(puppetlabsGH-585/CONT-998) Update safe directory to be set at the sy…

…stem level Safe directory is now set at a system wide level rather than at a global user level in order to ensure it is as effective as possible.
david22swan · May 19, 2023 · 64586c3 · 64586c3
1 parent 04d5e68
commit 64586c3
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -864,6 +864,8 @@ For example, setting the `owner` parameter on a resource would cause Puppet runs
 Impacted users are now advised to use the new `safe_directory` parameter on Git resources.
 Explicitily setting the value to `true` will add the current path specified on the resource to the `safe.directory` git configuration for the current user (global scope) allowing the Puppet run to continue without error.
 
+Safe directory configuration will be stored within the system wide configuration file `/etc/gitconfig`.
+
 <a id="development"></a> 
 ## Development
 

diff --git a/lib/puppet/provider/vcsrepo/git.rb b/lib/puppet/provider/vcsrepo/git.rb
@@ -591,7 +591,7 @@ def git_version
 
   # @!visibility private
   def safe_directories
-    args = ['config', '--global', '--get-all', 'safe.directory']
+    args = ['config', '--system', '--get-all', 'safe.directory']
     begin
       d = git_with_identity(*args) || ''
       d.split('\n')
@@ -617,7 +617,7 @@ def update_safe_directory
   # @!visibility private
   def add_safe_directory
     notice("Adding '#{@resource.value(:path)}' to safe directory list")
-    args = ['config', '--global', '--add', 'safe.directory', @resource.value(:path)]
+    args = ['config', '--system', '--add', 'safe.directory', @resource.value(:path)]
     git_with_identity(*args)
   end
 
@@ -626,7 +626,7 @@ def remove_safe_directory
     return unless safe_directories.include?(@resource.value(:path))
 
     notice("Removing '#{@resource.value(:path)}' from safe directory list")
-    args = ['config', '--global', '--unset', 'safe.directory', @resource.value(:path)]
+    args = ['config', '--system', '--unset', 'safe.directory', @resource.value(:path)]
     git_with_identity(*args)
   end
 

diff --git a/spec/acceptance/clone_repo_spec.rb b/spec/acceptance/clone_repo_spec.rb
@@ -239,7 +239,7 @@
       it { is_expected.to be_owned_by 'vagrant' }
     end
 
-    describe file('~/.gitconfig') do
+    describe file('/etc/gitconfig') do
       subject { super().content }
 
       it { is_expected.to match %r{directory = /tmp/vcsrepo/testrepo_owner} }

diff --git a/spec/unit/puppet/provider/vcsrepo/git_spec.rb b/spec/unit/puppet/provider/vcsrepo/git_spec.rb
@@ -253,7 +253,7 @@ def branch_a_list(include_branch = nil?)
       expect(provider).to receive(:path_exists?).and_return(true)
       expect(provider).to receive(:path_empty?).and_return(false)
       provider.destroy
-      expect(provider).to receive(:exec_git).with('config', '--global', '--get-all', 'safe.directory')
+      expect(provider).to receive(:exec_git).with('config', '--system', '--get-all', 'safe.directory')
       expect(provider).to receive(:exec_git).with('clone', resource.value(:source), resource.value(:path))
       expect(provider).to receive(:update_submodules)
       expect(provider).to receive(:update_remote_url).with('origin', resource.value(:source)).and_return false