From: Mike Looijmans <mike.looijmans@topic.nl>
To: Richard Purdie <richard.purdie@linuxfoundation.org>,
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] Git and pseudo
Date: Tue, 26 Apr 2022 11:08:49 +0200 [thread overview]
Message-ID: <70d61f68-8a56-86fa-5772-598628219797@topic.nl> (raw)
In-Reply-To: <749f33fad354821ee5e1b9f061aae211c252b934.camel@linuxfoundation.org>
Met vriendelijke groet / kind regards,
Mike Looijmans
System Expert
TOPIC Embedded Products B.V.
Materiaalweg 4, 5681 RJ Best
The Netherlands
T: +31 (0) 499 33 69 69
E: mike.looijmans@topicproducts.com
W: www.topic.nl
Please consider the environment before printing this e-mail
On 25-04-2022 14:51, Richard Purdie wrote:
> On Mon, 2022-04-25 at 09:40 +0200, Mike Looijmans wrote:
>> Recently GIT got updated with a security fix:
>>
>> https://github.blog/2022-04-12-git-security-vulnerability-announced/
>>
>>
>> The problem is that this causes all "git" tasks that run within pseudo
>> (most noticably, image recipes) to fail. In many repositories, we use:
>> git rev-parse --verify HEAD > /etc/revision
>>
>> Or something similar to that. After the GIT update, this now fails with
>> an error like:
>>
>> '''
>> fatal: unsafe repository ('/home/mike/repository/path' is owned by
>> someone else)
>> To add an exception for this directory, call:
>>
>> git config --global --add safe.directory /home/mike/repository/path
>> '''
>>
>> Apart from doing as it says, or even "git config --global --add
>> safe.directory '*'" anyone have a better idea, especially one that
>> prevents the system thinking I'm someone else (root in the case of pseudo).
> https://git.yoctoproject.org/poky/commit/?id=21559199516a31c7635c5f2d874eaa4a92fff0e5
>
> However this isn't quite enough as some things encode the path to git into build
> files so the PATH change at do_install isn't enough. igt-gpu-tools via meson in
> OE-Core is an example.
>
> Cheers,
>
> Richard
>
Nice, also for general usefulness.
For our particular case, I came up with this (works in old OE versions
as well), just inserting a task since both do_image and do_rootfs run
under fakeroot:
# We require access to the git repository here, so we must run outside
fakeroot
do_swumetadata() {
# Hardware revision for SWUpdate
echo "${SWU_BOARD_HWREVISION}" > ${IMAGE_ROOTFS}${sysconfdir}/hwrevision
v=`git rev-parse --verify HEAD`
echo $v > ${IMAGE_ROOTFS}${sysconfdir}/swrevision
echo $v > ${DEPLOY_DIR_IMAGE}/${IMAGE_BASENAME}.swrevision
}
addtask do_swumetadata before do_image after do_rootfs
--
Mike Looijmans
next prev parent reply other threads:[~2022-04-26 9:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1b153bce-a66a-45ee-a5c6-963ea6fb1c82.949ef384-8293-46b8-903f-40a477c056ae.6812ddf4-d065-4e4e-ad42-c48d1bca155d@emailsignatures365.codetwo.com>
[not found] ` <1b153bce-a66a-45ee-a5c6-963ea6fb1c82.0d2bd5fa-15cc-4b27-b94e-83614f9e5b38.65eda1d8-3d07-4fbe-a1d1-669c533cd0a5@emailsignatures365.codetwo.com>
2022-04-25 7:40 ` Git and pseudo Mike Looijmans
2022-04-25 12:51 ` [OE-core] " Richard Purdie
2022-04-26 9:08 ` Mike Looijmans [this message]
2022-04-27 6:47 ` Stefano Babic
2022-04-27 10:22 ` Richard Purdie
2022-04-27 10:37 ` Jose Quaresma
2022-04-27 10:56 ` Richard Purdie
2022-04-28 8:24 ` Jose Quaresma
2022-04-27 10:48 ` Stefano Babic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=70d61f68-8a56-86fa-5772-598628219797@topic.nl \
--to=mike.looijmans@topic.nl \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.