Hi Evgeny and whoever wants to do some code review, I have been experiencing this same issue for years now and have been manually chmod'ing /var/lib/gitolite every time I upgraded because I didn't understand what was happening. All this time I thought I had gitolite misconfigured, that maybe I didn't have its umask config set properly, but it was Guix all along! In this case that's great, because it makes the problem easy for me to fix. Patch attached. It works like a charm for my personal git server (https://git.dthompson.us), /var/lib/gitolite was 700 before a system reconfigure, and 750 afterwards.
Big thanks to Evgeny for making a bug report and doing the research to identify the root cause! - Dave
From f35cb018df8498db45689dc0e9800b99008a9dea Mon Sep 17 00:00:00 2001 From: David Thompson <[email protected]> Date: Fri, 19 Aug 2022 09:20:06 -0400 Subject: [PATCH] services: gitolite: Relax permissions on service user home directory. Fixes https://issues.guix.gnu.org/56444 * gnu/services/version-control.scm (gitolite-activation): Modify permissions on home directory so that git group has read access. Reported-by: Evgeny Pisemsky <[email protected]> Experienced by David Thompson for years, wondering what was wrong. Thanks for finding the root cause, Evgeny! :) --- gnu/services/version-control.scm | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index defbd65c36..17a5f9c867 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -331,6 +331,14 @@ access to exported repositories under @file{/srv/git}." (strip-store-file-name admin-pubkey)))) (rc-file #$(string-append home "/.gitolite.rc"))) + ;; activate-users+groups in (gnu build activation) sets the + ;; permission flags of home directories to #o700 and mentions that + ;; services needing looser permissions should chmod it during + ;; service activation. We also want the git group to be able to + ;; read from the gitolite home directory, so a chmod'ing we will + ;; go! + (chmod #$home #o750) + (simple-format #t "guix: gitolite: installing ~A\n" #$rc-file) (copy-file #$rc-file rc-file) ;; ensure gitolite's user can read the configuration -- 2.25.1
