Allow git to run on an other user repository - stagit-gopher - A git gopher fro… | |
git clone git://bitreich.org/stagit-gopher/ git://enlrupgkhuxnvlhsf6lc3fziv5h2h… | |
Log | |
Files | |
Refs | |
Tags | |
README | |
LICENSE | |
--- | |
commit 8c74699abac4d2331eeb70c01c5b0367282a3281 | |
parent 9a8c60cb308d58cfc10d1ecfd6f6779bd8e806f5 | |
Author: Hiltjo Posthuma <[email protected]> | |
Date: Tue, 24 May 2022 11:09:18 +0200 | |
Allow git to run on an other user repository | |
Reported by Anton: | |
"Recent versions of libgit2 broke stagit for me due to the added opt-out | |
GIT_OPT_SET_OWNER_VALIDATION configuration knob. My repositories are owned by | |
root:vcs and I run stagit as another user which happens to be in vcs group but | |
not the owner of the repository. Disabling the validation makes stagit work as | |
expected again." | |
Some notes: | |
When using regular git it also provides a knob. This is due to a security | |
concern in some cases, which is not applicable to stagit. | |
git log somerepo | |
fatal: unsafe repository ('somerepo' is owned by someone else) | |
To add an exception for this directory, call: | |
git config --global --add safe.directory somerepo | |
See also / related: | |
- https://github.blog/2022-04-12-git-security-vulnerability-announced/ | |
Diffstat: | |
M stagit-gopher-index.c | 2 ++ | |
M stagit-gopher.c | 2 ++ | |
2 files changed, 4 insertions(+), 0 deletions(-) | |
--- | |
diff --git a/stagit-gopher-index.c b/stagit-gopher-index.c | |
@@ -253,6 +253,8 @@ main(int argc, char *argv[]) | |
git_libgit2_init(); | |
for (i = 1; i <= GIT_CONFIG_LEVEL_APP; i++) | |
git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, i, ""); | |
+ /* do not require the git repository to be owned by the current user */ | |
+ git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 0); | |
#ifdef __OpenBSD__ | |
if (pledge("stdio rpath", NULL) == -1) | |
diff --git a/stagit-gopher.c b/stagit-gopher.c | |
@@ -1296,6 +1296,8 @@ main(int argc, char *argv[]) | |
git_libgit2_init(); | |
for (i = 1; i <= GIT_CONFIG_LEVEL_APP; i++) | |
git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, i, ""); | |
+ /* do not require the git repository to be owned by the current user */ | |
+ git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 0); | |
#ifdef __OpenBSD__ | |
if (unveil(repodir, "r") == -1) |