +@item @code{unsafe-pattern} (default: @code{#f}) +An optional Perl regular expression for catching unsafe configurations in +the configuration file. See +@uref{https://gitolite.com/gitolite/git-config.html#compensating-for-unsafe_patt, +Gitolite's documentation} for more information. + +When the value is not @code{#f}, it should be a string containing a Perl +regular expression, such as @samp{"[`~#\$\&()|;<>]"}, which is the default +value used by gitolite. It rejects any special character in configuration +that might be interpreted by a shell, which is useful when sharing the +administration burden with other people that do not otherwise have shell +access on the server. + @item @code{git-config-keys} (default: @code{""}) Gitolite allows you to set git config values using the @samp{config} keyword. This setting allows control over the config keys to accept. diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index 8cb5633165..ab86f82e62 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -54,6 +54,7 @@ gitolite-rc-file gitolite-rc-file-umask + gitolite-rc-file-unsafe-pattern gitolite-rc-file-git-config-keys gitolite-rc-file-roles gitolite-rc-file-enable @@ -226,6 +227,8 @@ access to exported repositories under @file{/srv/git}." gitolite-rc-file? (umask gitolite-rc-file-umask (default #o0077)) + (unsafe-pattern gitolite-rc-file-unsafe-pattern + (default #f)) (git-config-keys gitolite-rc-file-git-config-keys (default "")) (roles gitolite-rc-file-roles @@ -245,7 +248,7 @@ access to exported repositories under @file{/srv/git}." (define-gexp-compiler (gitolite-rc-file-compiler (file ) system target) (match file - (($ umask git-config-keys roles enable) + (($ umask unsafe-pattern git-config-keys roles enable) (apply text-file* "gitolite.rc" `("%RC = (\n" " UMASK => " ,(format #f "~4,'0o" umask) ",\n" @@ -264,6 +267,9 @@ access to exported repositories under @file{/srv/git}." " ],\n" ");\n" "\n" + ,(if unsafe-pattern + (string-append "$UNSAFE_PATT = qr(" unsafe-pattern ");") + "") "1;\n"))))) (define-record-type* -- cgit v1.2.3