Bug 980574 - git-daemon does not start under systemd because git.service needs to be a template unit
git-daemon does not start under systemd because git.service needs to be a tem...
Product: Fedora
Classification: Fedora
Component: git (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jitka Plesnikova
Fedora Extras Quality Assurance
Depends On:
Blocks: 1135071 1246735
  Show dependency treegraph
Reported: 2013-07-02 14:22 EDT by David Shea
Modified: 2015-07-25 04:28 EDT (History)
14 users (show)

See Also:
Fixed In Version: git-2.1.0-2.fc21
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1135071 1246735 (view as bug list)
Last Closed: 2014-11-04 22:58:32 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Make git service a template unit and ignore non-zero exit status (1.32 KB, patch)
2013-07-02 14:22 EDT, David Shea
no flags Details | Diff
Patch fixing the issue described in this bug (1.22 KB, text/plain)
2014-10-24 07:15 EDT, Pierre-YvesChibon
no flags Details

  None (edit)
Description David Shea 2013-07-02 14:22:15 EDT
Created attachment 767889 [details]
Make git service a template unit and ignore non-zero exit status

Description of problem:
Using the systemd unit files for git-daemon, the git service fails to start on connections to port 9418. This is because "Accept=true" in the .socket file expects a template unit for the service file, so this can be fixed by renaming git.service to git@.service.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. systemctl enable git.socket
2. Connect to 9418

Actual results:
git.socket failed to queue service startup job (Maybe the service file is missing or not a template unit?): Invalid argument

Additional info:
It would also be helpful to add a - to the ExecStart command in the .service to prevent non-zero exit statuses from tripping things up.

Attached a patch that renames git.service and adds a - to ExecStart.
Comment 1 Will Woods 2013-09-09 14:15:17 EDT
Note that this alone won't fix the git service, since access to the port appears to be blocked by current SELinux policy:

type=AVC msg=audit(1378750077.318:169825): avc:  denied  { name_bind } for  pid=1 comm="systemd" src=9418 scontext=system_u:system_r:git_system_t:s0 tcontext=system_u:object_r:git_port_t:s0 tclass=tcp_socket

I feel like git_system_t should be allowed to access git_port_t, but maybe my labeling is off somewhere..
Comment 2 David Shea 2013-11-25 14:18:48 EST
For what it's worth, on a fresh F20 system with my patch applied, I don't get a selinux denial for the port, but I can't get it to be able to read my home directory without mucking around with the policy (see bug 1034412)
Comment 3 Zbigniew Jędrzejewski-Szmek 2014-05-26 12:23:00 EDT
Comment 4 Pierre-YvesChibon 2014-08-07 07:52:02 EDT
Ping ?

@Chris, if you do not have the time, I can push the file name change and just rebuild the package.

Having a gitd-daemon working on F21, rawhide would be nice :)
Comment 5 Pierre-YvesChibon 2014-08-26 06:42:19 EDT
Comment 6 Chris Wright 2014-08-29 01:01:55 EDT
looks fine, resetting to default owner
Comment 7 Pierre-YvesChibon 2014-09-08 03:33:53 EDT
Chris, shall I do it, or are you doing it?
Comment 8 Pierre-YvesChibon 2014-10-24 07:15:30 EDT
Created attachment 950326 [details]
Patch fixing the issue described in this bug
Comment 9 Pierre-YvesChibon 2014-10-24 07:17:46 EDT
I attached to this ticket a git format-patch to apply on master and fixing this bug (based on the patch from David Shea).

I will push it in a few days if I do not hear anything against it :)

Comment 10 Jitka Plesnikova 2014-10-24 08:21:06 EDT
Why did you assign the BZ to me? I am not maintainer of git.
Comment 11 Pierre-YvesChibon 2014-10-24 10:44:52 EDT
Because you're the last one that touched the git spec since July and Chris Wright who is the default assignee in bugzilla git not touch it since:
> git.spec:* Fri Mar 30 2007 Chris Wright <chrisw@redhat.com>

I'm happy to pass the bug along, I'm just trying to get someone's attention to my patch to see if I should push it or not :)
Comment 12 Zbigniew Jędrzejewski-Szmek 2014-10-24 11:29:02 EDT
pingou, please push it, but apply the following fixup:

--- /usr/lib/systemd/system/git@.service        2014-09-08 04:44:45.000000000 -0400
+++ /etc/systemd/system/git@.service    2014-10-24 11:25:59.303000000 -0400
@@ -1,9 +1,8 @@
 Description=Git Repositories Server Daemon
-ExecStart=/usr/libexec/git-core/git-daemon --base-path=/var/lib/git --export-all --user-path=public_git --syslog --inetd --verbose
+ExecStart=-/usr/libexec/git-core/git-daemon --base-path=/var/lib/git --export-all --user-path=public_git --syslog --inetd --verbose

(Wants is not needed, and without the "-" all failed connections would leave the instance units hanging around.)
Comment 13 Pierre-YvesChibon 2014-10-24 11:53:29 EDT
Adjusted and pushed, thanks!

Does anybody mind if I cherry-pick it in F21 and F20 to fix git-daemon?
Comment 14 Fedora Update System 2014-10-28 06:20:58 EDT
git-1.9.3-2.fc20 has been submitted as an update for Fedora 20.
Comment 15 Fedora Update System 2014-10-28 06:21:06 EDT
git-2.1.0-2.fc21 has been submitted as an update for Fedora 21.
Comment 16 Fedora Update System 2014-10-29 07:04:41 EDT
Package git-1.9.3-2.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing git-1.9.3-2.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 17 Fedora Update System 2014-11-04 22:58:32 EST
git-1.9.3-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2014-11-10 01:51:46 EST
git-2.1.0-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.