From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 3EA523858D38 for ; Mon, 22 May 2023 16:13:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3EA523858D38 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from r6.localdomain (82-217-174-174.cable.dynamic.v4.ziggo.nl [82.217.174.174]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 061D63043563; Mon, 22 May 2023 18:13:38 +0200 (CEST) Received: by r6.localdomain (Postfix, from userid 1000) id 5031F340063; Mon, 22 May 2023 18:13:37 +0200 (CEST) Message-ID: Subject: Re: git safe.directory From: Mark Wielaard To: Mark Wielaard via Overseers Cc: Joel Brobecker , Gerald Pfeifer , Tobias Burnus , Jakub Jelinek , Jonathan Wakely Date: Mon, 22 May 2023 18:13:37 +0200 In-Reply-To: <20230521172122.GG3420@gnu.wildebeest.org> References: <20230521172122.GG3420@gnu.wildebeest.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.1 (3.48.1-1.fc38) MIME-Version: 1.0 X-Spam-Status: No, score=-3028.5 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,RCVD_IN_BARRACUDACENTRAL,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi, On Sun, 2023-05-21 at 19:21 +0200, Mark Wielaard via Overseers wrote: > Earlier this week git got upgraded on sourceware to include support > for safe.directory. Joel noticed an issue with the gdbadmin cron job > for the binutils-gdb.git repo. It would complain with: >=20 > fatal: detected dubious ownership in repository at > '/sourceware1/projects/src-home/binutils-gdb.git' >=20 > Given this repo is shared between different projects and users it is > "expected" that the git directory/config might be writable by someone > else in this case. We believe that doing the following for the > gdbadmin user is the appropriate workaround for now: >=20 > git config --global --add safe.directory \ > /sourceware1/projects/src-home/binutils-gdb.git >=20 > I looked over other repos, cron jobs and hooks, but couldn't find any > other issue with this new "feature". The git operations executed on > them either don't use the config file or the operations are only > executed by the actual user "owning" the git repo config file. I missed the gcc-wwwdocs post-receive hook. Tobias noticed that commits don't update the website anymore. And the /www/gcc/update.log do indeed contains: fatal: detected dubious ownership in repository at '/sourceware1/www/gcc/wwwdocs-checkout' For now I have added as a workaround to /etc/gitconfig: [safe] directory =3D /sourceware1/www/gcc/wwwdocs-checkout Which should make it possible for anybody to run the post-receive hook again. But I think it would be better if we change things so that only gccadmin (who owns the wwwdocs-checkout repo) would do the updates (from a cronjob?) Note, I didn't try to replay the last few failing commits, so someone should still do that to get the gcc.gnu.org website updated. > But if you notice any 'detected dubious ownership' of any git > operations please report and/or check the dir/config file ownership > and/or add a 'safe.directory' workaround for the affected user. >=20 > Of course you can also move some operations to the separate > snapshots.sourceware.org server if it doesn't require access to the > repo directly. Cheers, Mark