From: Ross Burton <ross.bur...@arm.com> Recent git releases containing [1] have an ownership check when opening repositories, and refuse to open a repository if it is owned by a different user.
This breaks any use of git in do_install, as that is executed by the (fake) root user. Whilst not common, this does happen. Setting the git configuration safe.directories=* disables this check, so that git is usable in fakeroot tasks. This can be set globally via the internal environment variable GIT_CONFIG_PARAMETERS, we can't use GIT_CONFIG_*_KEY/VALUE as that isn't present in all the releases which have the ownership check. We already set GIT_CEILING_DIRECTORIES to ensure that git doesn't recurse up out of the work directory, so this isn't a security issue. [1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 Signed-off-by: Ross Burton <ross.bur...@arm.com> Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org> (cherry picked from commit 8bed8e6993e7297bdcd68940aa0d47ef47120117) Signed-off-by: Steve Sakoman <st...@sakoman.com> --- meta/conf/bitbake.conf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 91f003d6dd..2b94e37861 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -726,10 +726,18 @@ export PKG_CONFIG_DISABLE_UNINSTALLED = "yes" export PKG_CONFIG_SYSTEM_LIBRARY_PATH = "${base_libdir}:${libdir}" export PKG_CONFIG_SYSTEM_INCLUDE_PATH = "${includedir}" +# Git configuration + # Don't allow git to chdir up past WORKDIR so that it doesn't detect the OE # repository when building a recipe export GIT_CEILING_DIRECTORIES = "${WORKDIR}" +# Treat all directories are safe, as during fakeroot tasks git will run as +# root so recent git releases (eg 2.30.3) will refuse to work on repositories. See +# https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 for +# further details. +export GIT_CONFIG_PARAMETERS="'safe.directory=*'" + ### ### Config file processing ### -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165186): https://lists.openembedded.org/g/openembedded-core/message/165186 Mute This Topic: https://lists.openembedded.org/mt/90848099/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
