From: Mark Wielaard <mark@klomp.org>
To: Mark Wielaard via Overseers <overseers@sourceware.org>
Cc: Joel Brobecker <brobecker@adacore.com>,
Gerald Pfeifer <gerald@pfeifer.com>,
Tobias Burnus <tobias@codesourcery.com>,
Jakub Jelinek <jakub@redhat.com>,
Jonathan Wakely <jwakely.gcc@gmail.com>
Subject: Re: git safe.directory
Date: Mon, 22 May 2023 18:13:37 +0200 [thread overview]
Message-ID: <ceb5a0dad8e9dbe96912cbd9a11e74d46a37277a.camel@klomp.org> (raw)
In-Reply-To: <20230521172122.GG3420@gnu.wildebeest.org>
Hi,
On Sun, 2023-05-21 at 19:21 +0200, Mark Wielaard via Overseers wrote:
> Earlier this week git got upgraded on sourceware to include support
> for safe.directory. Joel noticed an issue with the gdbadmin cron job
> for the binutils-gdb.git repo. It would complain with:
>
> fatal: detected dubious ownership in repository at
> '/sourceware1/projects/src-home/binutils-gdb.git'
>
> Given this repo is shared between different projects and users it is
> "expected" that the git directory/config might be writable by someone
> else in this case. We believe that doing the following for the
> gdbadmin user is the appropriate workaround for now:
>
> git config --global --add safe.directory \
> /sourceware1/projects/src-home/binutils-gdb.git
>
> I looked over other repos, cron jobs and hooks, but couldn't find any
> other issue with this new "feature". The git operations executed on
> them either don't use the config file or the operations are only
> executed by the actual user "owning" the git repo config file.
I missed the gcc-wwwdocs post-receive hook.
Tobias noticed that commits don't update the website anymore.
And the /www/gcc/update.log do indeed contains:
fatal: detected dubious ownership in repository at
'/sourceware1/www/gcc/wwwdocs-checkout'
For now I have added as a workaround to /etc/gitconfig:
[safe]
directory = /sourceware1/www/gcc/wwwdocs-checkout
Which should make it possible for anybody to run the post-receive hook
again. But I think it would be better if we change things so that only
gccadmin (who owns the wwwdocs-checkout repo) would do the updates
(from a cronjob?)
Note, I didn't try to replay the last few failing commits, so someone
should still do that to get the gcc.gnu.org website updated.
> But if you notice any 'detected dubious ownership' of any git
> operations please report and/or check the dir/config file ownership
> and/or add a 'safe.directory' workaround for the affected user.
>
> Of course you can also move some operations to the separate
> snapshots.sourceware.org server if it doesn't require access to the
> repo directly.
Cheers,
Mark
next prev parent reply other threads:[~2023-05-22 16:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-21 17:21 Mark Wielaard
2023-05-22 16:13 ` Mark Wielaard [this message]
2023-05-23 8:41 ` Mark Wielaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ceb5a0dad8e9dbe96912cbd9a11e74d46a37277a.camel@klomp.org \
--to=mark@klomp.org \
--cc=brobecker@adacore.com \
--cc=gerald@pfeifer.com \
--cc=jakub@redhat.com \
--cc=jwakely.gcc@gmail.com \
--cc=overseers@sourceware.org \
--cc=tobias@codesourcery.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).