Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
The daemon gets started, but the init script reports it as failing to start Reproducible: Always Steps to Reproduce: 1. sudo /etc/init.d/git-daemon start 2. sudo /etc/init.d/git-daemon status 3. ps -ef | grep git-daemon 4. sudo /etc/init.d/git-daemon stop Actual Results: snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon start * Caching service dependencies ... [ ok ] * Starting git-daemon ... [ !! ] snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon status * status: stopped snits@tesla /etc/init.d $ ps -ef | grep git-daemon root 29256 1 0 20:02 ? 00:00:00 git-daemon --syslog --export-all --verbose --base-path=/pub/scm snits 29321 22931 0 20:03 pts/3 00:00:00 grep --colour=auto git-daemon snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon stop * WARNING: git-daemon has not yet been started. Expected Results: snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon start * Caching service dependencies ... [ ok ] * Starting git-daemon ... [ ok ] snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon status * status: started snits@tesla /etc/init.d $ ps -ef | grep git-daemon root 29474 1 0 20:05 ? 00:00:00 /usr/bin/git-daemon --syslog --export-all --verbose --base-path=/pub/scm snits 29509 22931 0 20:05 pts/3 00:00:00 grep --colour=auto git-daemon snits@tesla /etc/init.d $ sudo /etc/init.d/git-daemon stop * Stopping git-daemon ... [ ok ] In Bug 236685 for git-1.6.0 there is a patch for a different fix that shows the correct code for the start-stop-daemon invocation, but I can't find in the Changelog in /usr/portage/git at what point this was fixed. The exit status for git -- daemon must be different than the status for git-daemon. The patch below solves the problem: --- git-daemon.orig 2008-09-20 00:26:35.000000000 -0700 +++ git-daemon 2008-09-20 00:31:07.000000000 -0700 @@ -9,11 +9,11 @@ } start() { ebegin "Starting git-daemon" start-stop-daemon --start --background \ - --exec /usr/bin/git -- daemon ${GITDAEMON_OPTS} + --exec /usr/bin/git-daemon -- ${GITDAEMON_OPTS} eend $? } stop() { ebegin "Stopping git-daemon"
Created an attachment (id=166056) [details] patch to exec git-daemon instead of git -- daemon
It works here with 1.5.4.5 which is older than your 1.5.6.4: # grep bin/git.*daemon /etc/init.d/git-daemon --exec /usr/bin/git -- daemon ${GITDAEMON_OPTS} # /etc/init.d/git-daemon start ; ps -ef |grep git * Starting git-daemon ... [ ok ] root 4198 1 0 04:59 ? 00:00:00 git-daemon --syslog root 4206 20336 0 04:59 pts/3 00:00:00 grep --colour=auto git
This is with git-1.6.0.2 uberserver init.d # ps ax | grep git 5407 ? Ss 0:00 /usr/libexec/git-core/git-daemon --base-path=/var/git --export-all --syslog So either use s-s-d witht the right path, or use git daemon without s-s-d.
uberlord: the reporter was seeing it fail to even start. Whereas it does start correctly on my machines, regardless of git and baselayout/openrc version.
Created an attachment (id=166132) [details] Launch git daemon with --pid-file Or use pidfiles :) NOTE: OpenRC-0.2.5 will incorrectly report git-daemon as crashed, this is fixed with OpenRC-git
(In reply to comment #4) > uberlord: the reporter was seeing it fail to even start. Whereas it does start > correctly on my machines, regardless of git and baselayout/openrc version. I was seeing the same issue as the reporter on my hardened amd64 server, running mostly stable.
May have to add --name git-daemon for baselayout-1
May I add that it would be nice if git-daemon was running under its own user rather than with _root_? (For that to happen, beside creating the user, it needs a /var/run/git-daemon directory where the user can write to, rather than using /var/run directly).
I can reproduce this error on my baselayout-1 stable server with git 1.5.6.4. (In reply to comment #7) > May have to add --name git-daemon for baselayout-1 That fixed the problem, yes.
(In reply to comment #8) > May I add that it would be nice if git-daemon was running under its own user > rather than with _root_? (For that to happen, beside creating the user, it > needs a /var/run/git-daemon directory where the user can write to, rather than > using /var/run directly). Is git-daemon doing anything in that directory? I would suggest adding "--user git" as a parameter should be sufficient?
Same troubles seem to exist with dev-util/git-1.6.0.4 Also.. why not use /usr/libexec/git-core/git-daemon directly?
My views on git stuff on Gentoo: dev-util/git: * add git user and group * use /var/spool/git as home directory * add following default options to git-daemon ebuild: * user and group set to git * base-path set to /var/spool/git/repositories ? (or just /var/spool/git) dev-util/gitosis-gentoo (and/or dev-util/gitosis) * drop git user creation (depends on git anyway)
Created an attachment (id=172921) [details] add-git-user-group.patch Add git user and group creation to git ebuild.
Created an attachment (id=172922) [details] fix-git-daemon-initscript.patch Fixes to git-daemon initscript to properly start/stop it and use git user/group.
Why do you think that git-daemon should run as a privileged user vs. the nobody user (see the xinetd variant).
(In reply to comment #15) > Why do you think that git-daemon should run as a privileged user vs. the nobody > user (see the xinetd variant). > Oh, I didn't actually think about the xinetd stuff. Shouldn't the xinetd be configured/started using /etc/init.d/xinetd with appropriate conf under /etc/xinetd.d/ directory?
It is started with xinetd, and I think it's how the majority of git-daemon users actually use it, so that they don't need it running 24/7, and can also impose service limits etc. I say we just change the init.d/git-daemon to use the nobody user as well, and end it at that. Having it run as the git user would be very bad in the case of an exploit with your /var/spool/git owned by the user as well. The attacker has valid filesystem perms to eat your repos, which would suck.
(In reply to comment #17) > It is started with xinetd, and I think it's how the majority of git-daemon > users actually use it, so that they don't need it running 24/7, and can also > impose service limits etc. It still is a use-flag and you can install it without pulling in xinetd (never liked that myself). > I say we just change the init.d/git-daemon to use > the nobody user as well, and end it at that. Right now the non-xinetd init script will run it as root, so any non-root user is better than root. By your argument, if the nobody user suffices, then git-daemon should be run as that.
Fixed in git-1.6.0.4-r1. 1. The user/group are configurable via the conf.d. 2. "/usr/bin/git daemon" is the upstream-preferred way of running it, so that the actual binary can move safely in future, or be merged into a single multicall binary.
Please fix typo in /etc/init.d/git-daemon: /usr/bin/git/git
Reopening on Priit's request
Fixed agian, sorry.
(In reply to comment #19) > Fixed in git-1.6.0.4-r1. Please keep a separate copy of git-daemon.initd for git-1.5*, which keeps using '/usr/bin/git-daemon' (didn't have luck with --name=git-daemon, how should that work?). Because I still have the original failure (comment#0) with git-1.5.6.4 on both stable and hardened profiles.
haubi: the new init.d works 100% perfectly here with git-1.5.6.4 and bl2/openrc. Could you please check that you did etc-update properly?
(In reply to comment #24) > haubi: the new init.d works 100% perfectly here with git-1.5.6.4 and > bl2/openrc. Could you please check that you did etc-update properly? > Could you please add "--name git-daemon" to git-daemon start() for baselayout1 compatibility. ;)
Adding "--name git-daemon" unconditionally ends up causing bl2 to fail. I did some magic instead, please merge+test again. --name should now only be passed on baselayout1 systems, with --pidfile being passed always. I did dig out a bl1 system to test myself, and had no issues there.
Why does patch does not apply onto git-1.6.2*. /etc/init.d/git-daemon does not started as daemon.
