From: "Richard Purdie" <richard.purdie@linuxfoundation.org>
To: Mike Looijmans <mike.looijmans@topic.nl>,
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] Git and pseudo
Date: Mon, 25 Apr 2022 13:51:46 +0100 [thread overview]
Message-ID: <749f33fad354821ee5e1b9f061aae211c252b934.camel@linuxfoundation.org> (raw)
In-Reply-To: <ef4b958c-8310-4b40-f671-779558228550@topic.nl>
On Mon, 2022-04-25 at 09:40 +0200, Mike Looijmans wrote:
> Recently GIT got updated with a security fix:
>
> https://github.blog/2022-04-12-git-security-vulnerability-announced/
>
>
> The problem is that this causes all "git" tasks that run within pseudo
> (most noticably, image recipes) to fail. In many repositories, we use:
> git rev-parse --verify HEAD > /etc/revision
>
> Or something similar to that. After the GIT update, this now fails with
> an error like:
>
> '''
> fatal: unsafe repository ('/home/mike/repository/path' is owned by
> someone else)
> To add an exception for this directory, call:
>
> git config --global --add safe.directory /home/mike/repository/path
> '''
>
> Apart from doing as it says, or even "git config --global --add
> safe.directory '*'" anyone have a better idea, especially one that
> prevents the system thinking I'm someone else (root in the case of pseudo).
https://git.yoctoproject.org/poky/commit/?id=21559199516a31c7635c5f2d874eaa4a92fff0e5
However this isn't quite enough as some things encode the path to git into build
files so the PATH change at do_install isn't enough. igt-gpu-tools via meson in
OE-Core is an example.
Cheers,
Richard
next prev parent reply other threads:[~2022-04-25 12:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1b153bce-a66a-45ee-a5c6-963ea6fb1c82.949ef384-8293-46b8-903f-40a477c056ae.6812ddf4-d065-4e4e-ad42-c48d1bca155d@emailsignatures365.codetwo.com>
[not found] ` <1b153bce-a66a-45ee-a5c6-963ea6fb1c82.0d2bd5fa-15cc-4b27-b94e-83614f9e5b38.65eda1d8-3d07-4fbe-a1d1-669c533cd0a5@emailsignatures365.codetwo.com>
2022-04-25 7:40 ` Git and pseudo Mike Looijmans
2022-04-25 12:51 ` Richard Purdie [this message]
2022-04-26 9:08 ` [OE-core] " Mike Looijmans
2022-04-27 6:47 ` Stefano Babic
2022-04-27 10:22 ` Richard Purdie
2022-04-27 10:37 ` Jose Quaresma
2022-04-27 10:56 ` Richard Purdie
2022-04-28 8:24 ` Jose Quaresma
2022-04-27 10:48 ` Stefano Babic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=749f33fad354821ee5e1b9f061aae211c252b934.camel@linuxfoundation.org \
--to=richard.purdie@linuxfoundation.org \
--cc=mike.looijmans@topic.nl \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.