From 157d2e00eb2f02afa739b3a1a654a5d11f5f447b Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Thu, 21 May 2015 08:58:11 +0000
Subject: [PATCH] Fix pagure facls for https cloning

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/pagure/frontend/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml
index 52bace88f3..1353996b14 100644
--- a/roles/pagure/frontend/tasks/main.yml
+++ b/roles/pagure/frontend/tasks/main.yml
@@ -211,6 +211,14 @@
   notify:
   - restart apache
 
+- name: Add default facl so apache can read git repos
+  acl: default=yes etype=user entity=apache permissions=rx name=/srv/git
+  register: acl_updates
+
+- name: Manually fix current ACLs since Ansible doesnt know recursive acls
+  when: acl_updates.changed
+  command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
+
 - name: set sebooleans so pkgdb2 can talk to the db
   action: seboolean name=httpd_can_network_connect_db
                     state=true