summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-08-13 22:28:01 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-08-13 22:40:43 +0200
commit6a66736f78f7d71bfc82f6761ffc8356bb9fc99d (patch)
tree073ea5aba4ba2f30eab618379f6450c2a429a8ef
parentfix(nixos/git-server): Use correct regex syntax in allowed git config values (diff)
downloadnixos-server-6a66736f78f7d71bfc82f6761ffc8356bb9fc99d.zip
fix(nixos/git-server): Correctly enable the git config feature of gitolite
The previously set variable is only used in the gitolite.conf file for
the `config` specifications on each repo. We can't use that because we
use "wild-repos". Thus we need to add the `user-configs` option to each
repo, allow users to change the git settings specified there with a
simple `ssh git@git.vhack.eu config <repo> --set cgit.owner <name>`.
-rw-r--r--modules/nixos/vhack/git-server/default.nix5
-rw-r--r--tests/nixos/vhack/git-server/test.nix31
2 files changed, 29 insertions, 7 deletions
diff --git a/modules/nixos/vhack/git-server/default.nix b/modules/nixos/vhack/git-server/default.nix
index 2c1ac7e..83e18f8 100644
--- a/modules/nixos/vhack/git-server/default.nix
+++ b/modules/nixos/vhack/git-server/default.nix
@@ -75,7 +75,7 @@ in {
           $RC{UMASK} = 0027; # Enable group access, important for cgit.
 
           # Enable modifing git variables (for cgit.owner and such things)
-          $RC{GIT_CONFIG_KEYS} = 'cgit\.owner cgit\.desc cgit\.section cgit\.homepage gitweb\.owner gitweb\.description';
+          # These must be enable in the gitolite-admin repo (option user-configs = ...)
           push( @{$RC{ENABLE}}, 'config' );
           push( @{$RC{ENABLE}}, 'git-config' );
 
@@ -151,7 +151,8 @@ in {
 
           # NOTE: This allows cgit to take configuration from the bare git repositories:
           # eg. `cgit.section` should set the section, `cgit.homepage` the homepage,
-          # `gitweb.owner` the owner and `gitweb.description` the description of the repo. <2024-08-02>
+          # `cgit.owner` the owner and `cgit.description` the description of the repo (see
+          # cgitrc (5) for more). <2024-08-02>
           enable-git-config = true;
 
           # Remove the `.git` suffix from scanned repositories (this must be set _before_ `scan-path`)
diff --git a/tests/nixos/vhack/git-server/test.nix b/tests/nixos/vhack/git-server/test.nix
index 0632483..61a6e02 100644
--- a/tests/nixos/vhack/git-server/test.nix
+++ b/tests/nixos/vhack/git-server/test.nix
@@ -17,6 +17,7 @@
       RW+   = CREATOR
       RW    = WRITERS
       R     = READERS
+      option user-configs = cgit\.owner cgit\.desc cgit\.section cgit\.homepage
   '';
 
   expectedGitoliteConf = pkgs.writeText "expected-gitolite-conf" ''
@@ -30,6 +31,7 @@
      RW+ = CREATOR
      RW = WRITERS
      R = READERS
+     option user-configs = cgit\.owner cgit\.desc cgit\.section cgit\.homepage
   '';
 
   expectedHtmlReadme = pkgs.writeText "expectedHtmlReadme" ''
@@ -80,6 +82,7 @@ in
           };
         };
       };
+
       client = {...}: {
         environment.systemPackages = [pkgs.git];
         programs.ssh.extraConfig = ''
@@ -195,15 +198,33 @@ in
         )
 
       with subtest("Bob can see alice config on cgit"):
-        client.succeed(
-            # Disable ssl verification, as the certs are self-signed
-            "sudo -u bob git -c http.sslVerify=false clone https://server/alice/alice-project.git"
-        )
+        client.succeed("sudo -u bob ${pkgs.writeShellScript "bob-clone-repo" ''
+        set -xe
+
+        cd ~bob
+        # Disable ssl verification, as the certs are self-signed
+        git -c http.sslVerify=false clone https://server/alice/alice-project.git
+      ''}")
+
+      with subtest("Alice can change settings in her repo"):
+        client.succeed("sudo -u alice ${pkgs.writeShellScript "alice-change-settings" ''
+        set -xe
+
+        echo 'Hi! You want to work with alice' | ssh git@server motd alice/alice-project set
+        ssh git@server config alice/alice-project --add 'cgit.owner' 'alice'
+        ssh git@server config alice/alice-project --add 'cgit.section' 'alice'
+        ssh git@server config alice/alice-project --add 'cgit.homepage' 'alice'
+
+        owner="$(ssh git@server config alice/alice-project --get-all 'cgit.owner')"
+        [ "$owner" = "alice" ] || {
+          echo "owner should be alice but is '$owner'!"
+          exit 1
+        }
+      ''}")
 
       client.succeed(
           "curl --insecure --silent --fail --show-error 'https://server/alice/alice-project/about' | diff -u ${expectedHtmlReadme}  -"
       )
-
       # server.succeed(
       #    "git clone http://localhost/%28c%29git/alice-project && diff -u reference/date.txt some-repo/date.txt"
       # )