From patchwork Mon Mar 10 18:32:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 14010501 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C4251C3F34 for ; Mon, 10 Mar 2025 18:32:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741631531; cv=none; b=L4pqPPuGq8gkKJTDJJYn2kzUrK7GtO+uKEIVu8F7x0BlVWSTMVdj40FHjjNZMG4GUP+qwALKz27x2XCxW8o4ideFJKKIxQBJ3KLknqz1xxt6W+tauQewBtV58BQPJagI9ZXU/PXxKazi7SbtJ45HvnK3gR+Dxmx2QnD6J9Di9Mg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741631531; c=relaxed/simple; bh=E73uhiflIFBBqRhLfUNsciNNCRNKjWBMCMCr68XUpH8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bXZ9O8rkTKzFwlkhhDEWjL/6FZxQwQ3FS4x6Lg8O3DPFJcoPtn1Qz1iulb9zcqeYvT05Auch/k+OKDr4562altkuuJy71YjAc2PdRsYhOc3CpLUz7hWZ/1JieWgeu6Y/3mBrnirb+PoDj75Lh5kablgbU/Ytt91CGAlN98RwCfs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iU7bGn9t; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iU7bGn9t" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 26348C4CEE5; Mon, 10 Mar 2025 18:32:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1741631531; bh=E73uhiflIFBBqRhLfUNsciNNCRNKjWBMCMCr68XUpH8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iU7bGn9tyaordXMKfP/1BYDKma19GOMYxvvKhgRb1q60zrJMMBMiShQpGWFgMnAjM wDstn1HNG7si1jR9Y2SDYIzIrOrtosVancU7texcIrp0yjSu7MQlSdgkE+IaWElYaN alP1Asvu2xX7WA4PoRWd+vr03NMxRtInzpP9o4Y0nVuSQ6EmjxpM0gCitm4CECEdM3 pr90HGVUGwUkfbFCtyA0bz9rugKHlrqRx+0wdtvQs/sS+f+ZVI+Ov+VnAObrZR/zPc H6W+mvcNl5ZhQjbgjMKbEfjIaLDMok1cQrT4y3Z7WVVHKp3LYBB8mkF/q5vsipyyUY TDCXl50XWrjFw== From: cel@kernel.org To: Cc: Chuck Lever Subject: [PATCH v1 2/4] linux-mirror: Ensure git-daemon runs as the Ansible user Date: Mon, 10 Mar 2025 14:32:06 -0400 Message-ID: <20250310183208.999430-3-cel@kernel.org> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250310183208.999430-1-cel@kernel.org> References: <20250310183208.999430-1-cel@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever In my initial installation, git-daemon emits the "safe.directory" warning and exits; remote attempts to access the repos there fail. git-daemon needs to run as the same user that owns the repos to avoid this warning. linux-mirror doesn't currently have a consistent "user" for this: the instructions say "create a /mirror directory" but then later tasks in linux-mirror try to create /mirror owned by root. This patch doesn't address that larger problem, but it simply adds a setting under the daemon's [Service] stanza to make it run as the user that is setting up the mirror. Signed-off-by: Chuck Lever --- playbooks/roles/linux-mirror/templates/git-daemon@.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/roles/linux-mirror/templates/git-daemon@.service.j2 b/playbooks/roles/linux-mirror/templates/git-daemon@.service.j2 index a8bf669608bc..06c08d989545 100644 --- a/playbooks/roles/linux-mirror/templates/git-daemon@.service.j2 +++ b/playbooks/roles/linux-mirror/templates/git-daemon@.service.j2 @@ -7,3 +7,4 @@ ExecStart=-/usr/bin/git daemon --verbose --init-timeout=10 --timeout=5 --inetd - StandardInput=socket StandardOutput=inherit StandardError=journal +User={{ ansible_user_id }}