Bug 238351 - dev-util/git-1.5.6.4 git-daemon init script doesn't function correctly
|
Bug#:
238351
|
Product: Gentoo Linux
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: TEST-REQUEST
|
Assigned To: ferdy@gentoo.org
|
Reported By: dev@snitselaar.org
|
|
Component: Ebuilds
|
|
|
URL:
|
|
Summary: dev-util/git-1.5.6.4 git-daemon init script doesn't function correctly
|
|
Keywords:
|
|
Status Whiteboard:
|
|
Opened: 2008-09-22 03:10 0000
|
The daemon gets started, but the init script reports it as failing to start
Reproducible: Always
Steps to Reproduce:
1. sudo /etc/init.d/git-daemon start
2. sudo /etc/init.d/git-daemon status
3. ps -ef | grep git-daemon
4. sudo /etc/init.d/git-daemon stop
Actual Results:
snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon start
* Caching service dependencies ... [ ok
]
* Starting git-daemon ... [ !!
]
snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon status
* status: stopped
snits@tesla /etc/init.d $ ps -ef | grep git-daemon
root 29256 1 0 20:02 ? 00:00:00 git-daemon --syslog
--export-all --verbose --base-path=/pub/scm
snits 29321 22931 0 20:03 pts/3 00:00:00 grep --colour=auto git-daemon
snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon stop
* WARNING: git-daemon has not yet been started.
Expected Results:
snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon start
* Caching service dependencies ... [ ok
]
* Starting git-daemon ... [ ok
]
snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon status
* status: started
snits@tesla /etc/init.d $ ps -ef | grep git-daemon
root 29474 1 0 20:05 ? 00:00:00 /usr/bin/git-daemon --syslog
--export-all --verbose --base-path=/pub/scm
snits 29509 22931 0 20:05 pts/3 00:00:00 grep --colour=auto git-daemon
snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon stop
* Stopping git-daemon ... [ ok
]
In Bug 236685 for git-1.6.0 there is a patch for a different fix that shows the
correct code for the start-stop-daemon invocation, but I can't find in the
Changelog in /usr/portage/git at what point this was fixed.
The exit status for git -- daemon must be different than the status for
git-daemon.
The patch below solves the problem:
--- git-daemon.orig 2008-09-20 00:26:35.000000000 -0700
+++ git-daemon 2008-09-20 00:31:07.000000000 -0700
@@ -9,11 +9,11 @@
}
start() {
ebegin "Starting git-daemon"
start-stop-daemon --start --background \
- --exec /usr/bin/git -- daemon ${GITDAEMON_OPTS}
+ --exec /usr/bin/git-daemon -- ${GITDAEMON_OPTS}
eend $?
}
stop() {
ebegin "Stopping git-daemon"
It works here with 1.5.4.5 which is older than your 1.5.6.4:
# grep bin/git.*daemon /etc/init.d/git-daemon
--exec /usr/bin/git -- daemon ${GITDAEMON_OPTS}
# /etc/init.d/git-daemon start ; ps -ef |grep git
* Starting git-daemon ...
[ ok ]
root 4198 1 0 04:59 ? 00:00:00 git-daemon --syslog
root 4206 20336 0 04:59 pts/3 00:00:00 grep --colour=auto git
This is with git-1.6.0.2
uberserver init.d # ps ax | grep git
5407 ? Ss 0:00 /usr/libexec/git-core/git-daemon
--base-path=/var/git --export-all --syslog
So either use s-s-d witht the right path, or use git daemon without s-s-d.
uberlord: the reporter was seeing it fail to even start. Whereas it does start
correctly on my machines, regardless of git and baselayout/openrc version.
(In reply to comment #4)
> uberlord: the reporter was seeing it fail to even start. Whereas it does start
> correctly on my machines, regardless of git and baselayout/openrc version.
I was seeing the same issue as the reporter on my hardened amd64 server,
running mostly stable.
May have to add --name git-daemon for baselayout-1
May I add that it would be nice if git-daemon was running under its own user
rather than with _root_? (For that to happen, beside creating the user, it
needs a /var/run/git-daemon directory where the user can write to, rather than
using /var/run directly).
I can reproduce this error on my baselayout-1 stable server with git 1.5.6.4.
(In reply to comment #7)
> May have to add --name git-daemon for baselayout-1
That fixed the problem, yes.
(In reply to comment #8)
> May I add that it would be nice if git-daemon was running under its own user
> rather than with _root_? (For that to happen, beside creating the user, it
> needs a /var/run/git-daemon directory where the user can write to, rather than
> using /var/run directly).
Is git-daemon doing anything in that directory? I would suggest adding "--user
git" as a parameter should be sufficient?
Same troubles seem to exist with dev-util/git-1.6.0.4
Also.. why not use /usr/libexec/git-core/git-daemon directly?
My views on git stuff on Gentoo:
dev-util/git:
* add git user and group
* use /var/spool/git as home directory
* add following default options to git-daemon ebuild:
* user and group set to git
* base-path set to /var/spool/git/repositories ? (or just
/var/spool/git)
dev-util/gitosis-gentoo (and/or dev-util/gitosis)
* drop git user creation (depends on git anyway)
Why do you think that git-daemon should run as a privileged user vs. the nobody
user (see the xinetd variant).
(In reply to comment #15)
> Why do you think that git-daemon should run as a privileged user vs. the nobody
> user (see the xinetd variant).
>
Oh, I didn't actually think about the xinetd stuff.
Shouldn't the xinetd be configured/started using /etc/init.d/xinetd with
appropriate conf under /etc/xinetd.d/ directory?
It is started with xinetd, and I think it's how the majority of git-daemon
users actually use it, so that they don't need it running 24/7, and can also
impose service limits etc. I say we just change the init.d/git-daemon to use
the nobody user as well, and end it at that.
Having it run as the git user would be very bad in the case of an exploit with
your /var/spool/git owned by the user as well. The attacker has valid
filesystem perms to eat your repos, which would suck.
(In reply to comment #17)
> It is started with xinetd, and I think it's how the majority of git-daemon
> users actually use it, so that they don't need it running 24/7, and can also
> impose service limits etc.
It still is a use-flag and you can install it without pulling in xinetd
(never liked that myself).
> I say we just change the init.d/git-daemon to use
> the nobody user as well, and end it at that.
Right now the non-xinetd init script will run it as root, so any non-root user
is better than root. By your argument, if the nobody user suffices, then
git-daemon should be run as that.
Fixed in git-1.6.0.4-r1.
1. The user/group are configurable via the conf.d.
2. "/usr/bin/git daemon" is the upstream-preferred way of running it, so that
the actual binary can move safely in future, or be merged into a single
multicall binary.
Please fix typo in /etc/init.d/git-daemon: /usr/bin/git/git
Reopening on Priit's request
(In reply to comment #19)
> Fixed in git-1.6.0.4-r1.
Please keep a separate copy of git-daemon.initd for git-1.5*, which keeps using
'/usr/bin/git-daemon' (didn't have luck with --name=git-daemon, how should that
work?).
Because I still have the original failure (comment#0) with git-1.5.6.4 on both
stable and hardened profiles.
haubi: the new init.d works 100% perfectly here with git-1.5.6.4 and
bl2/openrc. Could you please check that you did etc-update properly?
(In reply to comment #24)
> haubi: the new init.d works 100% perfectly here with git-1.5.6.4 and
> bl2/openrc. Could you please check that you did etc-update properly?
>
Could you please add "--name git-daemon" to git-daemon start() for baselayout1
compatibility. ;)
Adding "--name git-daemon" unconditionally ends up causing bl2 to fail.
I did some magic instead, please merge+test again.
--name should now only be passed on baselayout1 systems, with --pidfile being
passed always. I did dig out a bl1 system to test myself, and had no issues
there.
Why does patch does not apply onto git-1.6.2*. /etc/init.d/git-daemon does not
started as daemon.
