diff mbox

gnu: service: Add git-service.

Message ID 87eg57tk6t.fsf@we.make.ritual.n0.is
State New
Headers show

Commit Message

non such Aug. 29, 2016, 8:05 p.m. UTC
First try with added documentation.

Comments

Andy Wingo Aug. 30, 2016, 7:40 a.m. UTC | #1
On Mon 29 Aug 2016 22:05, ng0 <ng0@we.make.ritual.n0.is> writes:

> +@node Version Control
> +@subsubsection Version Control
> +
> +The @code{(gnu services version-control)} module provides the following services:
> +
> +@deffn {Scheme Procedure} git-service [git @var{git}] @
> +       [base-path ``/var/git/repositories''] @
> +       [port ``9418'']

Though there are no strict conventions for this, the right way to do
this is to use #:foo for keyword arguments, and then regular scheme for
the default value initializers.  So

@deffn {Scheme Procedure} git-service [#:git git] @
       [#:base-path "/var/git/repositories"] @
       [#:port 9418]

Note lack of smart quotes on base-path.  I also think that "path" might
not be the right word, which in GNU manuals is only used for search
paths.  See the "GNU Manuals" section of standards.texi for more.
Anyway I suggest #:base-directory.  Make sure the port is an integer and
not a string.

> +Return a service to run the @uref{https://git-scm.com, git} daemon version control
> +daemon.

Extra "daemon" here.  Probably needs a sentence on what running the
daemon will do (namely, expose local repositories for remote access).

What about authentication?  Is this purely anonymous?

> +The git daemon runs as the @code{git} unprivileged user.  It is started with
> +the fixed parameters @code{--informative-errors} and @code{--syslog}.  You can

> +pass the parameter @var{base-path}, which remaps all the pathrequests as
> +relative to the given path.  If you run git daemon with
> +@var{base-path /var/git/repositories} on example.com, then if you later try
> +to pull @code{git://example.com/hello.git}, git daemon will interpret the path
> +as /var/git/repositories/hello.git.

Need @code{} on this last file name.  Use "file name" instead of path in general.

> +Furthermore it takes the parameter @var{port} which defaults to 9418.
> +Run @command{man git daemon} for information about the options.

This man command does not work.

> +(define %git-accounts
> +  ;; User account and groups for git-daemon.
> +  ;; We can give it git-shell for now, otherwise we can switch to /bin/sh.

What does this comment mean?  Why would we switch?

> +(define* (git-service #:key
> +                      (git git)
> +                      (base-path "/var/git/repositories")
> +                      (port 9418))
> +  "Return a service that runs @url{https://git-scm.org,git} as a daemon.
> +The daemon will listen on the port specified in @var{port}.
> +In addition, @var{base-path} specifies the path which will repositories
> +which can be exported by adding 'git-daemon-export-ok' files to them."

This docstring needs updating as regards the word "path" I think and
also this info about git-daemon-export-ok probably needs to go in the
manual.

Other than that, looking good :)

Andy
non such Aug. 30, 2016, 11:45 a.m. UTC | #2
Hi,

Andy Wingo <wingo@igalia.com> writes:

> On Mon 29 Aug 2016 22:05, ng0 <ng0@we.make.ritual.n0.is> writes:
>
>> +@node Version Control
>> +@subsubsection Version Control
>> +
>> +The @code{(gnu services version-control)} module provides the following services:
>> +
>> +@deffn {Scheme Procedure} git-service [git @var{git}] @
>> +       [base-path ``/var/git/repositories''] @
>> +       [port ``9418'']
>
> Though there are no strict conventions for this, the right way to do
> this is to use #:foo for keyword arguments, and then regular scheme for
> the default value initializers.  So
>
> @deffn {Scheme Procedure} git-service [#:git git] @
>        [#:base-path "/var/git/repositories"] @
>        [#:port 9418]
>
> Note lack of smart quotes on base-path.

I had this at first, but then I found a service which did not use
#:keyword, so I got confused. Writing this service was hard enough
because I understand scheme in general more than 9 months ago, but not
enough to explain or understand all of what I've written in this
service, as it started as a modification of parts of other services. I
will adjust and we'll see if it works. Thanks.

>I also think that "path" might
> not be the right word, which in GNU manuals is only used for search
> paths.  See the "GNU Manuals" section of standards.texi for more.
> Anyway I suggest #:base-directory.  Make sure the port is an integer and
> not a string.

See 'man git daemon'.  The switch is called --base-path.  Looking at
the openrc conf.d/git or what the config file was called again, they
stick to this name too.  It would just cause confusion if we go ahead
and call it differently.  Upstream should be fixed, but I'm not going
there.  If you think we should break expectations, I can rename it.

>> +Return a service to run the @uref{https://git-scm.com, git} daemon version control
>> +daemon.
>
> Extra "daemon" here.  Probably needs a sentence on what running the
> daemon will do (namely, expose local repositories for remote access).
>
> What about authentication?  Is this purely anonymous?

Exactly, authentication is handled via other daemons, for example ssh or
gitolite. git daemon supports no authentication and is read-only, as far
as I know. At the servers I use and setup, I pull via
git://,http://,https:// and push via ssh.
Its selfdescription is:
git-daemon - A really simple server for Git repositories.

A really simple TCP Git daemon that normally listens on port
"DEFAULT_GIT_PORT" aka 9418. It waits for a connection asking for a
service, and will serve that service if it is enabled.

It verifies that the directory has the magic file
"git-daemon-export-ok", and it will refuse to export any Git directory
that hasn’t explicitly been marked for export this way (unless the
--export-all parameter is specified). If you pass some directory paths
as git daemon arguments, you can further restrict the offers to a
whitelist comprising of those.

By default, only upload-pack service is enabled, which serves git
fetch-pack and git ls-remote clients, which are invoked from git fetch,
git pull, and git clone.

This is ideally suited for read-only updates, i.e., pulling from Git
repositories.

An upload-archive also exists to serve git archive.

>> +The git daemon runs as the @code{git} unprivileged user.  It is started with
>> +the fixed parameters @code{--informative-errors} and @code{--syslog}.  You can
>
>> +pass the parameter @var{base-path}, which remaps all the pathrequests as
>> +relative to the given path.  If you run git daemon with
>> +@var{base-path /var/git/repositories} on example.com, then if you later try
>> +to pull @code{git://example.com/hello.git}, git daemon will interpret the path
>> +as /var/git/repositories/hello.git.
>
> Need @code{} on this last file name.

>Use "file name" instead of path in general.

Why? It is 1 or more files in a path which happens to sit in
$base-path/$repository.
You will also requests a number of files, not one individual file and
the .git is not a file but a directory. Path for me reads correct, can
you give me some explanation why you think file name should be used
instead of path?

>> +Furthermore it takes the parameter @var{port} which defaults to 9418.
>> +Run @command{man git daemon} for information about the options.
>
> This man command does not work.

Works for me. As far as I know man pages were merged into git package
recently. When I run this on debian with guix, 'man git daemon' works
too.

>> +(define %git-accounts
>> +  ;; User account and groups for git-daemon.
>> +  ;; We can give it git-shell for now, otherwise we can switch to /bin/sh.
>
> What does this comment mean?  Why would we switch?

I am not sure about the limitations of git-shell compared to
/bin/sh. If this turns out to be a mistake, it can be corrected. The
only thing I know about git-shell is that it allows no logins.

>> +(define* (git-service #:key
>> +                      (git git)
>> +                      (base-path "/var/git/repositories")
>> +                      (port 9418))
>> +  "Return a service that runs @url{https://git-scm.org,git} as a daemon.
>> +The daemon will listen on the port specified in @var{port}.
>> +In addition, @var{base-path} specifies the path which will repositories
>> +which can be exported by adding 'git-daemon-export-ok' files to them."
>
> This docstring needs updating as regards the word "path" I think and
> also this info about git-daemon-export-ok probably needs to go in the
> manual.

I'm not sure what has to be documented. I find the upstream
documentation complete enough.
If we stick to our current general view on documentation we should not
provide this info at all. When I got started it was as easy as adding
base-path and port to the config of the service on gentoo and some
additional switches. I then had to read the upstream docs to discover
that git-daemon-export-ok was needed. If services in guix are
translated, and in upstream they aren't that is the only reason why I
would include more info than necessary. I would even remove most of the
description as this was just to test what needs to go in there.
From your first email I assume you have never run or setup git daemon on
a computer. Could you read the upstream documentation and tell me if
there are open questions after readin them? Those are the things I must
point out in the service documentation.

man page: https://git-scm.com/docs/git-daemon
documentation: https://git-scm.com/book/en/v2/Git-on-the-Server-Git-Daemon

> Other than that, looking good :)
>
> Andy

Many thanks for taking your time to review this.
Andy Wingo Aug. 30, 2016, 12:12 p.m. UTC | #3
On Tue 30 Aug 2016 13:45, ng0 <ng0@we.make.ritual.n0.is> writes:

>>I also think that "path" might
>> not be the right word, which in GNU manuals is only used for search
>> paths.  See the "GNU Manuals" section of standards.texi for more.
>> Anyway I suggest #:base-directory.  Make sure the port is an integer and
>> not a string.
>
> See 'man git daemon'.

I ran this and it did not work -- first showed me a page for git then
for daemon.  I believe you want "man git-daemon"?

> The switch is called --base-path.  Looking at the openrc conf.d/git or
> what the config file was called again, they stick to this name too.
> It would just cause confusion if we go ahead and call it differently.
> Upstream should be fixed, but I'm not going there.  If you think we
> should break expectations, I can rename it.

"Fixing" upstream is out of our remit :)  All I can ask is that we do
not introduce new uses of the word "path".

>>> +Return a service to run the @uref{https://git-scm.com, git} daemon version control
>>> +daemon.
>>
>> Extra "daemon" here.  Probably needs a sentence on what running the
>> daemon will do (namely, expose local repositories for remote access).
>>
>> What about authentication?  Is this purely anonymous?
>
> Exactly, authentication is handled via other daemons, for example ssh or
> gitolite. git daemon supports no authentication and is read-only, as far
> as I know. At the servers I use and setup, I pull via
> git://,http://,https:// and push via ssh.
> Its selfdescription is:
> git-daemon - A really simple server for Git repositories.

This needs to be documented in the manual, is what I was getting at :)
Mention that this is for anonymous read-only access please.

>>Use "file name" instead of path in general.
>
> Why?

It is because it is standard in the GNU project.  I mentioned this
before.  See "info standards" and go to "GNU manuals".

>>> +Furthermore it takes the parameter @var{port} which defaults to 9418.
>>> +Run @command{man git daemon} for information about the options.
>>
>> This man command does not work.
>
> Works for me. As far as I know man pages were merged into git package
> recently. When I run this on debian with guix, 'man git daemon' works
> too.

It does not work for me on NixOS with Guix.  Maybe I am out of date
though.

>>> +(define %git-accounts
>>> +  ;; User account and groups for git-daemon.
>>> +  ;; We can give it git-shell for now, otherwise we can switch to /bin/sh.
>>
>> What does this comment mean?  Why would we switch?
>
> I am not sure about the limitations of git-shell compared to
> /bin/sh. If this turns out to be a mistake, it can be corrected. The
> only thing I know about git-shell is that it allows no logins.

If you do not want a login then probably what you want is
#~(string-append #$shadow "/sbin/nologin").

Andy
diff mbox

Patch

From d796e150183d15b8ce639051f202138970153a9e Mon Sep 17 00:00:00 2001
From: ng0 <ng0@we.make.ritual.n0.is>
Date: Fri, 8 Jul 2016 15:42:55 +0000
Subject: [PATCH] gnu: services: Add git-service.

* gnu/services/version-control.scm: New file, create it.
(git-service): New Procedures.
(git-service-type): New variable.
* doc/guix.texi: Add documentation.
---
 doc/guix.texi                    |  24 ++++++++
 gnu/local.mk                     |   1 +
 gnu/services/version-control.scm | 116 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 141 insertions(+)
 create mode 100644 gnu/services/version-control.scm

diff --git a/doc/guix.texi b/doc/guix.texi
index e25cf58..33fa4c6 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7494,6 +7494,7 @@  declaration.
 * Database Services::           SQL databases.
 * Mail Services::               IMAP, POP3, SMTP, and all that.
 * Web Services::                Web servers.
+* Version Control::             Git and others.
 * Various Services::            Other services.
 @end menu
 
@@ -9910,6 +9911,29 @@  directories are created when the service is activated.
 
 @end deffn
 
+@node Version Control
+@subsubsection Version Control
+
+The @code{(gnu services version-control)} module provides the following services:
+
+@deffn {Scheme Procedure} git-service [git @var{git}] @
+       [base-path ``/var/git/repositories''] @
+       [port ``9418'']
+
+Return a service to run the @uref{https://git-scm.com, git} daemon version control
+daemon.
+The git daemon runs as the @code{git} unprivileged user.  It is started with
+the fixed parameters @code{--informative-errors} and @code{--syslog}.  You can
+pass the parameter @var{base-path}, which remaps all the pathrequests as
+relative to the given path.  If you run git daemon with
+@var{base-path /var/git/repositories} on example.com, then if you later try
+to pull @code{git://example.com/hello.git}, git daemon will interpret the path
+as /var/git/repositories/hello.git.
+Furthermore it takes the parameter @var{port} which defaults to 9418.
+Run @command{man git daemon} for information about the options.
+
+@end deffn
+
 @node Various Services
 @subsubsection Various Services
 
diff --git a/gnu/local.mk b/gnu/local.mk
index 7ce8ad0..3bedd97 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -390,6 +390,7 @@  GNU_SYSTEM_MODULES =				\
   %D%/services/herd.scm				\
   %D%/services/spice.scm				\
   %D%/services/ssh.scm				\
+  %D%/services/version-control.scm              \
   %D%/services/web.scm				\
   %D%/services/xorg.scm				\
 						\
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
new file mode 100644
index 0000000..f32a592
--- /dev/null
+++ b/gnu/services/version-control.scm
@@ -0,0 +1,116 @@ 
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services version-control)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages admin)
+  #:use-module (guix records)
+  #:use-module (guix gexp)
+  #:use-module (srfi srfi-1)
+  #:use-module (ice-9 match)
+  #:export (git-service
+            git-service-type
+            git-configuration
+            git-configuration?
+            git-configuration-git
+            git-configuration-port
+            git-configuration-base-path))
+
+;;; Commentary:
+;;;
+;;; Version Control related services.
+;;;
+;;; Code:
+
+
+;;;
+;;; git
+;;;
+
+(define-record-type* <git-configuration> git-configuration
+  make-git-configuration
+  git-configuration?
+  (git       git-configuration-git  ;package
+             (default git))
+  (base-path git-configuration-base-path) ;string
+  (port      git-configuration-port)) ;number
+
+(define (git-shepherd-service config)
+  "Return a <shepherd-service> for git with CONFIG."
+  (define git (git-configuration-git config))
+
+  (define git-command
+    #~(list
+       (string-append #$git "/bin/git") "daemon" "--syslog"
+       "--informative-errors"
+       (string-append "--port=" #$(number->string (git-configuration-port config)))
+       (string-append "--base-path=" #$(git-configuration-base-path config))))
+
+  (define requires
+    '(networking syslogd))
+
+  (list (shepherd-service
+         (documentation "Git daemon server for git repositories")
+         (requirement requires)
+         (provision '(git))
+         (start #~(make-forkexec-constructor #$git-command))
+         (stop #~(make-kill-destructor)))))
+
+(define %git-accounts
+  ;; User account and groups for git-daemon.
+  ;; We can give it git-shell for now, otherwise we can switch to /bin/sh.
+  (list (user-group (name "git") (system? #t))
+        (user-account
+         (name "git")
+         (group "git")
+         (system? #t)
+         (comment "git-daemon user")
+         (home-directory "/var/git")
+         (shell #~(string-append #$shadow "/bin/git-shell")))))
+
+(define (git-activation config)
+  "Return the activation gexp for CONFIG."
+  #~(begin (use-modules (guix build utils))
+           ;; Create the default base-path (where the repositories are).
+           (mkdir-p "/var/git/repositories")))
+
+(define git-service-type
+  (service-type (name 'git)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             git-shepherd-service)
+          (service-extension activation-service-type
+                             git-activation)))))
+
+(define* (git-service #:key
+                      (git git)
+                      (base-path "/var/git/repositories")
+                      (port 9418))
+  "Return a service that runs @url{https://git-scm.org,git} as a daemon.
+The daemon will listen on the port specified in @var{port}.
+In addition, @var{base-path} specifies the path which will repositories
+which can be exported by adding 'git-daemon-export-ok' files to them."
+  (service git-service-type
+           (git-configuration
+            (git git)
+            (base-path base-path)
+            (port port))))
-- 
2.9.3