aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@arm.com>2022-04-26 13:07:20 +0100
committerAnuj Mittal <anuj.mittal@intel.com>2022-04-28 10:45:16 +0800
commit7a97531169d662fe0466db5992566bcdbe3a0d5f (patch)
tree5ccde979e5344bffe4b942279b5b3b3ca66c89d2
parentd411ea3114cde55ae68a2d437e854c5b17f78131 (diff)
downloadopenembedded-core-contrib-stable/honister-next.tar.gz
openembedded-core-contrib-stable/honister-next.tar.bz2
openembedded-core-contrib-stable/honister-next.zip
bitbake.conf: mark all directories as safe for git to readstable/honister-next
Recent git releases containing [1] have an ownership check when opening repositories, and refuse to open a repository if it is owned by a different user. This breaks any use of git in do_install, as that is executed by the (fake) root user. Whilst not common, this does happen. Setting the git configuration safe.directories=* disables this check, so that git is usable in fakeroot tasks. This can be set globally via the internal environment variable GIT_CONFIG_PARAMETERS, we can't use GIT_CONFIG_*_KEY/VALUE as that isn't present in all the releases which have the ownership check. We already set GIT_CEILING_DIRECTORIES to ensure that git doesn't recurse up out of the work directory, so this isn't a security issue. [1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8bed8e6993e7297bdcd68940aa0d47ef47120117) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-rw-r--r--meta/conf/bitbake.conf8
1 files changed, 8 insertions, 0 deletions
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index c2cb2f0d9d..51253003fd 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -730,10 +730,18 @@ export PKG_CONFIG_DISABLE_UNINSTALLED = "yes"
export PKG_CONFIG_SYSTEM_LIBRARY_PATH = "${base_libdir}:${libdir}"
export PKG_CONFIG_SYSTEM_INCLUDE_PATH = "${includedir}"
+# Git configuration
+
# Don't allow git to chdir up past WORKDIR so that it doesn't detect the OE
# repository when building a recipe
export GIT_CEILING_DIRECTORIES = "${WORKDIR}"
+# Treat all directories are safe, as during fakeroot tasks git will run as
+# root so recent git releases (eg 2.30.3) will refuse to work on repositories. See
+# https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 for
+# further details.
+export GIT_CONFIG_PARAMETERS="'safe.directory=*'"
+
###
### Config file processing
###