diff options
| author | Bruno Bigras <bigras.bruno@gmail.com> | 2019-12-04 18:10:57 -0500 |
|---|---|---|
| committer | Lassulus <github@lassul.us> | 2019-12-08 12:26:02 +0100 |
| commit | 9314dc43b3ded4e27652324724df1edad084d765 (patch) | |
| tree | 6c23cf814e60b20a1399b2bb02f33f8e7eb74e91 | |
| parent | 0ccde691f8aedc9d0e17b4de704d0cd6dea40b00 (diff) | |
| download | nixpkgs-9314dc43b3ded4e27652324724df1edad084d765.tar nixpkgs-9314dc43b3ded4e27652324724df1edad084d765.tar.gz nixpkgs-9314dc43b3ded4e27652324724df1edad084d765.tar.bz2 nixpkgs-9314dc43b3ded4e27652324724df1edad084d765.tar.lz nixpkgs-9314dc43b3ded4e27652324724df1edad084d765.tar.xz nixpkgs-9314dc43b3ded4e27652324724df1edad084d765.tar.zst nixpkgs-9314dc43b3ded4e27652324724df1edad084d765.zip | |
gitolite: wrap gitolite-shell
git wasn't found when used with services.fcgiwrap for http auth
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/gitolite-fcgiwrap.nix | 93 | ||||
| -rw-r--r-- | pkgs/applications/version-management/gitolite/default.nix | 11 |
3 files changed, 103 insertions, 2 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 35a02d2e283..23ad22ee5a1 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -94,6 +94,7 @@ in gitea = handleTest ./gitea.nix {}; gitlab = handleTest ./gitlab.nix {}; gitolite = handleTest ./gitolite.nix {}; + gitolite-fcgiwrap = handleTest ./gitolite-fcgiwrap.nix {}; glusterfs = handleTest ./glusterfs.nix {}; gnome3-xorg = handleTest ./gnome3-xorg.nix {}; gnome3 = handleTest ./gnome3.nix {}; diff --git a/nixos/tests/gitolite-fcgiwrap.nix b/nixos/tests/gitolite-fcgiwrap.nix new file mode 100644 index 00000000000..414b7d6fe7e --- /dev/null +++ b/nixos/tests/gitolite-fcgiwrap.nix @@ -0,0 +1,93 @@ +import ./make-test-python.nix ( + { pkgs, ... }: + + let + user = "gitolite-admin"; + password = "some_password"; + + # not used but needed to setup gitolite + adminPublicKey = '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client + ''; + in + { + name = "gitolite-fcgiwrap"; + + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ bbigras ]; + }; + + nodes = { + + server = + { ... }: + { + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.fcgiwrap.enable = true; + services.gitolite = { + enable = true; + adminPubkey = adminPublicKey; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts."server".locations."/git".extraConfig = '' + # turn off gzip as git objects are already well compressed + gzip off; + + # use file based basic authentication + auth_basic "Git Repository Authentication"; + auth_basic_user_file /etc/gitolite/htpasswd; + + # common FastCGI parameters are required + include ${pkgs.nginx}/conf/fastcgi_params; + + # strip the CGI program prefix + fastcgi_split_path_info ^(/git)(.*)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + + # pass authenticated user login(mandatory) to Gitolite + fastcgi_param REMOTE_USER $remote_user; + + # pass git repository root directory and hosting user directory + # these env variables can be set in a wrapper script + fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; + fastcgi_param GITOLITE_HTTP_HOME /var/lib/gitolite; + fastcgi_param SCRIPT_FILENAME ${pkgs.gitolite}/bin/gitolite-shell; + + # use Unix domain socket or inet socket + fastcgi_pass unix:/run/fcgiwrap.sock; + ''; + }; + + # WARNING: DON'T DO THIS IN PRODUCTION! + # This puts unhashed secrets directly into the Nix store for ease of testing. + environment.etc."gitolite/htpasswd".source = pkgs.runCommand "htpasswd" {} '' + ${pkgs.apacheHttpd}/bin/htpasswd -bc "$out" ${user} ${password} + ''; + }; + + client = + { pkgs, ... }: + { + environment.systemPackages = [ pkgs.git ]; + }; + }; + + testScript = '' + start_all() + + server.wait_for_unit("gitolite-init.service") + server.wait_for_unit("nginx.service") + server.wait_for_file("/run/fcgiwrap.sock") + + client.wait_for_unit("multi-user.target") + client.succeed( + "git clone http://${user}:${password}@server/git/gitolite-admin.git" + ) + ''; + } +) diff --git a/pkgs/applications/version-management/gitolite/default.nix b/pkgs/applications/version-management/gitolite/default.nix index 7c157191ab9..9f298e0129e 100644 --- a/pkgs/applications/version-management/gitolite/default.nix +++ b/pkgs/applications/version-management/gitolite/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, git, nettools, perl }: +{ stdenv, fetchFromGitHub, git, lib, makeWrapper, nettools, perl }: stdenv.mkDerivation rec { pname = "gitolite"; @@ -11,7 +11,9 @@ stdenv.mkDerivation rec { sha256 = "1rkj7gknwjlc5ij9w39zf5mr647bm45la57yjczydmvrb8c56yrh"; }; - buildInputs = [ git nettools perl ]; + buildInputs = [ nettools perl ]; + nativeBuildInputs = [ makeWrapper ]; + propagatedBuildInputs = [ git ]; dontBuild = true; @@ -25,6 +27,11 @@ stdenv.mkDerivation rec { --replace hostname "${nettools}/bin/hostname" ''; + postFixup = '' + wrapProgram $out/bin/gitolite-shell \ + --prefix PATH : "${git}/bin" + ''; + installPhase = '' mkdir -p $out/bin perl ./install -to $out/bin |