From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 830E923DE for ; Sun, 30 Mar 2025 01:36:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.133 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743298598; cv=none; b=czeb7AlOlGu3ctCfgodXaR2r7kjU1Ur8ZPyG+NKV2/0g2s6TCPxQcG/gcwgaf7H3Q3X+QShGul2Ic/UwC/0fkk6U7LkIjEE3BJs5mU1KK/7WEQ+nuPMxVb1RAjKx5tQSWw17uDLmthhbRjWbgV5bqq1KQMRm3gBP7RU/omx+sPg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743298598; c=relaxed/simple; bh=GGge4MO5VrHXtbTxGFKZGMc++Jy8HOdX5lqXRepw0hw=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=eOa/gjk/UzVadtkhLInmjkdqLqVNVQSNaMJqvb++59sN6dzlzlKT8kkruhQzObj32n2zXbrqKpnK32EAQGnKzLEF1jk5ea7R2XaHm7AP0DWBrB8/9lQDBBhLxvxiDDDcmxC0/Vs/COWDYF5HMtm2fv9WKaezly8ceTz7xvrsLbs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=kernel.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=aZA7KaJT; arc=none smtp.client-ip=198.137.202.133 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=kernel.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="aZA7KaJT" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-Type: Content-ID:Content-Description:In-Reply-To:References; bh=t7YS/YNHTuv6uyyAVFkxnyLEw6KQ7MFA6I14+4//g+Y=; b=aZA7KaJTOyelg57GosfCh/jwIO DVQzIQe5K4dG/g6YygrYphDejvE0xHSWWrZvIxJ+pYrtw1VsTpDd9YB5u1NOncqElNHyJIfnKfD1X PVBos1iK+080y/ieDe9kXWmXkN+8hmB+mm+REM287609jzk8JgFmZoucZcCU7ViLv/KvCmSZL+Mxc FGG3HC62oesbbCxusukOYC1o/og5MIUddNt/6pKsu4sPuaZ/Nbj9aFH1s9Iovh2QEEa1dlFIN4YfO +883OOprx0TkO3Vdg09loYQGxjQQUF8lpcAwrwPO8pCg0ljO+CxzErds14mLCwoGtK2Fk6CHoaxux wKHIcUGA==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyhbI-0000000Fi4Y-0J4p; Sun, 30 Mar 2025 01:36:36 +0000 From: Luis Chamberlain To: kdevops@lists.linux.dev Cc: Luis Chamberlain Subject: [PATCH] devconfig: add gitconfig /mirror/ sanity check Date: Sat, 29 Mar 2025 18:36:35 -0700 Message-ID: <20250330013635.3744327-1-mcgrof@kernel.org> X-Mailer: git-send-email 2.49.0 Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: Luis Chamberlain When you leverage the use of /mirror/ say as an NFS server then your system will use a git service to allow guests with libvirt to connect to the NFS server through your own host. This works quite well, however git will prevent access if the directory is not owned by you. To fix this the *host*, ie, localhost, must trust the directories, without this will fail on both the host and the guests: /usr/bin/git ls-remote git://192.168.122.1/mirror/fstests.git -h refs/heads/HEAD Signed-off-by: Luis Chamberlain --- This heuristic only applies to when using /mirror/ but other folks might be interested in lifting this to other use cases if they have similar uses of NFS to share mirrored git trees. It took a while to debug this. To be clear, this is needed on the *host*. Having it on the guest if fine but if you don't have it on the *host, then leveraging git over NFS won't work well and you can't expect the mirrored git tree to match the user if you are sharing a system with many users. And so this is needed if you are using git over NFS. playbooks/roles/devconfig/tasks/main.yml | 34 ++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/playbooks/roles/devconfig/tasks/main.yml b/playbooks/roles/devconfig/tasks/main.yml index 84c5fa1f1cf8..656d5389f685 100644 --- a/playbooks/roles/devconfig/tasks/main.yml +++ b/playbooks/roles/devconfig/tasks/main.yml @@ -41,6 +41,40 @@ # Distro agnostic stuff goes below +- name: Check if /mirror directory exists on localhost + delegate_to: localhost + stat: + path: /mirror + register: mirror_dir + run_once: true + +- name: Create an empty gitconfig if it doesn't exist on the localhost + delegate_to: localhost + file: + path: "{{ dev_gitconfig_src }}" + state: touch + mode: '0644' + when: + - mirror_dir.stat.exists + run_once: true + +- name: Check if any safe.directory entries exist + delegate_to: localhost + command: git config --global --get-all safe.directory + register: git_safe_dirs + failed_when: false + changed_when: false + run_once: true + when: mirror_dir.stat.exists + +- name: Add safe.directory = * if not already set + delegate_to: localhost + command: git config --global --add safe.directory '*' + when: + - mirror_dir.stat.exists + - "'*' not in git_safe_dirs.stdout_lines" + run_once: true + - name: Check if the developer has a git config delegate_to: localhost stat: -- 2.47.2