From ec0965e2672899d25a5a3a8c072de3ea734076a2 Mon Sep 17 00:00:00 2001 From: V Date: Wed, 9 Jun 2021 15:43:16 +0200 Subject: fleet: init Co-authored-by: edef Change-Id: I36d2c4cca542ed91630b1b832f3c7a7b97b33c65 --- fleet/pkgs/cgiserver/default.nix | 25 +++++++++ fleet/pkgs/declarative-git-repository/default.nix | 53 +++++++++++++++++++ fleet/pkgs/group-readable-archives.patch | 22 ++++++++ fleet/pkgs/overlay.nix | 24 +++++++++ .../permission-warnings-only-when-necessary.patch | 50 ++++++++++++++++++ fleet/pkgs/public-inbox-init-lite/default.nix | 18 +++++++ .../public-inbox-init-lite/public-inbox-init-lite | 60 ++++++++++++++++++++++ fleet/pkgs/public-inbox/default.nix | 45 ++++++++++++++++ 8 files changed, 297 insertions(+) create mode 100644 fleet/pkgs/cgiserver/default.nix create mode 100644 fleet/pkgs/declarative-git-repository/default.nix create mode 100644 fleet/pkgs/group-readable-archives.patch create mode 100644 fleet/pkgs/overlay.nix create mode 100644 fleet/pkgs/permission-warnings-only-when-necessary.patch create mode 100644 fleet/pkgs/public-inbox-init-lite/default.nix create mode 100644 fleet/pkgs/public-inbox-init-lite/public-inbox-init-lite create mode 100644 fleet/pkgs/public-inbox/default.nix (limited to 'fleet/pkgs') diff --git a/fleet/pkgs/cgiserver/default.nix b/fleet/pkgs/cgiserver/default.nix new file mode 100644 index 0000000..9e911d5 --- /dev/null +++ b/fleet/pkgs/cgiserver/default.nix @@ -0,0 +1,25 @@ +# SPDX-FileCopyrightText: V +# SPDX-License-Identifier: OSL-3.0 + +{ lib, buildGoModule, fetchzip, zstd }: + +buildGoModule rec { + pname = "cgiserver"; + version = "1.0.0"; + + src = (fetchzip { + url = "https://src.anomalous.eu/cgiserver/snapshot/cgiserver-${version}.tar.zst"; + sha256 = "14bp92sw0w6n5dzs4f7g4fcklh25nc9k0xjx4ia0gi7kn5jwx2mq"; + }).overrideAttrs ({ nativeBuildInputs, ... }: { + nativeBuildInputs = nativeBuildInputs ++ [ zstd ]; + }); + + vendorSha256 = "00jslxzf6p8zs1wxdx3qdb919i80xv4w9ihljd40nnydasshqa4v"; + + meta = with lib; { + homepage = "https://src.anomalous.eu/cgiserver/about/"; + description = "Lightweight web server for sandboxing CGI applications"; + license = licenses.osl3; + maintainers = with maintainers; [ V ]; + }; +} diff --git a/fleet/pkgs/declarative-git-repository/default.nix b/fleet/pkgs/declarative-git-repository/default.nix new file mode 100644 index 0000000..f3bb014 --- /dev/null +++ b/fleet/pkgs/declarative-git-repository/default.nix @@ -0,0 +1,53 @@ +# SPDX-FileCopyrightText: V +# SPDX-License-Identifier: OSL-3.0 + +{ lib, writeTextDir, writeText, buildEnv, writeTextFile, bash, writeScript }: + +{ path +, branch ? "trunk" +, description ? "Unnamed repository; edit this file 'description' to name the repository." +, config ? {} +, hooks ? {} +, user ? "-", group ? "-" +}: + +with lib; + +let + # As generated by an initial `git init --bare` + defaultConfig = { + core = { + repositoryFormatVersion = 0; + fileMode = true; + bare = true; + }; + }; + + hooksDir = buildEnv { + name = "git-repository-hooks"; + paths = mapAttrsToList (hook: scripts: writeTextFile { + name = hook; + text = '' + #! ${bash}/bin/bash -e + '' + concatMapStrings (script: '' + ${script} "$@" + '') scripts; + destination = "/${hook}"; + executable = true; + }) hooks; + }; +in writeTextDir "lib/tmpfiles.d/git-repository${replaceStrings [ "/" ] [ "-" ] path}.conf" '' + # Root directory needs the correct permissions + d ${path} - ${user} ${group} + + # This is the smallest set of paths that Git will still recognise as a valid repository. + # Everything else will be automatically filled out after a push or pull. + f+ ${path}/HEAD - ${user} ${group} - ref: refs/heads/${branch} + d ${path}/objects - ${user} ${group} + d ${path}/refs - ${user} ${group} + + # Extra stuff we want to use + L+ ${path}/config - - - - ${writeText "git-repository-config" (generators.toGitINI (recursiveUpdate defaultConfig config))} + L+ ${path}/description - - - - ${builtins.toFile "git-repository-description" description} + L+ ${path}/hooks - - - - ${hooksDir} +'' diff --git a/fleet/pkgs/group-readable-archives.patch b/fleet/pkgs/group-readable-archives.patch new file mode 100644 index 0000000..84b3e07 --- /dev/null +++ b/fleet/pkgs/group-readable-archives.patch @@ -0,0 +1,22 @@ +SPDX-FileCopyrightText: V +SPDX-License-Identifier: OSL-3.0 +--- a/src/mlmmj-process.c ++++ b/src/mlmmj-process.c +@@ -490,6 +490,9 @@ + { NULL, 0, NULL } + }; + ++ /* Postfix unconditionally sets this to 0077 */ ++ umask(0027); ++ + CHECKFULLPATH(argv[0]); + + log_set_name(argv[0]); +@@ -553,7 +556,7 @@ + donemailname = concatstr(3, listdir, "/queue/", randomstr); + + donemailfd = open(donemailname, O_RDWR|O_CREAT|O_EXCL, +- S_IRUSR|S_IWUSR); ++ S_IRUSR|S_IWUSR|S_IRGRP); + + } while ((donemailfd < 0) && (errno == EEXIST)); diff --git a/fleet/pkgs/overlay.nix b/fleet/pkgs/overlay.nix new file mode 100644 index 0000000..1f645f0 --- /dev/null +++ b/fleet/pkgs/overlay.nix @@ -0,0 +1,24 @@ +# SPDX-FileCopyrightText: V +# SPDX-License-Identifier: OSL-3.0 + +final: prev: { + cgiserver = final.callPackage ./cgiserver {}; + declarative-git-repository = final.callPackage ./declarative-git-repository {}; + public-inbox = final.perlPackages.callPackage ./public-inbox {}; + public-inbox-init-lite = final.callPackage ./public-inbox-init-lite {}; + + # Fixes bundler complaining loudly if $HOME is read-only or unset + # Taken from https://github.com/rubygems/rubygems/pull/4724 + # This is here because the CGit about filter invokes Asciidoctor, + # which otherwise causes its log to fill with spurious error messages. + # Can be removed once Bundler 2.2.23 or above makes its way into stable. + bundler = prev.bundler.overrideAttrs ({ patches ? [], ... }: { + patches = patches ++ [ ./permission-warnings-only-when-necessary.patch ]; + dontBuild = false; + }); + + # Fixes archives having silly permissions due to Postfix messing with the umask + mlmmj = prev.mlmmj.overrideAttrs ({ patches ? [], ... }: { + patches = patches ++ [ ./group-readable-archives.patch ]; + }); +} diff --git a/fleet/pkgs/permission-warnings-only-when-necessary.patch b/fleet/pkgs/permission-warnings-only-when-necessary.patch new file mode 100644 index 0000000..4a557a5 --- /dev/null +++ b/fleet/pkgs/permission-warnings-only-when-necessary.patch @@ -0,0 +1,50 @@ +SPDX-FileCopyrightText: David Rodríguez +SPDX-License-Identifier: MIT +--- a/lib/bundler.rb ++++ b/lib/bundler.rb +@@ -236,8 +236,9 @@ def user_home + end + + if warning +- user_home = tmp_home_path(warning) +- Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n" ++ Bundler.ui.warn "#{warning}\n" ++ user_home = tmp_home_path ++ Bundler.ui.warn "Bundler will use `#{user_home}' as your home directory temporarily.\n" + user_home + else + Pathname.new(home) +@@ -684,15 +685,13 @@ def configure_gem_home + Bundler.rubygems.clear_paths + end + +- def tmp_home_path(warning) ++ def tmp_home_path + Kernel.send(:require, "tmpdir") + SharedHelpers.filesystem_access(Dir.tmpdir) do + path = Bundler.tmp + at_exit { Bundler.rm_rf(path) } + path + end +- rescue RuntimeError => e +- raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}") + end + + # @param env [Hash] + +--- a/lib/bundler/settings.rb ++++ b/lib/bundler/settings.rb +@@ -428,12 +428,8 @@ def printable_value(value, key) + def global_config_file + if ENV["BUNDLE_CONFIG"] && !ENV["BUNDLE_CONFIG"].empty? + Pathname.new(ENV["BUNDLE_CONFIG"]) +- else +- begin +- Bundler.user_bundle_path("config") +- rescue PermissionError, GenericSystemCallError +- nil +- end ++ elsif Bundler.rubygems.user_home && !Bundler.rubygems.user_home.empty? ++ Pathname.new(Bundler.rubygems.user_home).join(".bundle/config") + end + end diff --git a/fleet/pkgs/public-inbox-init-lite/default.nix b/fleet/pkgs/public-inbox-init-lite/default.nix new file mode 100644 index 0000000..8704ea3 --- /dev/null +++ b/fleet/pkgs/public-inbox-init-lite/default.nix @@ -0,0 +1,18 @@ +# SPDX-FileCopyrightText: V +# SPDX-License-Identifier: OSL-3.0 + +{ lib, substituteAll, public-inbox, runCommand, makeWrapper, git, xapian }: + +let + perl = public-inbox.fullperl.withPackages + (ps: with ps; [ public-inbox URI DBDSQLite SearchXapian ]); + + subbed = substituteAll { + src = ./public-inbox-init-lite; + isExecutable = true; + inherit (perl) interpreter; + }; +in runCommand "public-inbox-init-lite" { nativeBuildInputs = [ makeWrapper ]; } '' + makeWrapper ${subbed} $out/bin/public-inbox-init-lite \ + --prefix PATH : ${lib.makeBinPath [ git xapian ]} +'' diff --git a/fleet/pkgs/public-inbox-init-lite/public-inbox-init-lite b/fleet/pkgs/public-inbox-init-lite/public-inbox-init-lite new file mode 100644 index 0000000..f6fd560 --- /dev/null +++ b/fleet/pkgs/public-inbox-init-lite/public-inbox-init-lite @@ -0,0 +1,60 @@ +#! @interpreter@ -w +# SPDX-FileCopyrightText: (C) 2014-2021 all contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + +use strict; +use v5.10.1; +use Getopt::Long qw/:config gnu_getopt no_ignore_case auto_abbrev/; +use Fcntl qw(:DEFAULT); + +require PublicInbox::Admin; +PublicInbox::Admin::require_or_die('-base'); + +my ($indexlevel, $skip_epoch, $skip_artnum, $jobs, $skip_docdata); +my %opts = ( + 'indexlevel=s' => \$indexlevel, + 'skip-epoch=i' => \$skip_epoch, + 'skip-artnum=i' => \$skip_artnum, + 'jobs=i' => \$jobs, + 'skip-docdata' => \$skip_docdata, +); +GetOptions(%opts) or exit 1; +PublicInbox::Admin::indexlevel_ok_or_die($indexlevel) if defined $indexlevel; +my $name = shift @ARGV or exit 1; +my $inboxdir = shift @ARGV or exit 1; +my $primary_address = shift @ARGV or exit 1; +# TODO(V): Error if any more arguments are passed + +$inboxdir = PublicInbox::Config::rel2abs_collapsed($inboxdir); +die "`\\n' not allowed in `$inboxdir'\n" if index($inboxdir, "\n") >= 0; + +if (-d "$inboxdir/objects") { + die "$inboxdir is a -V1 inbox\n" +} + +my $ibx = PublicInbox::Inbox->new({ + inboxdir => $inboxdir, + name => $name, + version => 2, + -primary_address => $primary_address, + indexlevel => $indexlevel, +}); + +my $creat_opt = {}; +if (defined $jobs) { + die "--jobs=$jobs must be >= 1\n" if $jobs <= 0; + $creat_opt->{nproc} = $jobs; +} + +require PublicInbox::InboxWritable; +$ibx = PublicInbox::InboxWritable->new($ibx, $creat_opt); +if ($skip_docdata) { + $ibx->{indexlevel} //= 'full'; # ensure init_inbox writes xdb + $ibx->{indexlevel} eq 'basic' and + die "--skip-docdata ignored with --indexlevel=basic\n"; + $ibx->{-skip_docdata} = $skip_docdata; +} +$ibx->init_inbox(0, $skip_epoch, $skip_artnum); + +require PublicInbox::Spawn; +PublicInbox::Spawn->import(qw(run_die)); diff --git a/fleet/pkgs/public-inbox/default.nix b/fleet/pkgs/public-inbox/default.nix new file mode 100644 index 0000000..bb5db29 --- /dev/null +++ b/fleet/pkgs/public-inbox/default.nix @@ -0,0 +1,45 @@ +# SPDX-FileCopyrightText: V +# SPDX-License-Identifier: OSL-3.0 + +# TODO(V): Enable highlighting support + +{ lib, buildPerlPackage, fetchurl, makeWrapper +, git, xapian +, URI, DBDSQLite, SearchXapian, Plack, PlackMiddlewareReverseProxy +, sqlite # Only used in tests +}: + +buildPerlPackage rec { + pname = "public-inbox"; + version = "unstable-2021-02-10"; + + # We need at least fa3f0cbcd1af5008e56c77e3c46ab60b5eca3a13 for public-inbox-watch to work with mlmmj's archive directory at all. + # See also: https://public-inbox.org/meta/CAMwyc-SmvBoVOs+vCMNaWOWPT3TCB-7rJ_0bp43QB+pjzbNv-w@mail.gmail.com/ + src = fetchurl { + url = "https://public-inbox.org/public-inbox.git/snapshot/public-inbox-fa3f0cbcd1af5008e56c77e3c46ab60b5eca3a13.tar.gz"; + sha256 = "03bynml6gw4936cri31ywqq5ackzkjjggksvpqf220xbcl55w93q"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ URI DBDSQLite SearchXapian Plack PlackMiddlewareReverseProxy ]; + + checkInputs = [ git sqlite xapian ]; + # TODO(edef): Only exclude the individual failing tests, not the entire file + preCheck = '' + rm t/search.t # Relies on set-gid, which is unavailable in the build sandbox. + rm t/spawn.t # Tries to setpgid to that of pid 1, which (unexpectedly for the test) succeeds in the sandbox. + ''; + + postFixup = '' + for x in $out/bin/*; do + wrapProgram $x --prefix PATH : ${lib.makeBinPath [ git xapian ]} + done + ''; + + meta = with lib; { + homepage = "https://public-inbox.org/README.html"; + description = "Git-based mailing-list archive"; + license = licenses.agpl3Plus; + maintainers = with maintainers; [ V ]; + }; +} -- cgit 1.4.1