Enforce safe directory #762
Merged
+240
−165
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ethomson
reviewed
Apr 13, 2022
thboop
commented
Apr 13, 2022
| // Arrange | ||
| await setup(removeGlobalAuth_removesOverride) |
There was a problem hiding this comment.
Renamed this function, changes are a result of that
thboop
commented
Apr 13, 2022
thboop
commented
Apr 13, 2022
thboop
commented
Apr 13, 2022
|
@thboop thanks a lot for taking quick action! Do you have an ETA on when you plan to land this fix? |
thboop
commented
Apr 14, 2022
thboop
force-pushed
the
thboop/fixSafeDirectory
branch
from
c940690
to
5c1bbe6
Compare
thboop
force-pushed
the
thboop/fixSafeDirectory
branch
from
5c1bbe6
to
55fd82f
Compare
TingluoHuang
approved these changes
Apr 14, 2022
clebergnu
added a commit
to clebergnu/avocado
that referenced
this pull request
May 16, 2022
This workflow is currently failing, giving the following error:
fatal: unsafe repository ('/__w/avocado/avocado' is owned by someone else)
To add an exception for this directory, call:
git config --global --add safe.directory /__w/avocado/avocado
Error: Process completed with exit code 128.
Let's work around this limitation and more recent git behavior and set
the safe mode on the repo directory manually.
Reference: actions/checkout#762
Signed-off-by: Cleber Rosa <[email protected]>
3 tasks
This was referenced Jun 14, 2022
liketechnik
added a commit
to Compiler-CampusMinden/CB-Vorlesung-Bachelor
that referenced
this pull request
Jul 5, 2022
Fixes an issue introduced with a recent git update (https://github.blog/2022-04-12-git-security-vulnerability-announced/) with a common workaround (actions/checkout#762, https://stackoverflow.com/questions/71901632/fatal-error-unsafe-repository-home-repon-is-owned-by-someone-else, actions/checkout#760), by marking the /data directory inside the container as safe for git during the container build.
liketechnik
added a commit
to Compiler-CampusMinden/CB-Vorlesung-Bachelor
that referenced
this pull request
Jul 5, 2022
Fixes an issue introduced with a recent git update (https://github.blog/2022-04-12-git-security-vulnerability-announced/) with a common workaround (actions/checkout#762, https://stackoverflow.com/questions/71901632/fatal-error-unsafe-repository-home-repon-is-owned-by-someone-else, actions/checkout#760), by marking the /data directory inside the container as safe for git during the container build.
7 tasks
cagix
added a commit
to Compiler-CampusMinden/CB-Vorlesung-Bachelor
that referenced
this pull request
Jul 18, 2022
* tooling: git safe repo directory for docker image Fixes an issue introduced with a recent git update (https://github.blog/2022-04-12-git-security-vulnerability-announced/) with a common workaround (actions/checkout#762, https://stackoverflow.com/questions/71901632/fatal-error-unsafe-repository-home-repon-is-owned-by-someone-else, actions/checkout#760), by marking the /data directory inside the container as safe for git during the container build. * tooling: point git to directory instead of disabling security features Easier to maintain version of 7c2b552 that additionally does not fiddle with security sensitive settings. * style(Makefile): docker git env into separate variable * tooling: extract repo location inside container into variable * tooling: replace missing hardcoded /data with variable Co-authored-by: Carsten Gips <[email protected]> * tooling(delete-rem-tags): pass git commit info (#19) * tooling(delete-rem-tags): pass git commit info Passes git author information via environment variables into the docker container, in order to ensure commits done by the script have correct author information. * tooling(delete-rem-tags): pass git full commit info Pass not only author information, but committer information too, since git seems to be *sometimes* unhappy with only author information, for whatever reason. * tooling: makefile formatting Co-authored-by: Carsten Gips <[email protected]> * tooling: makefile formatting Co-authored-by: Carsten Gips <[email protected]> * tooling: makefile formatting Co-authored-by: Carsten Gips <[email protected]> Co-authored-by: Carsten Gips <[email protected]>
This was referenced Aug 30, 2022
clebergnu
added a commit
to avocado-framework/avocado
that referenced
this pull request
Oct 25, 2022
This workflow is currently failing, giving the following error:
fatal: unsafe repository ('/__w/avocado/avocado' is owned by someone else)
To add an exception for this directory, call:
git config --global --add safe.directory /__w/avocado/avocado
Error: Process completed with exit code 128.
Let's work around this limitation and more recent git behavior and set
the safe mode on the repo directory manually.
Reference: actions/checkout#762
Signed-off-by: Cleber Rosa <[email protected]>
ondrejbudai
added a commit
to ondrejbudai/osbuild-composer
that referenced
this pull request
Jan 2, 2023
Github actions have a peculiar behaviour: The "job root" directory is owned by user with ID 1001 whereas many containers (like the Fedora one) run as root by default. This causes git to freak out because repositories owned by different users aren't considered safe anymore and must be explicitly allow- listed. This becomes a problem when we switch to Go 1.18 because it stamps build with Git information which fails because the repository technically isn't safe. Let's fix this by marking the repository as a safe one. Note that the actions/checkout action has a set-safe-directory feature, but this one is not permanent. After the action is done, the setting is removed. See actions/checkout#762 Signed-off-by: Ondřej Budai <[email protected]>
ondrejbudai
added a commit
to osbuild/osbuild-composer
that referenced
this pull request
Jan 6, 2023
Github actions have a peculiar behaviour: The "job root" directory is owned by user with ID 1001 whereas many containers (like the Fedora one) run as root by default. This causes git to freak out because repositories owned by different users aren't considered safe anymore and must be explicitly allow- listed. This becomes a problem when we switch to Go 1.18 because it stamps build with Git information which fails because the repository technically isn't safe. Let's fix this by marking the repository as a safe one. Note that the actions/checkout action has a set-safe-directory feature, but this one is not permanent. After the action is done, the setting is removed. See actions/checkout#762 Signed-off-by: Ondřej Budai <[email protected]>
This was referenced Jan 17, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pr fixes #760 by setting the repositories path as a safe directory when running checkout and removing that config on cleanup.
We aren't able to set it as a local config, as this setting only works for global configs.
So, using the standard we used for submodules, lets go ahead and copy the existing global config to a new location. Then we can go ahead and modify that global config (so we don't modify like a users global config if they test something on a self hosted runner real fast). Then, we can delete that global config at the end of the checkout step.
This does carry some limitations, it doesn't persist this configuration for the duration of the job mainly. So if your job pushes to git or something after checkout, that will continue to fail. We need to figure out how to address this at an ecosystem level, outside of the checkout action.