[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core][kirkstone 29/34] bitbake.conf: mark all directories as safe for git to read
From: "Steve Sakoman" <steve () sakoman ! com>
Date: 2022-04-29 16:00:48
Message-ID: 204cc2fdd75631ab0a84a3a090f5cd7dcfc13856.1651246310.git.steve () sakoman ! com
[Download RAW message or body]
Content-Transfer-Encoding: 8bit
From: Ross Burton <ross.burton@arm.com>
Recent git releases containing [1] have an ownership check when opening
repositories, and refuse to open a repository if it is owned by a
different user.
This breaks any use of git in do_install, as that is executed by the
(fake) root user. Whilst not common, this does happen.
Setting the git configuration safe.directories=* disables this check, so
that git is usable in fakeroot tasks. This can be set globally via the
internal environment variable GIT_CONFIG_PARAMETERS, we can't use
GIT_CONFIG_*_KEY/VALUE as that isn't present in all the releases which
have the ownership check.
We already set GIT_CEILING_DIRECTORIES to ensure that git doesn't
recurse up out of the work directory, so this isn't a security issue.
[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8bed8e6993e7297bdcd68940aa0d47ef47120117)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/conf/bitbake.conf | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 0e939aca4f..1deba8d910 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -776,10 +776,18 @@ export PKG_CONFIG_DISABLE_UNINSTALLED = "yes"
export PKG_CONFIG_SYSTEM_LIBRARY_PATH = "${base_libdir}:${libdir}"
export PKG_CONFIG_SYSTEM_INCLUDE_PATH = "${includedir}"
+# Git configuration
+
# Don't allow git to chdir up past WORKDIR so that it doesn't detect the OE
# repository when building a recipe
export GIT_CEILING_DIRECTORIES = "${WORKDIR}"
+# Treat all directories are safe, as during fakeroot tasks git will run as
+# root so recent git releases (eg 2.30.3) will refuse to work on repositories. See
+# https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 for
+# further details.
+export GIT_CONFIG_PARAMETERS="'safe.directory=*'"
+
###
### Config file processing
###
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165048): https://lists.openembedded.org/g/openembedded-core/message/165048
Mute This Topic: https://lists.openembedded.org/mt/90779189/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic