[FFmpeg-devel] git problems

Andrew Sayers ffmpeg-devel at pileofstuff.org
Thu May 30 12:27:31 EEST 2024 

On Thu, May 30, 2024 at 01:30:09AM +0200, Michael Niedermayer wrote:
> Hi all
> 
> It seems the security update (https://ubuntu.com/security/notices/USN-6793-1)
> broke public git
> 
> We use gitolite that runs under its own user and serve git through apache
> which runs under a different user.
> Apache has only read access to the repositories
> 
> Since the security update that stoped working, the logs are full of messages
> telling that we need to add the repositories to safe.directory
> (the commands suggested dont work and seem to mix up \t with a tab but thats besides the point)
> once the repository is added to safe.directory, which ive done with https://git.ffmpeg.org/michael.git
> the error is gone and everything looks fine in the logs on the server but it still
> doesnt work. (i have not touched ffmpeg.git config as i first wanted to test this)
> 
> So like i just said on IRC. i hope some of the other root admins will have
> some more insight here. Or if you (yes YOU!) want to help or know something
> please speak up.
> 
> This is totally not my area and i think other people could find the issue
> with less effort in less time and it would be more efficient if i work
> on FFmpeg instead where the return per hour of my time should be much greater.
> 
> Also gitweb and git over ssh seem uneffected and theres github
> 
> If people want i could downgrade git OR
> upgrade git to latest git ignoring official ubuntu packages
> otherwise, i intend to leave this for someone else to investigate and rather
> work on FFmpeg which just seems like a much better use of my time

You've talked recently about looking for STF money to upgrade the servers.
You might want to write up a postmortem when the bug is fixed, focussing on
improvements that are unlikely to happen without money.  Then you can say
"we had X hours of downtime, we think Y jobs will reduce that by Z%".

One thing for the postmortem - I don't know enough about these specific
programs to do much with the description provided.  And even if I did, I could
only offer prose hints at a solution.  But containerising these services would
let me replicate the server locally, and suggest solutions as normal patches
on the mailing list.

More information about the ffmpeg-devel mailing list