On Thu, May 30, 2024 at 01:30:09AM +0200, Michael Niedermayer wrote: > Hi all > > It seems the security update (https://ubuntu.com/security/notices/USN-6793-1) > broke public git > > We use gitolite that runs under its own user and serve git through apache > which runs under a different user. > Apache has only read access to the repositories > > Since the security update that stoped working, the logs are full of messages > telling that we need to add the repositories to safe.directory > (the commands suggested dont work and seem to mix up \t with a tab but thats > besides the point) > once the repository is added to safe.directory, which ive done with > https://git.ffmpeg.org/michael.git > the error is gone and everything looks fine in the logs on the server but it > still > doesnt work. (i have not touched ffmpeg.git config as i first wanted to test > this) > > So like i just said on IRC. i hope some of the other root admins will have > some more insight here. Or if you (yes YOU!) want to help or know something > please speak up. > > This is totally not my area and i think other people could find the issue > with less effort in less time and it would be more efficient if i work > on FFmpeg instead where the return per hour of my time should be much greater. > > Also gitweb and git over ssh seem uneffected and theres github > > If people want i could downgrade git OR > upgrade git to latest git ignoring official ubuntu packages > otherwise, i intend to leave this for someone else to investigate and rather > work on FFmpeg which just seems like a much better use of my time
You've talked recently about looking for STF money to upgrade the servers. You might want to write up a postmortem when the bug is fixed, focussing on improvements that are unlikely to happen without money. Then you can say "we had X hours of downtime, we think Y jobs will reduce that by Z%". One thing for the postmortem - I don't know enough about these specific programs to do much with the description provided. And even if I did, I could only offer prose hints at a solution. But containerising these services would let me replicate the server locally, and suggest solutions as normal patches on the mailing list. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
