Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
TT#171400 Adjust git repos for new safe.directory behavior
In more recent versions, Git upstream does an owner check for the top-level directory (see git upstream commit 8959555ce), also see https://github.blog/2022-04-12-git-security-vulnerability-announced/ This change is included in git versions >=2.30.3, >=2.31.2, >=2.34.2, >=2.35.2 + >=2.36.0-rc2, and therefore also affects the Git package v2.35.2-1 as present in current Debian/unstable (as of 2022-04-15). Now due to this behavioral change, our unit tests fail with e.g.: | err = ('fatal: unsafe repository ' | "('/tmp/pytest-of-root/pytest-0/test_status_build0/ngcpctl-pytest-base/ngcp-config' " | 'is owned by someone else)\n' | 'To add an exception for this directory, call:\n' | '\n' | '\tgit config --global --add safe.directory ' | '/tmp/pytest-of-root/pytest-0/test_status_build0/ngcpctl-pytest-base/ngcp-config\n') | ex = 128 We're creating many temporary git repositories. Therefore, adding every single repository via `git config --global --add safe.directory` as suggested in git's error message isn't really a viable option for us. Git upstream also recognized this, and as of git rev 0f85c4a30 it's possible to opt-out of this check via `safe.directory=*`. This change is currently included in Git versions 2.30.4, 2.31.3, 2.32.2, 2.33.3, 2.34.3 and 2.35.3 only, so not and option for the git version of Debian/unstable, yet. But nevertheless, it's not really an ideal option for us, as we don't want to mess with $HOME/.gitconfig ever, as this might not always be some random directory inside a testing container, but pointing to an actual user configuration. The underlying reason, why this issue showed up in our Github actions is caused by the fact, that the checkout of the artifacts is running as user (also see actions/checkout#47): | uid=1001(runner) gid=121(docker) groups=121(docker),4(adm),101(systemd-journal) But the docker containers are executed with root permissions in the following steps. To properly handle this, we set the permissions of the git repository to $UID/$GID of the executing user. Furthermore, we need to have proper author information available. Otherwise it might be failing with `Author identity unknown [...] Please tell me who you are` and fail with exit code 128 as well, as has been observed in our Github's Debian packaging pipeline for sid. While at it, let's unify our git configuration, by using the following settings for all the user configuration: | git config --local user.email pytest@example.com | git config --local user.name pytest Change-Id: Icad0ea4c3daf22f17481f23b27fa17750bd623da
- Loading branch information