allow all directories to be "safe" in git terms

Git in EL9+ only allows to clone repositories that one is the owner of. This obviously doesn't work for shared repositories like we have them for secretsgit. Disable that feature alltogether on systems that serve as secretsgit sources. Sadly a more specific wildcard is not supported [1] and given Puppet doesn't know which stores we have, I've opted to completely disabling this feature. [1] https://git-scm.com/docs/git-config/2.45.0#Documentation/git-config.txt-safedirectory
theforeman · Jul 8, 2024 · fc70ec8 · fc70ec8
1 parent 367c9eb
commit fc70ec8
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/puppet/modules/secretsgit/files/gitconfig b/puppet/modules/secretsgit/files/gitconfig
@@ -0,0 +1,2 @@
+[safe]
+	directory = *
diff --git a/puppet/modules/secretsgit/manifests/init.pp b/puppet/modules/secretsgit/manifests/init.pp
@@ -16,6 +16,14 @@
   Stdlib::Absolutepath $path = '/srv/secretsgit',
   Array[String] $users = [],
 ) {
+  file { '/etc/gitconfig':
+    ensure => file,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0644',
+    source => 'puppet:///modules/secretsgit/gitconfig',
+  }
+
   group { $group:
     ensure => present,
   }