diff --git a/changelogs/fragments/66762-fix-git-module-ignores-remote_tmp.yml b/changelogs/fragments/66762-fix-git-module-ignores-remote_tmp.yml new file mode 100644 index 00000000000000..462eed35797318 --- /dev/null +++ b/changelogs/fragments/66762-fix-git-module-ignores-remote_tmp.yml @@ -0,0 +1,4 @@ +bugfixes: + - Fix issue git module ignores remote_tmp (https://github.com/ansible/ansible/issues/33947). + - Fix issue git module cannot use custom `key_file` or `ssh_opts` as non-root user on system with noexec `/tmp` (https://github.com/ansible/ansible/issues/30064). + - By passing the module_tmpdir as a parameter in the write_ssh_wrapper function instead of initalizing module_tmpdir via get_module_path() \ No newline at end of file diff --git a/lib/ansible/modules/source_control/git.py b/lib/ansible/modules/source_control/git.py index 29529e56c5ed9a..b96d9a1060f525 100644 --- a/lib/ansible/modules/source_control/git.py +++ b/lib/ansible/modules/source_control/git.py @@ -363,13 +363,12 @@ def get_submodule_update_params(module, git_path, cwd): return params -def write_ssh_wrapper(): - module_dir = get_module_path() +def write_ssh_wrapper(module_tmpdir): try: # make sure we have full permission to the module_dir, which # may not be the case if we're sudo'ing to a non-root user - if os.access(module_dir, os.W_OK | os.R_OK | os.X_OK): - fd, wrapper_path = tempfile.mkstemp(prefix=module_dir + '/') + if os.access(module_tmpdir, os.W_OK | os.R_OK | os.X_OK): + fd, wrapper_path = tempfile.mkstemp(prefix=module_tmpdir + '/') else: raise OSError except (IOError, OSError): @@ -1142,7 +1141,7 @@ def main(): # create a wrapper script and export # GIT_SSH= as an environment variable # for git to use the wrapper script - ssh_wrapper = write_ssh_wrapper() + ssh_wrapper = write_ssh_wrapper(module.tmpdir) set_git_ssh(ssh_wrapper, key_file, ssh_opts) module.add_cleanup_file(path=ssh_wrapper)