From: Max Gautier <mg@max.gautier.name>
To: Patrick Steinhardt <ps@pks.im>
Cc: git@vger.kernel.org, "Lénaïc Huard" <lenaic@lhuard.fr>,
"Derrick Stolee" <stolee@gmail.com>
Subject: Re: [RFC PATCH 1/5] maintenance: package systemd units
Date: Thu, 21 Mar 2024 14:07:02 +0100 [thread overview]
Message-ID: <Zfww9jI2em6ZY4SL@framework> (raw)
In-Reply-To: <ZfwqCv889UdI0mU6@tanuki>
On Thu, Mar 21, 2024 at 01:37:30PM +0100, Patrick Steinhardt wrote:
> On Mon, Mar 18, 2024 at 04:31:15PM +0100, Max Gautier wrote:
>
> It would be great to document _why_ we want to package the systemd units
> alongside with Git.
>
Hum, I wrote that in the cover, but you're right, it should be in the
commit itself.
Ack.
> > ...
> > diff --git a/systemd/user/git-maintenance@.service b/systemd/user/git-maintenance@.service
> > new file mode 100644
> > index 0000000000..87ac0c86e6
> > --- /dev/null
> > +++ b/systemd/user/git-maintenance@.service
> > @@ -0,0 +1,16 @@
> > +[Unit]
> > +Description=Optimize Git repositories data
> > +
> > +[Service]
> > +Type=oneshot
> > +ExecStart=git for-each-repo --config=maintenance.repo \
> > + maintenance run --schedule=%i
> > +LockPersonality=yes
> > +MemoryDenyWriteExecute=yes
> > +NoNewPrivileges=yes
> > +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_VSOCK
> > +RestrictNamespaces=yes
> > +RestrictRealtime=yes
> > +RestrictSUIDSGID=yes
> > +SystemCallArchitectures=native
> > +SystemCallFilter=@system-service
>
> Curious, but how did you arrive at these particular restrictions for the
> unit? Might be something to explain in the commit message, as well.
>
> Patrick
I copied the unit file which is defined in strings in builtin/gc.c,
which I delete in patch 3.
Should the moving be inside one commit, in order to explicit the fact
that it's only moving things around ?
--
Max Gautier
next prev parent reply other threads:[~2024-03-21 13:07 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-18 15:31 [RFC PATCH 0/5] maintenance: use packaged systemd units Max Gautier
2024-03-18 15:31 ` [RFC PATCH 1/5] maintenance: package " Max Gautier
2024-03-21 12:37 ` Patrick Steinhardt
2024-03-21 13:07 ` Max Gautier [this message]
2024-03-21 13:22 ` Patrick Steinhardt
2024-03-21 13:38 ` Max Gautier
2024-03-21 14:44 ` Patrick Steinhardt
2024-03-21 14:49 ` Max Gautier
2024-03-21 14:48 ` Max Gautier
2024-03-18 15:31 ` [RFC PATCH 2/5] maintenance: add fixed random delay to systemd timers Max Gautier
2024-03-21 12:37 ` Patrick Steinhardt
2024-03-21 13:13 ` Max Gautier
2024-03-18 15:31 ` [RFC PATCH 3/5] maintenance: use packaged systemd units Max Gautier
2024-03-19 12:09 ` Max Gautier
2024-03-19 17:17 ` Eric Sunshine
2024-03-19 18:19 ` Junio C Hamano
2024-03-19 19:38 ` Max Gautier
2024-03-21 12:37 ` Patrick Steinhardt
2024-03-21 13:19 ` Max Gautier
2024-03-18 15:31 ` [RFC PATCH 4/5] maintenance: update systemd scheduler docs Max Gautier
2024-03-21 12:37 ` Patrick Steinhardt
2024-03-18 15:31 ` [RFC PATCH 5/5] DON'T APPLY YET: maintenance: remove cleanup code Max Gautier
2024-03-22 22:11 ` [PATCH v2 0/6] maintenance: use packaged systemd units Max Gautier
2024-03-22 22:11 ` [PATCH v2 1/6] maintenance: use systemd timers builtin randomization Max Gautier
2024-03-22 22:11 ` [PATCH v2 2/6] maintenance: use packaged systemd units Max Gautier
2024-03-23 8:38 ` Eric Sunshine
2024-03-23 9:52 ` Max Gautier
2024-03-22 22:11 ` [PATCH v2 3/6] maintenance: simplify systemctl calls Max Gautier
2024-03-22 23:09 ` Eric Sunshine
2024-03-23 10:25 ` Max Gautier
2024-03-22 22:11 ` [PATCH v2 4/6] maintenance: cleanup $XDG_CONFIG_HOME/systemd/user Max Gautier
2024-03-22 22:38 ` Kristoffer Haugsbakk
2024-03-22 22:43 ` Junio C Hamano
2024-03-23 11:07 ` Max Gautier
2024-03-24 15:45 ` Phillip Wood
2024-03-25 8:36 ` Max Gautier
2024-03-25 16:39 ` Phillip Wood
2024-03-27 16:20 ` Max Gautier
2024-03-22 22:11 ` [PATCH v2 5/6] maintenance: update systemd scheduler docs Max Gautier
2024-03-22 22:11 ` [PATCH v2 6/6] maintenance: update tests for systemd scheduler Max Gautier
2024-03-22 23:02 ` Eric Sunshine
2024-03-23 10:28 ` Max Gautier
2024-03-24 14:54 ` [PATCH v2 0/6] maintenance: use packaged systemd units Phillip Wood
2024-03-24 17:03 ` Eric Sunshine
2024-03-25 10:08 ` phillip.wood123
2024-03-25 8:32 ` Max Gautier
2024-03-25 10:06 ` phillip.wood123
2024-03-25 12:27 ` Max Gautier
2024-03-25 16:39 ` Phillip Wood
2024-03-25 13:45 ` Max Gautier
2024-03-25 16:39 ` Phillip Wood
2024-03-27 16:21 ` Max Gautier
-- strict thread matches above, loose matches on Subject: below --
2024-03-18 15:07 Max Gautier
2024-03-18 15:07 ` [RFC PATCH 1/5] maintenance: package systemd units Max Gautier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zfww9jI2em6ZY4SL@framework \
--to=mg@max.gautier.name \
--cc=git@vger.kernel.org \
--cc=lenaic@lhuard.fr \
--cc=ps@pks.im \
--cc=stolee@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.