diff options
author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-08-13 22:28:01 +0200 |
---|---|---|
committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-08-13 22:40:43 +0200 |
commit | 6a66736f78f7d71bfc82f6761ffc8356bb9fc99d (patch) | |
tree | 073ea5aba4ba2f30eab618379f6450c2a429a8ef | |
parent | fix(nixos/git-server): Use correct regex syntax in allowed git config values (diff) | |
download | nixos-server-6a66736f78f7d71bfc82f6761ffc8356bb9fc99d.zip |
fix(nixos/git-server): Correctly enable the git config feature of gitolite
The previously set variable is only used in the gitolite.conf file for the `config` specifications on each repo. We can't use that because we use "wild-repos". Thus we need to add the `user-configs` option to each repo, allow users to change the git settings specified there with a simple `ssh git@git.vhack.eu config <repo> --set cgit.owner <name>`.
-rw-r--r-- | modules/nixos/vhack/git-server/default.nix | 5 | ||||
-rw-r--r-- | tests/nixos/vhack/git-server/test.nix | 31 |
2 files changed, 29 insertions, 7 deletions
diff --git a/modules/nixos/vhack/git-server/default.nix b/modules/nixos/vhack/git-server/default.nix index 2c1ac7e..83e18f8 100644 --- a/modules/nixos/vhack/git-server/default.nix +++ b/modules/nixos/vhack/git-server/default.nix @@ -75,7 +75,7 @@ in { $RC{UMASK} = 0027; # Enable group access, important for cgit. # Enable modifing git variables (for cgit.owner and such things) - $RC{GIT_CONFIG_KEYS} = 'cgit\.owner cgit\.desc cgit\.section cgit\.homepage gitweb\.owner gitweb\.description'; + # These must be enable in the gitolite-admin repo (option user-configs = ...) push( @{$RC{ENABLE}}, 'config' ); push( @{$RC{ENABLE}}, 'git-config' ); @@ -151,7 +151,8 @@ in { # NOTE: This allows cgit to take configuration from the bare git repositories: # eg. `cgit.section` should set the section, `cgit.homepage` the homepage, - # `gitweb.owner` the owner and `gitweb.description` the description of the repo. <2024-08-02> + # `cgit.owner` the owner and `cgit.description` the description of the repo (see + # cgitrc (5) for more). <2024-08-02> enable-git-config = true; # Remove the `.git` suffix from scanned repositories (this must be set _before_ `scan-path`) diff --git a/tests/nixos/vhack/git-server/test.nix b/tests/nixos/vhack/git-server/test.nix index 0632483..61a6e02 100644 --- a/tests/nixos/vhack/git-server/test.nix +++ b/tests/nixos/vhack/git-server/test.nix @@ -17,6 +17,7 @@ RW+ = CREATOR RW = WRITERS R = READERS + option user-configs = cgit\.owner cgit\.desc cgit\.section cgit\.homepage ''; expectedGitoliteConf = pkgs.writeText "expected-gitolite-conf" '' @@ -30,6 +31,7 @@ RW+ = CREATOR RW = WRITERS R = READERS + option user-configs = cgit\.owner cgit\.desc cgit\.section cgit\.homepage ''; expectedHtmlReadme = pkgs.writeText "expectedHtmlReadme" '' @@ -80,6 +82,7 @@ in }; }; }; + client = {...}: { environment.systemPackages = [pkgs.git]; programs.ssh.extraConfig = '' @@ -195,15 +198,33 @@ in ) with subtest("Bob can see alice config on cgit"): - client.succeed( - # Disable ssl verification, as the certs are self-signed - "sudo -u bob git -c http.sslVerify=false clone https://server/alice/alice-project.git" - ) + client.succeed("sudo -u bob ${pkgs.writeShellScript "bob-clone-repo" '' + set -xe + + cd ~bob + # Disable ssl verification, as the certs are self-signed + git -c http.sslVerify=false clone https://server/alice/alice-project.git + ''}") + + with subtest("Alice can change settings in her repo"): + client.succeed("sudo -u alice ${pkgs.writeShellScript "alice-change-settings" '' + set -xe + + echo 'Hi! You want to work with alice' | ssh git@server motd alice/alice-project set + ssh git@server config alice/alice-project --add 'cgit.owner' 'alice' + ssh git@server config alice/alice-project --add 'cgit.section' 'alice' + ssh git@server config alice/alice-project --add 'cgit.homepage' 'alice' + + owner="$(ssh git@server config alice/alice-project --get-all 'cgit.owner')" + [ "$owner" = "alice" ] || { + echo "owner should be alice but is '$owner'!" + exit 1 + } + ''}") client.succeed( "curl --insecure --silent --fail --show-error 'https://server/alice/alice-project/about' | diff -u ${expectedHtmlReadme} -" ) - # server.succeed( # "git clone http://localhost/%28c%29git/alice-project && diff -u reference/date.txt some-repo/date.txt" # ) |