On Tue, Jun 4, 2024 at 7:24 PM Sam Varshavchik <mr...@courier-mta.com> wrote: > > So I was tearing my hair out trying to figure out why attempts to push via > DAV to a git repo were failing. > > Eventually I succeeded in stracing the httpd process sto capture the > request. It was getting an EROFS when it tried to write to the git repo. > > Amusing. > > To make a long story short, the culprit was: > > ProtectHome=read-only > > in /lib/systemd/system/httpd.service,(the git repo was in a directory inside > a mounted /home partition). > > I tried using > > systemctl edit httpd > > And putting this in there: > > [Service] > ProtectHome= > > However this apparently did not work. I threw in the towel and just edited > /lib/systemd/system/httpd.service and commented this setting out, entirely, > to finally fix this issue, and happy git pushing resumed. > > But how do I fix this so that the next apache update doesn't clobber this?
I think a better choice is to leave the systemd unit files alone. Then you don't have to worry about your changes getting reverted on updates and system upgrades. I also think it is better to avoid serving files from your home directory. Instead, use /var. Install your Git-managed project in /var/git (and your Subversion projects in /var/svn). Add a git user, and make ownership of /var/git as root:git. Finally, change the server's document root to /var/git/<project>. This setup works well for me. The only problem I have encountered is Git's fix for CVE-2022-24765 a/k/a safe directories. Safe directories caused a big DoS at my site. Also see <https://github.com/git/git/commit/8959555cee7e>. Jeff -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
