From 625ad28a8e2daef4a0f6fc458678791d098535c7 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 17 May 2022 08:20:29 +0100
Subject: [PATCH] Mark parent directories for git repositories as safe

---
 cookbooks/git/recipes/server.rb               | 7 +++++++
 cookbooks/git/templates/default/gitconfig.erb | 5 +++++
 2 files changed, 12 insertions(+)
 create mode 100644 cookbooks/git/templates/default/gitconfig.erb

diff --git a/cookbooks/git/recipes/server.rb b/cookbooks/git/recipes/server.rb
index 9b4e06a45..bd586e9f2 100644
--- a/cookbooks/git/recipes/server.rb
+++ b/cookbooks/git/recipes/server.rb
@@ -43,6 +43,13 @@ directory "#{git_directory}/private" do
   mode "2775"
 end
 
+template "/etc/gitconfig" do
+  source "gitconfig.erb"
+  owner "root"
+  group "root"
+  mode "644"
+end
+
 Dir.glob("#{git_directory}/*/*.git").each do |repository|
   template "#{repository}/hooks/post-update" do
     source "post-update.erb"
diff --git a/cookbooks/git/templates/default/gitconfig.erb b/cookbooks/git/templates/default/gitconfig.erb
new file mode 100644
index 000000000..52d3dbf8b
--- /dev/null
+++ b/cookbooks/git/templates/default/gitconfig.erb
@@ -0,0 +1,5 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+[safe]
+	directory = /var/lib/chef/public
+	directory = /var/lib/chef/private
-- 
2.43.2