From: Tom Hughes <tom@compton.nu>
Date: Tue, 17 May 2022 07:20:29 +0000 (+0100)
Subject: Mark parent directories for git repositories as safe
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/625ad28a8e2daef4a0f6fc458678791d098535c7

Mark parent directories for git repositories as safe
---

diff --git a/cookbooks/git/recipes/server.rb b/cookbooks/git/recipes/server.rb
index 9b4e06a45..bd586e9f2 100644
--- a/cookbooks/git/recipes/server.rb
+++ b/cookbooks/git/recipes/server.rb
@@ -43,6 +43,13 @@ directory "#{git_directory}/private" do
   mode "2775"
 end
 
+template "/etc/gitconfig" do
+  source "gitconfig.erb"
+  owner "root"
+  group "root"
+  mode "644"
+end
+
 Dir.glob("#{git_directory}/*/*.git").each do |repository|
   template "#{repository}/hooks/post-update" do
     source "post-update.erb"
diff --git a/cookbooks/git/templates/default/gitconfig.erb b/cookbooks/git/templates/default/gitconfig.erb
new file mode 100644
index 000000000..52d3dbf8b
--- /dev/null
+++ b/cookbooks/git/templates/default/gitconfig.erb
@@ -0,0 +1,5 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+[safe]
+	directory = /var/lib/chef/public
+	directory = /var/lib/chef/private