There is a behaviour change in git 2.45.x in which git-daemon(1) no longer allows exporting a git repo owned by a different uid unless the repository has been explicitly marked as safe.
This resulted in an automated test regression for ikiwiki-hosting: the test asserts that we can git clone a newly created site's source.git, but the git-daemon(1) is running as ikiwiki-anon and the source.git is owned by w-example, so git-daemon(1) refuses to serve it.
I've asked the git maintainers whether this particular behaviour change was intentional, and if yes, what the recommended way is to reassure git-daemon(1) that it can, in fact, serve another user's git repo. If the behaviour change was intentional, it might be necessary for ikiwiki-hosting-web to write out configuration to achieve that.
A crude version is to write
[safe]
directory=*
into /var/lib/ikiwiki-hosting-web/git/.gitconfig, but I'm hoping that the git maintainers can suggest something a little more targeted.
--smcv
This is the least intrusive patch I've been able to come up with:
The patch above was based on the one from use a native systemd unit to run git-daemon. Updated patch with init script support: