6b8915c67b
- git 2.35.3:
* usability fix-up for CVE-2022-24765 bsc#1198234:
'*' can be used as the value for the `safe.directory` variable
to signal that the user considers that any directory is safe.
* The code that was meant to parse the new `safe.directory`
configuration variable was not checking what configuration
variable was being fed to it
- Require bash in git-daemon because the service file uses it
- Reword git-daemon.service description to get a useful sentence
in journalctl -b
- git 2.35.2 (CVE-2022-24765, bsc#1198234):
* CVE-2022-24765: git may execute commands defined by other users
from unexpected worktrees
- Require nogroup group for %pre (bsc#1192023)
OBS-URL: https://build.opensuse.org/request/show/970347
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=276
27 lines
735 B
Desktop File
27 lines
735 B
Desktop File
[Unit]
|
|
Description=Git Daemon
|
|
|
|
[Service]
|
|
# added automatically, for details please see
|
|
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
ProtectSystem=full
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
# end of automatic additions
|
|
EnvironmentFile=-/etc/sysconfig/git-daemon
|
|
ExecStart=/bin/bash -c 'exec git daemon --reuseaddr --base-path=$${GIT_DAEMON_BASE_PATH:-/srv/git/} --user=$${GIT_DAEMON_USER:-git-daemon} --group=$${GIT_DAEMON_GROUP:-nogroup} $GIT_DAEMON_ARGS'
|
|
|
|
Restart=always
|
|
RestartSec=500ms
|
|
|
|
SyslogIdentifier=git-daemon
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|