From: Luis Chamberlain <mcgrof@kernel.org>
To: kdevops@lists.linux.dev
Cc: Luis Chamberlain <mcgrof@kernel.org>
Subject: [PATCH] devconfig: add gitconfig /mirror/ sanity check
Date: Sat, 29 Mar 2025 18:36:35 -0700 [thread overview]
Message-ID: <20250330013635.3744327-1-mcgrof@kernel.org> (raw)
When you leverage the use of /mirror/ say as an NFS server then your
system will use a git service to allow guests with libvirt to connect
to the NFS server through your own host. This works quite well, however
git will prevent access if the directory is not owned by you.
To fix this the *host*, ie, localhost, must trust the directories,
without this will fail on both the host and the guests:
/usr/bin/git ls-remote git://192.168.122.1/mirror/fstests.git -h refs/heads/HEAD
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
---
This heuristic only applies to when using /mirror/ but other folks might
be interested in lifting this to other use cases if they have similar
uses of NFS to share mirrored git trees. It took a while to debug this.
To be clear, this is needed on the *host*. Having it on the guest if
fine but if you don't have it on the *host, then leveraging git over NFS
won't work well and you can't expect the mirrored git tree to match the
user if you are sharing a system with many users. And so this is needed
if you are using git over NFS.
playbooks/roles/devconfig/tasks/main.yml | 34 ++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/playbooks/roles/devconfig/tasks/main.yml b/playbooks/roles/devconfig/tasks/main.yml
index 84c5fa1f1cf8..656d5389f685 100644
--- a/playbooks/roles/devconfig/tasks/main.yml
+++ b/playbooks/roles/devconfig/tasks/main.yml
@@ -41,6 +41,40 @@
# Distro agnostic stuff goes below
+- name: Check if /mirror directory exists on localhost
+ delegate_to: localhost
+ stat:
+ path: /mirror
+ register: mirror_dir
+ run_once: true
+
+- name: Create an empty gitconfig if it doesn't exist on the localhost
+ delegate_to: localhost
+ file:
+ path: "{{ dev_gitconfig_src }}"
+ state: touch
+ mode: '0644'
+ when:
+ - mirror_dir.stat.exists
+ run_once: true
+
+- name: Check if any safe.directory entries exist
+ delegate_to: localhost
+ command: git config --global --get-all safe.directory
+ register: git_safe_dirs
+ failed_when: false
+ changed_when: false
+ run_once: true
+ when: mirror_dir.stat.exists
+
+- name: Add safe.directory = * if not already set
+ delegate_to: localhost
+ command: git config --global --add safe.directory '*'
+ when:
+ - mirror_dir.stat.exists
+ - "'*' not in git_safe_dirs.stdout_lines"
+ run_once: true
+
- name: Check if the developer has a git config
delegate_to: localhost
stat:
--
2.47.2
reply other threads:[~2025-03-30 1:36 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250330013635.3744327-1-mcgrof@kernel.org \
--to=mcgrof@kernel.org \
--cc=kdevops@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox