summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/guix.texi13
-rw-r--r--gnu/services/version-control.scm8
2 files changed, 20 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index d2819b259e..ab178a6b06 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -31517,6 +31517,19 @@ A value like @code{#o0027} will give read access to the group used by Gitolite
 (by default: @code{git}).  This is necessary when using Gitolite with software
 like cgit or gitweb.
 
+@item @code{unsafe-pattern} (default: @code{#f})
+An optional Perl regular expression for catching unsafe configurations in
+the configuration file.  See
+@uref{https://gitolite.com/gitolite/git-config.html#compensating-for-unsafe_patt,
+Gitolite's documentation} for more information.
+
+When the value is not @code{#f}, it should be a string containing a Perl
+regular expression, such as @samp{"[`~#\$\&()|;<>]"}, which is the default
+value used by gitolite.  It rejects any special character in configuration
+that might be interpreted by a shell, which is useful when sharing the
+administration burden with other people that do not otherwise have shell
+access on the server.
+
 @item @code{git-config-keys} (default: @code{""})
 Gitolite allows you to set git config values using the @samp{config}
 keyword.  This setting allows control over the config keys to accept.
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 8cb5633165..ab86f82e62 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -54,6 +54,7 @@
             <gitolite-rc-file>
             gitolite-rc-file
             gitolite-rc-file-umask
+            gitolite-rc-file-unsafe-pattern
             gitolite-rc-file-git-config-keys
             gitolite-rc-file-roles
             gitolite-rc-file-enable
@@ -226,6 +227,8 @@ access to exported repositories under @file{/srv/git}."
   gitolite-rc-file?
   (umask           gitolite-rc-file-umask
                    (default #o0077))
+  (unsafe-pattern  gitolite-rc-file-unsafe-pattern
+                   (default #f))
   (git-config-keys gitolite-rc-file-git-config-keys
                    (default ""))
   (roles           gitolite-rc-file-roles
@@ -245,7 +248,7 @@ access to exported repositories under @file{/srv/git}."
 (define-gexp-compiler (gitolite-rc-file-compiler
                        (file <gitolite-rc-file>) system target)
   (match file
-    (($ <gitolite-rc-file> umask git-config-keys roles enable)
+    (($ <gitolite-rc-file> umask unsafe-pattern git-config-keys roles enable)
      (apply text-file* "gitolite.rc"
       `("%RC = (\n"
         "    UMASK => " ,(format #f "~4,'0o" umask) ",\n"
@@ -264,6 +267,9 @@ access to exported repositories under @file{/srv/git}."
         "    ],\n"
         ");\n"
         "\n"
+        ,(if unsafe-pattern
+             (string-append "$UNSAFE_PATT = qr(" unsafe-pattern ");")
+             "")
         "1;\n")))))
 
 (define-record-type* <gitolite-configuration>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-11 07:27:51 +0000