diff options
| author | Ross Burton <ross.burton@arm.com> | 2022-04-26 13:07:20 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-05-03 21:02:02 +0100 |
| commit | 3f17ee4ebef3103e290750d8cdd7d001fc306673 (patch) | |
| tree | ec4cc4e7b5b29c390dc85429941adba3372f47c3 | |
| parent | ce323dd1a92a5be02571beddd6c240c215258f39 (diff) | |
| download | poky-3f17ee4ebef3103e290750d8cdd7d001fc306673.tar.gz | |
bitbake.conf: mark all directories as safe for git to read
Recent git releases containing [1] have an ownership check when opening
repositories, and refuse to open a repository if it is owned by a
different user.
This breaks any use of git in do_install, as that is executed by the
(fake) root user. Whilst not common, this does happen.
Setting the git configuration safe.directories=* disables this check, so
that git is usable in fakeroot tasks. This can be set globally via the
internal environment variable GIT_CONFIG_PARAMETERS, we can't use
GIT_CONFIG_*_KEY/VALUE as that isn't present in all the releases which
have the ownership check.
We already set GIT_CEILING_DIRECTORIES to ensure that git doesn't
recurse up out of the work directory, so this isn't a security issue.
[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
(From OE-Core rev: 7a97531169d662fe0466db5992566bcdbe3a0d5f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8bed8e6993e7297bdcd68940aa0d47ef47120117)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/conf/bitbake.conf | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index c2cb2f0d9d..51253003fd 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf | |||
| @@ -730,10 +730,18 @@ export PKG_CONFIG_DISABLE_UNINSTALLED = "yes" | |||
| 730 | export PKG_CONFIG_SYSTEM_LIBRARY_PATH = "${base_libdir}:${libdir}" | 730 | export PKG_CONFIG_SYSTEM_LIBRARY_PATH = "${base_libdir}:${libdir}" |
| 731 | export PKG_CONFIG_SYSTEM_INCLUDE_PATH = "${includedir}" | 731 | export PKG_CONFIG_SYSTEM_INCLUDE_PATH = "${includedir}" |
| 732 | 732 | ||
| 733 | # Git configuration | ||
| 734 | |||
| 733 | # Don't allow git to chdir up past WORKDIR so that it doesn't detect the OE | 735 | # Don't allow git to chdir up past WORKDIR so that it doesn't detect the OE |
| 734 | # repository when building a recipe | 736 | # repository when building a recipe |
| 735 | export GIT_CEILING_DIRECTORIES = "${WORKDIR}" | 737 | export GIT_CEILING_DIRECTORIES = "${WORKDIR}" |
| 736 | 738 | ||
| 739 | # Treat all directories are safe, as during fakeroot tasks git will run as | ||
| 740 | # root so recent git releases (eg 2.30.3) will refuse to work on repositories. See | ||
| 741 | # https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 for | ||
| 742 | # further details. | ||
| 743 | export GIT_CONFIG_PARAMETERS="'safe.directory=*'" | ||
| 744 | |||
| 737 | ### | 745 | ### |
| 738 | ### Config file processing | 746 | ### Config file processing |
| 739 | ### | 747 | ### |