Re: [gentoo-dev] [RFC] Moving UID/GID assignments to api.gentoo.org (v2)
> On Sat, 17 Aug 2019, Michał Górny wrote: > Here's v2 of my proposed format. Two changes: > 1. I've changed the 'header line' to start with '#!', so comment > stripping normally takes care of it without having to do extra work. > 2. I've allowed Markdown syntax in note field, so that we can link > commits similarly to how we do it on wiki. Please add a standard copyright/license notice. The tables may not be copyrightable, but the comments are. Besides, GLEP 76 requires it. :-) Ulrich
[gentoo-dev] Last rites: sys-kernel/bliss-initramfs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 # Georgy Yakovlev (2019-08-17) # Unmaintained both upstream and in gentoo, author retired # Removal in 30 days sys-kernel/bliss-initramfs @fearedbliss retired a while ago. upstream page[1] litreally says: "This project is no longer in development. Please fork. Thank you." [1] https://github.com/fearedbliss/bliss-initramfs -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3NQc5d2Nq7vhc9JNonLI8BUSnVIFAl1YqmMACgkQonLI8BUS nVLA0RAAwYSUQAJ+H6ITlUSEJjatpjPfiAZg+zq1q9E24Lt4pwNGTGFlfzyYnUjg oSkUxjXbi8jsrIvc0FDdQy+HcGP7HyVA24iSeQ5D3aJahpDNmrxGQI7098lLmhWv xXGVyEbJWz2T00/l2pLZnJgpXKpxgtMUeKLxR+hSOc1Iq5O7W1o1KKM2LP9VeHdH oSMyCt5BNOaz3eMwdEDdMMGTE6ucz5nrl5OUvI83fNpuVAokgLytX4wEGN/a4Fb6 gFjoafljFJPDt5+6HN0XcwcnEq8IBkAHupS/9cp/oan+2U77Vf346ysoqghYuMhr 3TSlVooktfmEMeq/462q4W0TI6lQFzTppqWQMFNPA190LmkbW/TJ5rG8PjO9uraY lAkWyU201LqXO+jBe+eHPZ0iRr1Y9vRuQRLGQEmJleM2/OnO9zyB/7TaKXtxzhsc acrn12kNMl/bz88WEaAei42Isie0ScWMNSpmgr+IrAhZU8urZXKwSPv+ov0wTBr7 i+bIVuRgEWYwdXYZQ7awBRhWfh+oel8/7o4/kmPFXkVlT2GtPOAq1KQHQzGKT/4e 2l6zbxmP79RsGNVqfaZr/EDqWR/2F+PqvpxRn1j91oS1X29aBM2swIM+WeULr/ZU 8DK1r+F59pE/JSJ8bDXQKHnkw/NYih7IaS7bBdxxOGiSqr7j2jw= =gPMW -END PGP SIGNATURE-
Re: [gentoo-dev] [PATCH 3/5] www-apps/gitea: Use acct-{group,user}/git
On 8/17/19 4:43 PM, Michał Górny wrote: >> >> I realize we'd have to tell people how to rename the account to support >> upgrades -- but is there some other reason to keep the shared "git" name? > > The argument I've been told is that users expect 'git@...' to work > as remote URI on their boxes. They don't want users to bind the URI to > specific implementation. > It's not really a URI... it's a username on a remote machine. And these "users" are programmers =P But, I can understand not wanting to tell a bunch of strangers to edit all of their ~/.git/config files at this point. Instead of configuring both packages to use different users, could we configure them to share a working directory? If we give the "git" user a home directory of /var/lib/git [0], then as far as I can tell, both gitolite and gitea will be happy with that. They use different configuration file names and repository locations, and wouldn't need to block each other. [0] This doesn't violate the guidelines that I posted since real humans log in as this account to clone repos out of $HOME. Moreover, I don't think that either gitolite or gitea references this path itself -- it really belongs to the user.
[gentoo-dev] [PATCH v2 5/5] dev-vcs/gitolite-gentoo: Use acct-{group,user}/git
Signed-off-by: Michał Górny --- .../gitolite-gentoo-3.6.6.1-r2.ebuild | 94 +++ .../gitolite-gentoo-.ebuild | 26 ++--- 2 files changed, 100 insertions(+), 20 deletions(-) create mode 100644 dev-vcs/gitolite-gentoo/gitolite-gentoo-3.6.6.1-r2.ebuild diff --git a/dev-vcs/gitolite-gentoo/gitolite-gentoo-3.6.6.1-r2.ebuild b/dev-vcs/gitolite-gentoo/gitolite-gentoo-3.6.6.1-r2.ebuild new file mode 100644 index ..56d7d2a3d0b2 --- /dev/null +++ b/dev-vcs/gitolite-gentoo/gitolite-gentoo-3.6.6.1-r2.ebuild @@ -0,0 +1,94 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +[[ ${PV} == * ]] && SCM="git-2" +EGIT_REPO_URI="git://git.gentoo.org/proj/gitolite-gentoo" +EGIT_MASTER=master + +inherit perl-module user versionator ${SCM} + +DESCRIPTION="Highly flexible server for git directory version tracker, Gentoo fork" +HOMEPAGE="https://cgit.gentoo.org/proj/gitolite-gentoo.git"; +if [[ ${PV} != * ]]; then + SRC_URI="mirror://gentoo/${P}.tar.bz2" + KEYWORDS="~amd64 ~x86" +else + SRC_URI="" + KEYWORDS="" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="selinux tools vim-syntax" + +DEPEND=" + acct-group/git + acct-user/git[gitolite] + dev-lang/perl + virtual/perl-File-Path + virtual/perl-File-Temp + >=dev-vcs/git-1.6.6" +RDEPEND="${DEPEND} + !dev-vcs/gitolite + !www-apps/gitea + vim-syntax? ( app-vim/gitolite-syntax ) + selinux? ( sec-policy/selinux-gitosis ) + >=dev-perl/Net-SSH-AuthorizedKeysFile-0.17 + dev-perl/JSON" + +PATCHES=( ) + +src_prepare() { + default + echo "${PF}-gentoo" > src/VERSION || die +} + +src_install() { + local uexec=/usr/libexec/${PN} + + rm -rf src/lib/Gitolite/Test{,.pm} + insinto $VENDOR_LIB + doins -r src/lib/Gitolite + + dodoc README.markdown CHANGELOG + # These are meant by upstream as examples, you are strongly recommended to + # customize them for your needs. + dodoc contrib/utils/ipa_groups.pl contrib/utils/ldap_groups.sh + + insopts -m0755 + insinto $uexec + doins -r src/{commands,syntactic-sugar,triggers,VREF}/ + doins -r contrib/{commands,triggers,hooks} + + insopts -m0644 + doins src/VERSION + + exeinto $uexec + doexe src/gitolite{,-shell} + + dodir /usr/bin + for bin in gitolite{,-shell}; do + dosym /usr/libexec/${PN}/${bin} /usr/bin/${bin} + done + + if use tools; then + dobin check-g2-compat convert-gitosis-conf + dobin contrib/utils/rc-format-v3.4 + fi + + fperms 0644 ${uexec}/VREF/MERGE-CHECK # It's meant as example only +} + +pkg_postinst() { + if [[ "$(get_major_version $REPLACING_VERSIONS)" == "2" ]]; then + ewarn + elog "***NOTE*** This is a major upgrade and will likely break your existing gitolite-2.x setup!" + elog "Please read http://gitolite.com/gitolite/migr.html first!" + ewarn + elog "***NOTE*** If you're using the \"umask\" feature of ${PN}-2.x:" + elog "You'll have to replace each \"umask = ...\" option by \"option umask = ...\"" + elog "And you'll also have to enable the \"RepoUmask\" module in your .gitolite.rc" + ewarn + fi +} diff --git a/dev-vcs/gitolite-gentoo/gitolite-gentoo-.ebuild b/dev-vcs/gitolite-gentoo/gitolite-gentoo-.ebuild index 7120a4c7c21d..edc904c8d94a 100644 --- a/dev-vcs/gitolite-gentoo/gitolite-gentoo-.ebuild +++ b/dev-vcs/gitolite-gentoo/gitolite-gentoo-.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2015 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=5 @@ -22,22 +22,21 @@ LICENSE="GPL-2" SLOT="0" IUSE="selinux tools vim-syntax" -DEPEND="dev-lang/perl +DEPEND=" + acct-group/git + acct-user/git[gitolite] + dev-lang/perl virtual/perl-File-Path virtual/perl-File-Temp >=dev-vcs/git-1.6.6" RDEPEND="${DEPEND} !dev-vcs/gitolite + !www-apps/gitea vim-syntax? ( app-vim/gitolite-syntax ) selinux? ( sec-policy/selinux-gitosis ) >=dev-perl/Net-SSH-AuthorizedKeysFile-0.17 dev-perl/JSON" -pkg_setup() { - enewgroup git - enewuser git -1 /bin/sh /var/lib/gitolite git -} - src_prepare() { echo "${PF}-gentoo" > src/VERSION } @@ -75,10 +74,6 @@ src_install() { dobin contrib/utils/rc-format-v3.4 fi - keepdir /var/lib/gitolite - fowners git:git /var/lib/gitolite - fperms 750 /var/lib/gitolite - fperms 0644 ${uexec}/VREF/MERGE-CHECK # It's meant as example only } @@ -93,13 +88,4 @@ pkg_postinst() { elog "And you'll also have to enable the \"RepoUmask\" module in y
[gentoo-dev] [PATCH v2 4/5] dev-vcs/gitolite: Use acct-{group,user}/git
Signed-off-by: Michał Górny --- dev-vcs/gitolite/gitolite-3.6.11-r1.ebuild | 91 ++ dev-vcs/gitolite/gitolite-.ebuild | 23 ++ 2 files changed, 97 insertions(+), 17 deletions(-) create mode 100644 dev-vcs/gitolite/gitolite-3.6.11-r1.ebuild diff --git a/dev-vcs/gitolite/gitolite-3.6.11-r1.ebuild b/dev-vcs/gitolite/gitolite-3.6.11-r1.ebuild new file mode 100644 index ..5ee33241a771 --- /dev/null +++ b/dev-vcs/gitolite/gitolite-3.6.11-r1.ebuild @@ -0,0 +1,91 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +[[ ${PV} == * ]] && SCM="git-2" +EGIT_REPO_URI="https://github.com/sitaramc/${PN}.git"; +EGIT_MASTER=master + +inherit perl-module user versionator ${SCM} + +DESCRIPTION="Highly flexible server for git directory version tracker" +HOMEPAGE="https://github.com/sitaramc/gitolite"; +if [[ ${PV} != * ]]; then + SRC_URI="https://github.com/sitaramc/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~x86" +else + SRC_URI="" + KEYWORDS="~amd64 ~arm ~x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="selinux tools" + +DEPEND=" + acct-group/git + acct-user/git[gitolite] + dev-lang/perl + virtual/perl-File-Path + virtual/perl-File-Temp + >=dev-vcs/git-1.6.6" +RDEPEND="${DEPEND} + !app-vim/gitolite-syntax + !dev-vcs/gitolite-gentoo + !www-apps/gitea + selinux? ( sec-policy/selinux-gitosis ) + dev-perl/JSON" + +PATCHES=( ) + +src_prepare() { + default + echo $PF > src/VERSION || die +} + +src_install() { + local uexec=/usr/libexec/${PN} + + rm -rf src/lib/Gitolite/Test{,.pm} + insinto $VENDOR_LIB + doins -r src/lib/Gitolite + + dodoc README.markdown CHANGELOG + # These are meant by upstream as examples, you are strongly recommended to + # customize them for your needs. + dodoc contrib/utils/ipa_groups.pl contrib/utils/ldap_groups.sh + + insinto /usr/share/vim/vimfiles + doins -r contrib/vim/* + + insopts -m0755 + insinto $uexec + doins -r src/{commands,syntactic-sugar,triggers,VREF}/ + doins -r contrib/{commands,triggers,hooks} + + insopts -m0644 + doins src/VERSION + + exeinto $uexec + doexe src/gitolite{,-shell} + + dodir /usr/bin + for bin in gitolite{,-shell}; do + dosym /usr/libexec/${PN}/${bin} /usr/bin/${bin} + done + + if use tools; then + dobin check-g2-compat convert-gitosis-conf + dobin contrib/utils/rc-format-v3.4 + fi + + fperms 0644 ${uexec}/VREF/MERGE-CHECK # It's meant as example only +} + +pkg_postinst() { + if [[ "$(get_major_version $REPLACING_VERSIONS)" == "2" ]]; then + ewarn + elog "***NOTE*** This is a major upgrade and will likely break your existing gitolite-2.x setup!" + elog "Please read http://gitolite.com/gitolite/migr/index.html first!" + fi +} diff --git a/dev-vcs/gitolite/gitolite-.ebuild b/dev-vcs/gitolite/gitolite-.ebuild index 928bbe83926c..ba689d0e780b 100644 --- a/dev-vcs/gitolite/gitolite-.ebuild +++ b/dev-vcs/gitolite/gitolite-.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=5 @@ -22,21 +22,20 @@ LICENSE="GPL-2" SLOT="0" IUSE="selinux tools vim-syntax" -DEPEND="dev-lang/perl +DEPEND=" + acct-group/git + acct-user/git[gitolite] + dev-lang/perl virtual/perl-File-Path virtual/perl-File-Temp >=dev-vcs/git-1.6.6" RDEPEND="${DEPEND} !dev-vcs/gitolite-gentoo + !www-apps/gitea selinux? ( sec-policy/selinux-gitosis ) vim-syntax? ( app-vim/gitolite-syntax ) dev-perl/JSON" -pkg_setup() { - enewgroup git - enewuser git -1 /bin/sh /var/lib/gitolite git -} - src_prepare() { echo $PF > src/VERSION } @@ -74,10 +73,6 @@ src_install() { dobin contrib/utils/rc-format-v3.4 fi - keepdir /var/lib/gitolite - fowners git:git /var/lib/gitolite - fperms 750 /var/lib/gitolite - fperms 0644 ${uexec}/VREF/MERGE-CHECK # It's meant as example only } @@ -87,10 +82,4 @@ pkg_postinst() { elog "***NOTE*** This is a major upgrade and will likely break your existing gitolite-2.x setup!" elog "Please read http://gitolite.com/gitolite/migr/index.html first!" fi - - # bug 352291 - ewarn - elog "Please make sure that your 'git' user has the correct homedir (/var/lib/gitolite)." - elog "Especially if you're migrating from gitosis." - ewarn } -- 2.23.0.rc2
[gentoo-dev] [PATCH v2 2/5] acct-user/git: Add git user, UID 196
Add 'git' user. UID 196 is used on Arch Linux for gitolite which serves the same purpose as 'git' in Gentoo. Note that since we have multiple git hosting providers in Gentoo, and they use disjoint home directories, we need to use USE flags to control the provider used. Upon switching flags, the home directory for git user will be updated accordingly to permit SSH access. Signed-off-by: Michał Górny --- acct-user/git/git-0.ebuild | 29 + acct-user/git/metadata.xml | 15 +++ 2 files changed, 44 insertions(+) create mode 100644 acct-user/git/git-0.ebuild create mode 100644 acct-user/git/metadata.xml diff --git a/acct-user/git/git-0.ebuild b/acct-user/git/git-0.ebuild new file mode 100644 index ..384b3bd703e6 --- /dev/null +++ b/acct-user/git/git-0.ebuild @@ -0,0 +1,29 @@ +# Copyright 2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-user + +DESCRIPTION="Git repository hosting user" + +IUSE="gitea gitolite" +REQUIRED_USE="^^ ( gitea gitolite )" + +ACCT_USER_ID=196 +ACCT_USER_HOME_OWNER=git:git +ACCT_USER_HOME_PERMS=750 +ACCT_USER_SHELL=/bin/sh +ACCT_USER_GROUPS=( git ) + +acct-user_add_deps + +pkg_setup() { + if use gitea; then + ACCT_USER_HOME=/var/lib/gitea + elif use gitolite; then + ACCT_USER_HOME=/var/lib/gitolite + else + die "Incorrect USE flag combination" + fi +} diff --git a/acct-user/git/metadata.xml b/acct-user/git/metadata.xml new file mode 100644 index ..159d766b8251 --- /dev/null +++ b/acct-user/git/metadata.xml @@ -0,0 +1,15 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + + mgo...@gentoo.org + Michał Górny + + + Set home directory for git hosting + via www-apps/gitea. + Set home directory for git hosting + via dev-vcs/gitolite + or dev-vcs/gitolite-gentoo. + + -- 2.23.0.rc2
[gentoo-dev] [PATCH v2 3/5] www-apps/gitea: Use acct-{group,user}/git
Signed-off-by: Michał Górny --- www-apps/gitea/gitea-1.8.3-r1.ebuild | 104 +++ 1 file changed, 104 insertions(+) create mode 100644 www-apps/gitea/gitea-1.8.3-r1.ebuild diff --git a/www-apps/gitea/gitea-1.8.3-r1.ebuild b/www-apps/gitea/gitea-1.8.3-r1.ebuild new file mode 100644 index ..1ea27d61e47f --- /dev/null +++ b/www-apps/gitea/gitea-1.8.3-r1.ebuild @@ -0,0 +1,104 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit golang-vcs-snapshot systemd user + +EGO_PN="code.gitea.io/gitea" + +DESCRIPTION="A painless self-hosted Git service" +HOMEPAGE="https://gitea.io"; +SRC_URI="https://github.com/go-gitea/gitea/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64" +IUSE="pam sqlite" + +COMMON_DEPEND=" + acct-group/git + acct-user/git[gitea] + pam? ( sys-libs/pam )" +DEPEND="${COMMON_DEPEND} + dev-go/go-bindata" +RDEPEND="${COMMON_DEPEND} + dev-vcs/git + !dev-vcs/gitolite + !dev-vcs/gitolite-gentoo" + +DOCS=( custom/conf/app.ini.sample CONTRIBUTING.md README.md ) +S="${WORKDIR}/${P}/src/${EGO_PN}" + +gitea_make() { + local my_tags=( + bindata + $(usev pam) + $(usex sqlite 'sqlite sqlite_unlock_notify' '') + ) + local my_makeopt=( + DRONE_TAG=${PV} + TAGS="${my_tags[@]}" + ) + GOPATH=${WORKDIR}/${P}:$(get_golibdir_gopath) emake "${my_makeopt[@]}" "$@" +} + +src_prepare() { + default + sed -i \ + -e "s#^RUN_MODE = dev#RUN_MODE = prod#" \ + -e "s#^ROOT =#ROOT = ${EPREFIX}/var/lib/gitea/gitea-repositories#" \ + -e "s#^ROOT_PATH =#ROOT_PATH = ${EPREFIX}/var/log/gitea#" \ + -e "s#^APP_DATA_PATH = data#APP_DATA_PATH = ${EPREFIX}/var/lib/gitea/data#" \ + -e "s#^HTTP_ADDR = 0.0.0.0#HTTP_ADDR = 127.0.0.1#" \ + -e "s#^MODE = console#MODE = file#" \ + -e "s#^LEVEL = Trace#LEVEL = Info#" \ + -e "s#^LOG_SQL = true#LOG_SQL = false#" \ + -e "s#^DISABLE_ROUTER_LOG = false#DISABLE_ROUTER_LOG = true#" \ + -e "s#^APP_ID =#;APP_ID =#" \ + -e "s#^TRUSTED_FACETS =#;TRUSTED_FACETS =#" \ + custom/conf/app.ini.sample || die + if use sqlite ; then + sed -i -e "s#^DB_TYPE = .*#DB_TYPE = sqlite3#" custom/conf/app.ini.sample || die + fi + + gitea_make generate +} + +src_compile() { + gitea_make build +} + +src_test() { + gitea_make test +} + +src_install() { + dobin gitea + + einstalldocs + + newconfd "${FILESDIR}"/gitea.confd-r1 gitea + newinitd "${FILESDIR}"/gitea.initd-r3 gitea + systemd_newunit "${FILESDIR}"/gitea.service-r2 gitea.service + + insinto /etc/gitea + newins custom/conf/app.ini.sample app.ini + fowners root:git /etc/gitea/{,app.ini} + fperms g+w,o-rwx /etc/gitea/{,app.ini} + + diropts -m0750 -o git -g git + keepdir /var/lib/gitea/custom /var/lib/gitea/data + keepdir /var/log/gitea +} + +pkg_postinst() { + if [[ -e "${EROOT}/var/lib/gitea/conf/app.ini" ]]; then + ewarn "The configuration path has been changed to ${EROOT}/etc/gitea/app.ini." + ewarn "Please move your configuration from ${EROOT}/var/lib/gitea/conf/app.ini" + ewarn "and adapt the gitea-repositories hooks and ssh authorized_keys." + ewarn "Depending on your configuration you should run something like:" + ewarn "sed -i -e 's#${EROOT}/var/lib/gitea/conf/app.ini#${EROOT}/etc/gitea/app.ini#' \\" + ewarn " /var/lib/gitea/gitea-repositories/*/*/hooks/*/* \\" + ewarn " /var/lib/gitea/.ssh/authorized_keys" + fi +} -- 2.23.0.rc2
[gentoo-dev] [PATCH v2 1/5] acct-group/git: Add git group, GID 196
Add 'git' group. UID 196 is used on Arch Linux for gitolite which serves the same purpose as 'git' in Gentoo. Signed-off-by: Michał Górny --- acct-group/git/git-0.ebuild | 8 acct-group/git/metadata.xml | 8 2 files changed, 16 insertions(+) create mode 100644 acct-group/git/git-0.ebuild create mode 100644 acct-group/git/metadata.xml diff --git a/acct-group/git/git-0.ebuild b/acct-group/git/git-0.ebuild new file mode 100644 index ..15d83cb050a0 --- /dev/null +++ b/acct-group/git/git-0.ebuild @@ -0,0 +1,8 @@ +# Copyright 2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-group + +ACCT_GROUP_ID=196 diff --git a/acct-group/git/metadata.xml b/acct-group/git/metadata.xml new file mode 100644 index ..0319eec4c8be --- /dev/null +++ b/acct-group/git/metadata.xml @@ -0,0 +1,8 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + + mgo...@gentoo.org + Michał Górny + + -- 2.23.0.rc2
Re: [gentoo-dev] [PATCH 3/5] www-apps/gitea: Use acct-{group,user}/git
On Sat, 2019-08-17 at 09:42 -0400, Michael Orlitzky wrote: > On 8/17/19 4:54 AM, Michał Górny wrote: > > On Sat, 2019-08-17 at 10:52 +0200, Ulrich Mueller wrote: > > > Shouldn't there be a blocker against dev-vcs/gitolite{,-gentoo} > > > (and vice versa)? These packages cannot be installed at the same time, > > > and I guess that a direct blocker would result in a friendlier error > > > message than REQUIRED_USE magic in acct-user/git. > > > > > > > You're probably right. I'll update the patches to add mutual blockers > > everywhere. > > > > I discovered on the pull request that "git" is just the name that the > upstream examples use, but isn't required for either gitolite or gitea: > > * https://docs.gitea.io/en-us/install-from-binary/ > > * https://gitolite.com/gitolite/concepts#the-hosting-user > > For example, on Fedora and Debian, gitolite uses a "gitolite" user. We > should also be able to use "gitea" for gitea, meaning that the two > packages don't have to block each other, and that they don't have to > fight over the same username. > > I realize we'd have to tell people how to rename the account to support > upgrades -- but is there some other reason to keep the shared "git" name? The argument I've been told is that users expect 'git@...' to work as remote URI on their boxes. They don't want users to bind the URI to specific implementation. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH] */*: Make 'colord' a global USE flag
On Sat, 2019-05-18 at 09:00 +0200, Michał Górny wrote: > USE=colord is used in 11 packages consistently. Make it a global USE > flag using the description from GNOME packages, and remove redundant > local definitions. > > The local definition in x11-libs/gtk+ is left as it clarifies that > the flag applies to printing. > ...and pushed. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] dynamic groups and users
Hi, Jaco. On Thu, 2019-08-01 at 21:04 +0200, Jaco Kroon wrote: > Looking at the new eclasses for acct-user and acct-group. > > These enforce that a group and user id should be set. > > This is not a requirement for enewuser nor enewgroup. > > As a further discrepancy, the user eclass requires >0 for the IDs, > whereas the checks in acct-user and acct-group is for >= 0. > > Would it be ok to suggest that we allow -1 (or 0, but that could be > confused with the root user/group) in acct-user and acct-group to > specify "no specific id, please allocate dynamically"? > I've just pushed the patch permitting -1. Enjoy! -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH] acct-*.eclass: Allow dynamic UID/GID assignment via -1
On Wed, 2019-08-07 at 19:10 +0200, Michał Górny wrote: > Allow a special value of '-1' to dynamically assign UID/GID for the user > or group. This is intended to be used in overlays where proper > assignment does not take place but whose owners wish to switch to acct-* > packages. > > While technically it is possible to choose a free UID/GID, it could be > taken afterwards by some Gentoo package and unnecessarily introduce > a conflict. Using '999' was also suggested (as the first dynamic > UID/GID) but it would cause issues for people enabling > ACCT_*_ENFORCE_ID. To avoid this, '-1' does not trigger collision > checks. > > Signed-off-by: Michał Górny > --- > eclass/acct-group.eclass | 4 > eclass/acct-user.eclass | 4 > 2 files changed, 8 insertions(+) > > diff --git a/eclass/acct-group.eclass b/eclass/acct-group.eclass > index 9eab00db690f..d5ccd209c9e3 100644 > --- a/eclass/acct-group.eclass > +++ b/eclass/acct-group.eclass > @@ -59,6 +59,9 @@ readonly ACCT_GROUP_NAME > # @DESCRIPTION: > # Preferred GID for the new group. This variable is obligatory, and its > # value must be unique across all group packages. > +# > +# Overlays should set this to -1 to dynamically allocate GID. Using -1 > +# in ::gentoo is prohibited by policy. > > # @ECLASS-VARIABLE: ACCT_GROUP_ENFORCE_ID > # @DESCRIPTION: > @@ -87,6 +90,7 @@ acct-group_pkg_pretend() { > > # verify ACCT_GROUP_ID > [[ -n ${ACCT_GROUP_ID} ]] || die "Ebuild error: ACCT_GROUP_ID must be > set!" > + [[ ${ACCT_GROUP_ID} -eq -1 ]] && return > [[ ${ACCT_GROUP_ID} -ge 0 ]] || die "Ebuild errors: > ACCT_GROUP_ID=${ACCT_GROUP_ID} invalid!" > > # check for ACCT_GROUP_ID collisions early > diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass > index 60009643c144..17a58e9126e4 100644 > --- a/eclass/acct-user.eclass > +++ b/eclass/acct-user.eclass > @@ -67,6 +67,9 @@ readonly ACCT_USER_NAME > # @DESCRIPTION: > # Preferred UID for the new user. This variable is obligatory, and its > # value must be unique across all user packages. > +# > +# Overlays should set this to -1 to dynamically allocate GID. Using -1 > +# in ::gentoo is prohibited by policy. > > # @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID > # @DESCRIPTION: > @@ -279,6 +282,7 @@ acct-user_pkg_pretend() { > > # verify ACCT_USER_ID > [[ -n ${ACCT_USER_ID} ]] || die "Ebuild error: ACCT_USER_ID must be > set!" > + [[ ${ACCT_USER_ID} -eq -1 ]] && return > [[ ${ACCT_USER_ID} -ge 0 ]] || die "Ebuild errors: > ACCT_USER_ID=${ACCT_USER_ID} invalid!" > > # check for ACCT_USER_ID collisions early Pushed now. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [RFC] package.deprecated to mark packages deprecated and report dependencies
On Fri, Aug 16, 2019 at 07:10:27PM +0200, Michał Górny wrote: > Hi, > > leio asked me yesterday for the possibility of marking packages > as deprecated, so that CI would issue warnings when other packages > depend on them. I think that's quite a good idea, so I'd like to > propose a simple implementation for it. > > The idea is to provide profiles/package.deprecated using the same format > as package.mask. However, unlike the latter it wouldn't cause any user- > visible results but only affect pkgcheck (and possibly repoman, if > someone writes the check). > > Basically you'd put something like: > > # name (date) > # We don't like this package anymore, so we want to remove it ASAP. > dev-foo/bar > > # name (date) > # Old slot is not nice at all. > dev-bar/frobnicate:0.1 > > # name (date) > # Nononono, don't use that. >11.0 > > This would cause matching packages to be marked as deprecated. It > wouldn't affect normal install behavior but pkgcheck/CI would complain > if any package had a dependency that can only be satisfied > by the deprecated packages. > > What do you think? > > -- > Best regards, > Michał Górny > I really like this idea as well. It would also benefit the security team to know which packages need to be fixed/removed before a vulnerable package can be ridded of. e.g. the sys-devel/automake:{1.9, 1.10} thing from today... -- Cheers, Aaron signature.asc Description: PGP signature
Re: [gentoo-dev] [RFC] package.deprecated to mark packages deprecated and report dependencies
On Fri, Aug 16, 2019 at 10:10 AM Michał Górny wrote: > > Hi, > > leio asked me yesterday for the possibility of marking packages > as deprecated, so that CI would issue warnings when other packages > depend on them. I think that's quite a good idea, so I'd like to > propose a simple implementation for it. > > The idea is to provide profiles/package.deprecated using the same format > as package.mask. However, unlike the latter it wouldn't cause any user- > visible results but only affect pkgcheck (and possibly repoman, if > someone writes the check). > > Basically you'd put something like: > > # name (date) > # We don't like this package anymore, so we want to remove it ASAP. > dev-foo/bar > > # name (date) > # Old slot is not nice at all. > dev-bar/frobnicate:0.1 > > # name (date) > # Nononono, don't use that. >11.0 > > This would cause matching packages to be marked as deprecated. It > wouldn't affect normal install behavior but pkgcheck/CI would complain > if any package had a dependency that can only be satisfied > by the deprecated packages. > > What do you think? I think it's a great idea. It would have been perfect for the x11-proto/* -> x11-base/xorg-proto transition.
[gentoo-dev] Last rites: net-misc/openrdate
# Aaron Bauman (2019-08-17) # Relies on vulnerable automake:1.10 # Removal in 30 days games-simulation/crrcsim media-gfx/pixie net-irc/eiwic net-misc/openrdate -- Cheers, Aaron signature.asc Description: PGP signature
[gentoo-dev] Last rites: net-irc/eiwic
# Aaron Bauman (2019-08-17) # Relies on vulnerable automake:1.10 # Removal in 30 days games-simulation/crrcsim media-gfx/pixie net-irc/eiwic -- Cheers, Aaron signature.asc Description: PGP signature
[gentoo-dev] Last rites: media-gfx/pixie
# Aaron Bauman (2019-08-17) # Relies on vulnerable automake:1.10 # Removal in 30 days games-simulation/crrcsim media-gfx/pixie -- Cheers, Aaron signature.asc Description: PGP signature
[gentoo-dev] Last rites: games-simulation/crrcsim
# Aaron Bauman (2019-08-17) # Relies on vulnerable automake:1.10 # Removal in 30 days games-simulation/crrcsim -- Cheers, Aaron signature.asc Description: PGP signature
Re: [gentoo-dev] RFC: GLEP81 home directory guidelines
On Sat, 17 Aug 2019 10:35:29 +0200 Ulrich Mueller wrote: > For example, "nobody" lives in /var/empty but cannot write to it, and > that dir is owned by root. What ensures that the permissions on /var/empty are correct for this scenario? Possibly having acct-* create a /var/lib/nobody or a /var/lib/ssh (or similar) _and_ ensure the no-write permissions are correct could be a feature? Maybe this needs to be a feature or something in the eclass? > ACCT_HOME_NOWRITE=1 * eclass decides what HOME should be (maybe just /var/empty, /var/lib/nobody or, say, /var/lib/no-write/nobody) * eclass ensures -w for u,g,o pgpjCyLBlB1H6.pgp Description: OpenPGP digital signature
[gentoo-dev] Last rites: dev-embedded/bitbake
# Aaron Bauman (2019-08-17) # Unmaintained, outstanding sec vuln bug #540360 # Lots of new versions upstream. Removal in 30 days. dev-embedded/bitbake -- Cheers, Aaron signature.asc Description: PGP signature
[gentoo-dev] Last rites: dev-python/restkit
# Aaron Bauman (2019-08-17) # Outstanding sec vuln bug #544228. No releases from upstream # Upstream still has not addressed the bug. Removal in 30 days. dev-python/restkit -- Cheers, Aaron signature.asc Description: PGP signature
Re: [gentoo-dev] RFC: GLEP81 home directory guidelines
On 8/17/19 4:35 AM, Ulrich Mueller wrote: > >> 2 No two acct-user packages should define the same ACCT_USER_HOME. > > These two points are not fulfilled by the users that currently belong > to baselayout. For example, "operator" (and "toor" on BSD) share /root > with the root user. > Let me first say that I've called these "guidelines" and not "rules" for a reason. If there's a legitimate reason to ignore one of them, then so be it. For "toor", it might make sense to leave its home directory as-is. It shares the same UID as "root", so the bit about clobbering permissions doesn't apply. The "operator" user on the other hand, is an anachronism. It's unable to log in by default, and I'll bet we could simply delete it from baselayout and no one would notice. Less zealously, we could leave its home directory at the default: /root will be unusable anyway (see below about $HOME being unwritable). >> 5 As a corollary of the previous item, it is highly suspicious for >> an acct-user package to set ACCT_USER_HOME_OWNER="root:root". > > Again, points 4 and 5 won't be true for several of baselayout's users. > For example, "nobody" lives in /var/empty but cannot write to it, and > that dir is owned by root. "The fact that the home directory is not writable suggests that the default (empty) ACCT_USER_HOME would suffice instead." Would it? > Same for the "sshd" user, which IIRC chroots to /var/empty, but must > not (be able to) write to that dir. It chroots to /var/empty, but does it chroot to $HOME? The ebuild passes --with-privsep-path="${EPREFIX%/}"/var/empty to the build. I see that on newer installs the "sshd" user now has /var/empty as its home directory. But the machine I'm typing this on had Gentoo installed on it in 2004, and sshd's home directory is set to /dev/null. And as far as I know, everything's fine. So, same question: would the default (empty) ACCT_USER_HOME suffice instead?
Re: [gentoo-dev] RFC: GLEP81 home directory guidelines
On 8/17/19 12:29 AM, Haelwenn (lanodan) Monnier wrote: > > Any reason why sharing home directories isn't simply forbidden? > This is sure to blow on us at some point if there is shared home directories. > > ... > > Shouldn't this be owned instead of writable? I'm pretty sure we can > have cases where no having write permissions is prefered for security. The weak wording is for two reasons: * I'm confident that these are all good ideas, but not 100% certain. This is new stuff, and what constitutes a "best practice" is likely to change. If a corner case comes up, I don't want to have dug us into a hole by outlawing something that turns out to be reasonable in some situations. * If this goes into the devmanual, it would be a new policy, and it therefore needs some consensus among developers. It's a lot easier to get consensus for a warning than it is for a ban. >> 5 As a corollary of the previous item, it is highly suspicious for >> an acct-user package to set ACCT_USER_HOME_OWNER="root:root". > > Is there cases where this would be used? It makes no sense to me for a > home to belong to root. > It's happened in two cases so far, both leading to some badness. It's a symptom of some other problem, but checking the variable for "root:root" in e.g. repoman is a lot easier than running a tinderbox build to see if there's a directory collision.
Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (76)
On 8/17/19 2:36 AM, Eray Aslan wrote: > > For the record, it wasnt me who wrote those acct-user ebuilds. Apologies, I checked the metadata and assumed that I missed these as part of your patch series. In any case, I'm not trying to throw blame around -- this is all new and we're still figuring it out (which is why I miss seeing the patches). >> >> Given that both of those users are pulled in only by net-mail/mailbase >> at the moment, you probably want to set those permissions in the ebuild > > I dont want to set permissions in the ebuild if possible. Thats not a > proper solution. > > Why do we need a postmaster account at all? Does anyone have a clue? > If it is needed, it should be pulled in directly by the package that needs it. I have a feeling that mailbase exists to avoid copy/pasting some code between postfix, exim, and however-many versions of qmail we once had. For the user creation at least, GLEP81 eliminates the copy/pasting. > Getting rid of mailbase is certainly another option. > The only reason I didn't suggest this is because my TODO list is already too long. I'm sure there's a good historical reason for mailbase to exist, but I can't figure out what it does today.
Re: [gentoo-dev] [PATCH 3/5] www-apps/gitea: Use acct-{group,user}/git
On 8/17/19 4:54 AM, Michał Górny wrote: > On Sat, 2019-08-17 at 10:52 +0200, Ulrich Mueller wrote: >> >> Shouldn't there be a blocker against dev-vcs/gitolite{,-gentoo} >> (and vice versa)? These packages cannot be installed at the same time, >> and I guess that a direct blocker would result in a friendlier error >> message than REQUIRED_USE magic in acct-user/git. >> > > You're probably right. I'll update the patches to add mutual blockers > everywhere. > I discovered on the pull request that "git" is just the name that the upstream examples use, but isn't required for either gitolite or gitea: * https://docs.gitea.io/en-us/install-from-binary/ * https://gitolite.com/gitolite/concepts#the-hosting-user For example, on Fedora and Debian, gitolite uses a "gitolite" user. We should also be able to use "gitea" for gitea, meaning that the two packages don't have to block each other, and that they don't have to fight over the same username. I realize we'd have to tell people how to rename the account to support upgrades -- but is there some other reason to keep the shared "git" name?
Re: [gentoo-dev] [RFC] package.deprecated to mark packages deprecated and report dependencies
Ühel kenal päeval, R, 16.08.2019 kell 19:58, kirjutas Thomas Deutschmann: > Hi, > > I like the idea. This will allow the following change in workflow: > > When you now want to last-rite app-misc/foo for example, you would > schedule a CI run. I.e. create a pull request against Gentoo > repository > at GitHub containing your package.mask entry. When the results will > be > available, you will start filling bugs against packages depending on > the > package you want to get rid off. Once all depending packages are > gone, > you will commit the mask. However, this process can take some time > and > in theory someone could add a new dependency on your package in the > meanwhile... > > Thanks to the new package.deprecated file we would have a check in > real > time against current repository. And once all CI warnings are gone > you > can commit the mask. I imagined it more in terms of replacing that PR CI run to get the initial list and start signaling that we want it to go away. However packages shouldn't be put in there that are really still used a lot (say, x11-libs/gtk+:2). I don't think it should nag maintainers using repoman (or pkgcheck in the future) by default (at least for pre-existing cases), but included in a CI run as lower prio warning to be able to quickly search through the list to see what the state of things is, if it's realistic to really get rid of it by filing the bugs, etc. And it should warn for completely new packages, if they add a dep on it. Bonus points if the CI check can signal that a deprecated use isn't the case anymore in a newer revision already - to signal that it's a matter of clean-up work there. But that's just my thoughts, and what you propose is also an improvement. Though with that kind of approach I would instead mark it up and push that to main tree, and then do the bugs from the refreshed report with the low prio warnings instead though; or remove the entry if it's still too much and unrealistic. Mart signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH 3/5] www-apps/gitea: Use acct-{group,user}/git
On Sat, 2019-08-17 at 10:52 +0200, Ulrich Mueller wrote: > > > > > > On Sat, 17 Aug 2019, Michał Górny wrote: > > +RDEPEND="${COMMON_DEPEND} > > + dev-vcs/git" > > Shouldn't there be a blocker against dev-vcs/gitolite{,-gentoo} > (and vice versa)? These packages cannot be installed at the same time, > and I guess that a direct blocker would result in a friendlier error > message than REQUIRED_USE magic in acct-user/git. > You're probably right. I'll update the patches to add mutual blockers everywhere. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH 3/5] www-apps/gitea: Use acct-{group,user}/git
> On Sat, 17 Aug 2019, Michał Górny wrote: > +RDEPEND="${COMMON_DEPEND} > + dev-vcs/git" Shouldn't there be a blocker against dev-vcs/gitolite{,-gentoo} (and vice versa)? These packages cannot be installed at the same time, and I guess that a direct blocker would result in a friendlier error message than REQUIRED_USE magic in acct-user/git. Ulrich signature.asc Description: PGP signature
Re: [gentoo-dev] RFC: GLEP81 home directory guidelines
> On Sat, 17 Aug 2019, Michael Orlitzky wrote: > 1 Avoid using an ACCT_USER_HOME that belongs to another package. > 2 No two acct-user packages should define the same ACCT_USER_HOME. These two points are not fulfilled by the users that currently belong to baselayout. For example, "operator" (and "toor" on BSD) share /root with the root user. > 3 If your package's configuration needs to be able to > write to e.g. /var/lib/, then your package's ebuild should > create that directory and set its ownership and permissions. Barring > any other considerations, the corresponding acct-user package should > leave ACCT_USER_HOME at its default (empty) value; setting > ACCT_USER_HOME=/var/lib/ would violate item (1). > 4 Each user's home directory should be writable by that user. If it > is not, that indicates that a shared and potentially sensitive > location was chosen; and the fact that the home directory is not > writable suggests that the default (empty) ACCT_USER_HOME would > suffice instead. > 5 As a corollary of the previous item, it is highly suspicious for > an acct-user package to set ACCT_USER_HOME_OWNER="root:root". Again, points 4 and 5 won't be true for several of baselayout's users. For example, "nobody" lives in /var/empty but cannot write to it, and that dir is owned by root. Same for the "sshd" user, which IIRC chroots to /var/empty, but must not (be able to) write to that dir. > 6 The world-writable bit should never be set in ACCT_USER_HOME_PERMS. > This would otherwise satisfy item (4), but should never be done for > security reasons. signature.asc Description: PGP signature
Re: [gentoo-dev] [RFC] Moving UID/GID assignments to api.gentoo.org (v2)
On Sat, 2019-08-17 at 09:06 +0200, Michał Górny wrote: > Hi, > > Here's v2 of my proposed format. Also example usage: get user/group named 'adm' $ awk '$1 == "adm"' uid-gid.txt adm 3 4 baselayout get records for UID 3: $ awk '$2 == 3' uid-gid.txt adm 3 4 baselayout bin 3 7 baselayout-fbsd get records for GID 4: $ awk '$3 == 4' uid-gid.txt adm 3 4 baselayout tty 4 4 baselayout-fbsd get all users, sorted by UID: $ awk '$0 ~ /^[^#]/ && $2 != "-"' uid-gid.txt | sort -k2 -n root 0 0 baselayout root 0 - baselayout-fbsd toor 0 - baselayout-fbsd FreeBSD lists both names in passwd get all groups, sorted by GID: $ awk '$0 ~ /^[^#]/ && $3 != "-"' uid-gid.txt | sort -k3 -n root 0 0 baselayout wheel - 0 baselayout-fbsd bin 1 1 baselayout -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
[gentoo-dev] [PATCH 5/5] dev-vcs/gitolite-gentoo: Use acct-{group,user}/git
Signed-off-by: Michał Górny --- .../gitolite-gentoo-3.6.6.1-r2.ebuild | 93 +++ .../gitolite-gentoo-.ebuild | 25 + 2 files changed, 98 insertions(+), 20 deletions(-) create mode 100644 dev-vcs/gitolite-gentoo/gitolite-gentoo-3.6.6.1-r2.ebuild diff --git a/dev-vcs/gitolite-gentoo/gitolite-gentoo-3.6.6.1-r2.ebuild b/dev-vcs/gitolite-gentoo/gitolite-gentoo-3.6.6.1-r2.ebuild new file mode 100644 index ..79f26e40c16f --- /dev/null +++ b/dev-vcs/gitolite-gentoo/gitolite-gentoo-3.6.6.1-r2.ebuild @@ -0,0 +1,93 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +[[ ${PV} == * ]] && SCM="git-2" +EGIT_REPO_URI="git://git.gentoo.org/proj/gitolite-gentoo" +EGIT_MASTER=master + +inherit perl-module user versionator ${SCM} + +DESCRIPTION="Highly flexible server for git directory version tracker, Gentoo fork" +HOMEPAGE="https://cgit.gentoo.org/proj/gitolite-gentoo.git"; +if [[ ${PV} != * ]]; then + SRC_URI="mirror://gentoo/${P}.tar.bz2" + KEYWORDS="~amd64 ~x86" +else + SRC_URI="" + KEYWORDS="" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="selinux tools vim-syntax" + +DEPEND=" + acct-group/git + acct-user/git[gitolite] + dev-lang/perl + virtual/perl-File-Path + virtual/perl-File-Temp + >=dev-vcs/git-1.6.6" +RDEPEND="${DEPEND} + !dev-vcs/gitolite + vim-syntax? ( app-vim/gitolite-syntax ) + selinux? ( sec-policy/selinux-gitosis ) + >=dev-perl/Net-SSH-AuthorizedKeysFile-0.17 + dev-perl/JSON" + +PATCHES=( ) + +src_prepare() { + default + echo "${PF}-gentoo" > src/VERSION || die +} + +src_install() { + local uexec=/usr/libexec/${PN} + + rm -rf src/lib/Gitolite/Test{,.pm} + insinto $VENDOR_LIB + doins -r src/lib/Gitolite + + dodoc README.markdown CHANGELOG + # These are meant by upstream as examples, you are strongly recommended to + # customize them for your needs. + dodoc contrib/utils/ipa_groups.pl contrib/utils/ldap_groups.sh + + insopts -m0755 + insinto $uexec + doins -r src/{commands,syntactic-sugar,triggers,VREF}/ + doins -r contrib/{commands,triggers,hooks} + + insopts -m0644 + doins src/VERSION + + exeinto $uexec + doexe src/gitolite{,-shell} + + dodir /usr/bin + for bin in gitolite{,-shell}; do + dosym /usr/libexec/${PN}/${bin} /usr/bin/${bin} + done + + if use tools; then + dobin check-g2-compat convert-gitosis-conf + dobin contrib/utils/rc-format-v3.4 + fi + + fperms 0644 ${uexec}/VREF/MERGE-CHECK # It's meant as example only +} + +pkg_postinst() { + if [[ "$(get_major_version $REPLACING_VERSIONS)" == "2" ]]; then + ewarn + elog "***NOTE*** This is a major upgrade and will likely break your existing gitolite-2.x setup!" + elog "Please read http://gitolite.com/gitolite/migr.html first!" + ewarn + elog "***NOTE*** If you're using the \"umask\" feature of ${PN}-2.x:" + elog "You'll have to replace each \"umask = ...\" option by \"option umask = ...\"" + elog "And you'll also have to enable the \"RepoUmask\" module in your .gitolite.rc" + ewarn + fi +} diff --git a/dev-vcs/gitolite-gentoo/gitolite-gentoo-.ebuild b/dev-vcs/gitolite-gentoo/gitolite-gentoo-.ebuild index 7120a4c7c21d..325697741407 100644 --- a/dev-vcs/gitolite-gentoo/gitolite-gentoo-.ebuild +++ b/dev-vcs/gitolite-gentoo/gitolite-gentoo-.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2015 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=5 @@ -22,7 +22,10 @@ LICENSE="GPL-2" SLOT="0" IUSE="selinux tools vim-syntax" -DEPEND="dev-lang/perl +DEPEND=" + acct-group/git + acct-user/git[gitolite] + dev-lang/perl virtual/perl-File-Path virtual/perl-File-Temp >=dev-vcs/git-1.6.6" @@ -33,11 +36,6 @@ RDEPEND="${DEPEND} >=dev-perl/Net-SSH-AuthorizedKeysFile-0.17 dev-perl/JSON" -pkg_setup() { - enewgroup git - enewuser git -1 /bin/sh /var/lib/gitolite git -} - src_prepare() { echo "${PF}-gentoo" > src/VERSION } @@ -75,10 +73,6 @@ src_install() { dobin contrib/utils/rc-format-v3.4 fi - keepdir /var/lib/gitolite - fowners git:git /var/lib/gitolite - fperms 750 /var/lib/gitolite - fperms 0644 ${uexec}/VREF/MERGE-CHECK # It's meant as example only } @@ -93,13 +87,4 @@ pkg_postinst() { elog "And you'll also have to enable the \"RepoUmask\" module in your .gitolite.rc" ewarn fi - - # bug 352291 - gitolite_home=$(awk -F: '$1 == "git" { print $6 }' /etc/passwd) -
[gentoo-dev] [PATCH 4/5] dev-vcs/gitolite: Use acct-{group,user}/git
Signed-off-by: Michał Górny --- dev-vcs/gitolite/gitolite-3.6.11-r1.ebuild | 90 ++ dev-vcs/gitolite/gitolite-.ebuild | 22 ++ 2 files changed, 95 insertions(+), 17 deletions(-) create mode 100644 dev-vcs/gitolite/gitolite-3.6.11-r1.ebuild diff --git a/dev-vcs/gitolite/gitolite-3.6.11-r1.ebuild b/dev-vcs/gitolite/gitolite-3.6.11-r1.ebuild new file mode 100644 index ..39e318eef01b --- /dev/null +++ b/dev-vcs/gitolite/gitolite-3.6.11-r1.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +[[ ${PV} == * ]] && SCM="git-2" +EGIT_REPO_URI="https://github.com/sitaramc/${PN}.git"; +EGIT_MASTER=master + +inherit perl-module user versionator ${SCM} + +DESCRIPTION="Highly flexible server for git directory version tracker" +HOMEPAGE="https://github.com/sitaramc/gitolite"; +if [[ ${PV} != * ]]; then + SRC_URI="https://github.com/sitaramc/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~x86" +else + SRC_URI="" + KEYWORDS="~amd64 ~arm ~x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="selinux tools" + +DEPEND=" + acct-group/git + acct-user/git[gitolite] + dev-lang/perl + virtual/perl-File-Path + virtual/perl-File-Temp + >=dev-vcs/git-1.6.6" +RDEPEND="${DEPEND} + !app-vim/gitolite-syntax + !dev-vcs/gitolite-gentoo + selinux? ( sec-policy/selinux-gitosis ) + dev-perl/JSON" + +PATCHES=( ) + +src_prepare() { + default + echo $PF > src/VERSION || die +} + +src_install() { + local uexec=/usr/libexec/${PN} + + rm -rf src/lib/Gitolite/Test{,.pm} + insinto $VENDOR_LIB + doins -r src/lib/Gitolite + + dodoc README.markdown CHANGELOG + # These are meant by upstream as examples, you are strongly recommended to + # customize them for your needs. + dodoc contrib/utils/ipa_groups.pl contrib/utils/ldap_groups.sh + + insinto /usr/share/vim/vimfiles + doins -r contrib/vim/* + + insopts -m0755 + insinto $uexec + doins -r src/{commands,syntactic-sugar,triggers,VREF}/ + doins -r contrib/{commands,triggers,hooks} + + insopts -m0644 + doins src/VERSION + + exeinto $uexec + doexe src/gitolite{,-shell} + + dodir /usr/bin + for bin in gitolite{,-shell}; do + dosym /usr/libexec/${PN}/${bin} /usr/bin/${bin} + done + + if use tools; then + dobin check-g2-compat convert-gitosis-conf + dobin contrib/utils/rc-format-v3.4 + fi + + fperms 0644 ${uexec}/VREF/MERGE-CHECK # It's meant as example only +} + +pkg_postinst() { + if [[ "$(get_major_version $REPLACING_VERSIONS)" == "2" ]]; then + ewarn + elog "***NOTE*** This is a major upgrade and will likely break your existing gitolite-2.x setup!" + elog "Please read http://gitolite.com/gitolite/migr/index.html first!" + fi +} diff --git a/dev-vcs/gitolite/gitolite-.ebuild b/dev-vcs/gitolite/gitolite-.ebuild index 928bbe83926c..c97712af0d4f 100644 --- a/dev-vcs/gitolite/gitolite-.ebuild +++ b/dev-vcs/gitolite/gitolite-.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=5 @@ -22,7 +22,10 @@ LICENSE="GPL-2" SLOT="0" IUSE="selinux tools vim-syntax" -DEPEND="dev-lang/perl +DEPEND=" + acct-group/git + acct-user/git[gitolite] + dev-lang/perl virtual/perl-File-Path virtual/perl-File-Temp >=dev-vcs/git-1.6.6" @@ -32,11 +35,6 @@ RDEPEND="${DEPEND} vim-syntax? ( app-vim/gitolite-syntax ) dev-perl/JSON" -pkg_setup() { - enewgroup git - enewuser git -1 /bin/sh /var/lib/gitolite git -} - src_prepare() { echo $PF > src/VERSION } @@ -74,10 +72,6 @@ src_install() { dobin contrib/utils/rc-format-v3.4 fi - keepdir /var/lib/gitolite - fowners git:git /var/lib/gitolite - fperms 750 /var/lib/gitolite - fperms 0644 ${uexec}/VREF/MERGE-CHECK # It's meant as example only } @@ -87,10 +81,4 @@ pkg_postinst() { elog "***NOTE*** This is a major upgrade and will likely break your existing gitolite-2.x setup!" elog "Please read http://gitolite.com/gitolite/migr/index.html first!" fi - - # bug 352291 - ewarn - elog "Please make sure that your 'git' user has the correct homedir (/var/lib/gitolite)." - elog "Especially if you're migrating from gitosis." - ewarn } -- 2.23.0.rc2
[gentoo-dev] [PATCH 2/5] acct-user/git: Add git user, UID 196
Add 'git' user. UID 196 is used on Arch Linux for gitolite which serves the same purpose as 'git' in Gentoo. Note that since we have multiple git hosting providers in Gentoo, and they use disjoint home directories, we need to use USE flags to control the provider used. Upon switching flags, the home directory for git user will be updated accordingly to permit SSH access. Signed-off-by: Michał Górny --- acct-user/git/git-0.ebuild | 29 + acct-user/git/metadata.xml | 15 +++ 2 files changed, 44 insertions(+) create mode 100644 acct-user/git/git-0.ebuild create mode 100644 acct-user/git/metadata.xml diff --git a/acct-user/git/git-0.ebuild b/acct-user/git/git-0.ebuild new file mode 100644 index ..384b3bd703e6 --- /dev/null +++ b/acct-user/git/git-0.ebuild @@ -0,0 +1,29 @@ +# Copyright 2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-user + +DESCRIPTION="Git repository hosting user" + +IUSE="gitea gitolite" +REQUIRED_USE="^^ ( gitea gitolite )" + +ACCT_USER_ID=196 +ACCT_USER_HOME_OWNER=git:git +ACCT_USER_HOME_PERMS=750 +ACCT_USER_SHELL=/bin/sh +ACCT_USER_GROUPS=( git ) + +acct-user_add_deps + +pkg_setup() { + if use gitea; then + ACCT_USER_HOME=/var/lib/gitea + elif use gitolite; then + ACCT_USER_HOME=/var/lib/gitolite + else + die "Incorrect USE flag combination" + fi +} diff --git a/acct-user/git/metadata.xml b/acct-user/git/metadata.xml new file mode 100644 index ..159d766b8251 --- /dev/null +++ b/acct-user/git/metadata.xml @@ -0,0 +1,15 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + + mgo...@gentoo.org + Michał Górny + + + Set home directory for git hosting + via www-apps/gitea. + Set home directory for git hosting + via dev-vcs/gitolite + or dev-vcs/gitolite-gentoo. + + -- 2.23.0.rc2
[gentoo-dev] [PATCH 1/5] acct-group/git: Add git group, GID 196
Add 'git' group. UID 196 is used on Arch Linux for gitolite which serves the same purpose as 'git' in Gentoo. Signed-off-by: Michał Górny --- acct-group/git/git-0.ebuild | 8 acct-group/git/metadata.xml | 8 2 files changed, 16 insertions(+) create mode 100644 acct-group/git/git-0.ebuild create mode 100644 acct-group/git/metadata.xml diff --git a/acct-group/git/git-0.ebuild b/acct-group/git/git-0.ebuild new file mode 100644 index ..15d83cb050a0 --- /dev/null +++ b/acct-group/git/git-0.ebuild @@ -0,0 +1,8 @@ +# Copyright 2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-group + +ACCT_GROUP_ID=196 diff --git a/acct-group/git/metadata.xml b/acct-group/git/metadata.xml new file mode 100644 index ..0319eec4c8be --- /dev/null +++ b/acct-group/git/metadata.xml @@ -0,0 +1,8 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + + mgo...@gentoo.org + Michał Górny + + -- 2.23.0.rc2
[gentoo-dev] [PATCH 3/5] www-apps/gitea: Use acct-{group,user}/git
Signed-off-by: Michał Górny --- www-apps/gitea/gitea-1.8.3-r1.ebuild | 102 +++ 1 file changed, 102 insertions(+) create mode 100644 www-apps/gitea/gitea-1.8.3-r1.ebuild diff --git a/www-apps/gitea/gitea-1.8.3-r1.ebuild b/www-apps/gitea/gitea-1.8.3-r1.ebuild new file mode 100644 index ..e78e0438b47a --- /dev/null +++ b/www-apps/gitea/gitea-1.8.3-r1.ebuild @@ -0,0 +1,102 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit golang-vcs-snapshot systemd user + +EGO_PN="code.gitea.io/gitea" + +DESCRIPTION="A painless self-hosted Git service" +HOMEPAGE="https://gitea.io"; +SRC_URI="https://github.com/go-gitea/gitea/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64" +IUSE="pam sqlite" + +COMMON_DEPEND=" + acct-group/git + acct-user/git[gitea] + pam? ( sys-libs/pam )" +DEPEND="${COMMON_DEPEND} + dev-go/go-bindata" +RDEPEND="${COMMON_DEPEND} + dev-vcs/git" + +DOCS=( custom/conf/app.ini.sample CONTRIBUTING.md README.md ) +S="${WORKDIR}/${P}/src/${EGO_PN}" + +gitea_make() { + local my_tags=( + bindata + $(usev pam) + $(usex sqlite 'sqlite sqlite_unlock_notify' '') + ) + local my_makeopt=( + DRONE_TAG=${PV} + TAGS="${my_tags[@]}" + ) + GOPATH=${WORKDIR}/${P}:$(get_golibdir_gopath) emake "${my_makeopt[@]}" "$@" +} + +src_prepare() { + default + sed -i \ + -e "s#^RUN_MODE = dev#RUN_MODE = prod#" \ + -e "s#^ROOT =#ROOT = ${EPREFIX}/var/lib/gitea/gitea-repositories#" \ + -e "s#^ROOT_PATH =#ROOT_PATH = ${EPREFIX}/var/log/gitea#" \ + -e "s#^APP_DATA_PATH = data#APP_DATA_PATH = ${EPREFIX}/var/lib/gitea/data#" \ + -e "s#^HTTP_ADDR = 0.0.0.0#HTTP_ADDR = 127.0.0.1#" \ + -e "s#^MODE = console#MODE = file#" \ + -e "s#^LEVEL = Trace#LEVEL = Info#" \ + -e "s#^LOG_SQL = true#LOG_SQL = false#" \ + -e "s#^DISABLE_ROUTER_LOG = false#DISABLE_ROUTER_LOG = true#" \ + -e "s#^APP_ID =#;APP_ID =#" \ + -e "s#^TRUSTED_FACETS =#;TRUSTED_FACETS =#" \ + custom/conf/app.ini.sample || die + if use sqlite ; then + sed -i -e "s#^DB_TYPE = .*#DB_TYPE = sqlite3#" custom/conf/app.ini.sample || die + fi + + gitea_make generate +} + +src_compile() { + gitea_make build +} + +src_test() { + gitea_make test +} + +src_install() { + dobin gitea + + einstalldocs + + newconfd "${FILESDIR}"/gitea.confd-r1 gitea + newinitd "${FILESDIR}"/gitea.initd-r3 gitea + systemd_newunit "${FILESDIR}"/gitea.service-r2 gitea.service + + insinto /etc/gitea + newins custom/conf/app.ini.sample app.ini + fowners root:git /etc/gitea/{,app.ini} + fperms g+w,o-rwx /etc/gitea/{,app.ini} + + diropts -m0750 -o git -g git + keepdir /var/lib/gitea/custom /var/lib/gitea/data + keepdir /var/log/gitea +} + +pkg_postinst() { + if [[ -e "${EROOT}/var/lib/gitea/conf/app.ini" ]]; then + ewarn "The configuration path has been changed to ${EROOT}/etc/gitea/app.ini." + ewarn "Please move your configuration from ${EROOT}/var/lib/gitea/conf/app.ini" + ewarn "and adapt the gitea-repositories hooks and ssh authorized_keys." + ewarn "Depending on your configuration you should run something like:" + ewarn "sed -i -e 's#${EROOT}/var/lib/gitea/conf/app.ini#${EROOT}/etc/gitea/app.ini#' \\" + ewarn " /var/lib/gitea/gitea-repositories/*/*/hooks/*/* \\" + ewarn " /var/lib/gitea/.ssh/authorized_keys" + fi +} -- 2.23.0.rc2
Re: [gentoo-dev] [RFC] Moving UID/GID assignments to api.gentoo.org (v2)
Hi, Here's v2 of my proposed format. Two changes: 1. I've changed the 'header line' to start with '#!', so comment stripping normally takes care of it without having to do extra work. 2. I've allowed Markdown syntax in note field, so that we can link commits similarly to how we do it on wiki. == UPDATED FORMAT == # vim:se ts=8 sts=8 tw=0 : # # This file provides a registry of active, requested and historical UID # and GID assignments in the Gentoo repository. Each line represents # a single record, with the '#!' line providing field headers. Empty # lines and comments are ignored. Fields are separated by whitespace, # with the last (note) field extending to end of line. Note that # additional fields may be added in the future. # # A single record can represent a user, a group or a combination of both # using the same name. Same user/group/UID/GID can be repeated # in mutiple records to reflect reality. If you can't express something # with a single record, split it. # # NAME: user/group name # UID: UID assigned to the user, or '-' if only group is defined # GID: GID assigned to the group, or '-' if only user is defined # PROVIDER: keyword identifying provider of user/group, see below # NOTES: human-readable notes about the assignment, optional, can use #Markdown syntax # # Valid values for PROVIDER are: # - acct: acct-user/${NAME} and/or acct-group/${NAME} packages # - baselayout: user/group defined in passwd/group files from baselayout # - baselayout-fbsd: same as baselayout but on FreeBSD system # - historical: historical UID/GID assignment, no longer used nowadays # - requested: assignment requested on the ml, not yet pushed # - reserved: special reserved range # - user.eclass: user/group created via user.eclass directly in package # # Use PROVIDERs that apply best at the moment. For example, if user # was migrated from user.eclass to acct-user/ with the same UID, just # list the latter. # # Please keep the list sorted by UID, GID, PROVIDER, NAME (in order). #!NAME UID GID PROVIDERNOTES root0 0 baselayout root0 - baselayout-fbsd toor0 - baselayout-fbsd FreeBSD lists both names in passwd wheel - 0 baselayout-fbsd bin 1 1 baselayout daemon 1 1 baselayout-fbsd daemon 2 2 baselayout operator2 5 baselayout-fbsd adm 3 4 baselayout bin 3 7 baselayout-fbsd sys - 3 baselayout sys - 3 baselayout-fbsd lp 4 7 baselayout tty 4 4 baselayout-fbsd sync5 - baselayout kmem5 2 baselayout-fbsd tty - 5 baselayout shutdown6 - baselayout mail6 6 baselayout-fbsd disk- 6 baselayout halt7 - baselayout games 7 - baselayout-fbsd lp - 7 acct #... ftp 21 21 acctremoved from baselayout svn in r1475 sshd22 22 user.eclass removed from baselayout svn in r1476 at 25 25 user.eclass removed from baselayout svn in r1479 smtpd 25 25 user.eclass #... rpc 111 111 historical used by net-nds/portmap, removed in 36e60cce #... portage 250 250 baselayout #... (reserved) 500-999 500-999 reserved (reserved) 1000-6 1000-6 reserved UID_MIN-UID_MAX/GID_MIN-GID_MAX #... -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part