* Regression bug with latest SAFE ownership patch
@ 2024-08-17 3:15 James
2024-08-17 15:34 ` brian m. carlson
2024-08-18 17:30 ` Colin Stagner
0 siblings, 2 replies; 3+ messages in thread
From: James @ 2024-08-17 3:15 UTC (permalink / raw)
To: git
I am not a subscriber to this mailing list, so please please CC-me on replies.
I believe the recent changes for the safe ownership patch seemed to
have introduced a regression. I have a git repo which is on a shared
server that I trust and control. Adding a safe.directory does _not_
allow me to use this repo anymore. I can't even run a `git fetch`
without an error. I have renamed the repo name and directory, but
output is otherwise precise. Full logs and versions shown below:
james@computer1:~/whatever$ git remote show server2
fatal: detected dubious ownership in repository at
'/home/someoneelse/whatever/.git'
To add an exception for this directory, call:
git config --global --add safe.directory /home/someoneelse/whatever/.git
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
james@computer1:~/whatever$ git config --add safe.directory
/home/someoneelse/whatever/.git
james@computer1:~/whatever$ git config --add safe.directory '*'
james@computer1:~/whatever$ git fetch server2
fatal: detected dubious ownership in repository at
'/home/someoneelse/whatever/.git'
To add an exception for this directory, call:
git config --global --add safe.directory /home/someoneelse/whatever/.git
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
james@computer1:~/whatever$ cat .git/config
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[branch "master"]
remote = origin
merge = refs/heads/master
[remote "server2"]
url = ssh://root@server2:/home/someoneelse/whatever/
fetch = +refs/heads/*:refs/remotes/server2/*
[safe]
directory = /home/someoneelse/whatever/.git
directory = *
james@computer1:~/whatever$ git version
git version 2.45.2
james@computer1:~/whatever$ ssh root@server2 git version
git version 2.45.2
james@computer1:~/whatever$
Thanks,
James
@purpleidea
https://purpleidea.com/
https://github.com/purpleidea/mgmt/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Regression bug with latest SAFE ownership patch
2024-08-17 3:15 Regression bug with latest SAFE ownership patch James
@ 2024-08-17 15:34 ` brian m. carlson
2024-08-18 17:30 ` Colin Stagner
1 sibling, 0 replies; 3+ messages in thread
From: brian m. carlson @ 2024-08-17 15:34 UTC (permalink / raw)
To: James; +Cc: git
[-- Attachment #1: Type: text/plain, Size: 1445 bytes --]
On 2024-08-17 at 03:15:05, James wrote:
> I am not a subscriber to this mailing list, so please please CC-me on replies.
>
> I believe the recent changes for the safe ownership patch seemed to
> have introduced a regression. I have a git repo which is on a shared
> server that I trust and control. Adding a safe.directory does _not_
> allow me to use this repo anymore. I can't even run a `git fetch`
> without an error. I have renamed the repo name and directory, but
> output is otherwise precise. Full logs and versions shown below:
>
> james@computer1:~/whatever$ git remote show server2
> fatal: detected dubious ownership in repository at
> '/home/someoneelse/whatever/.git'
> To add an exception for this directory, call:
>
> git config --global --add safe.directory /home/someoneelse/whatever/.git
> fatal: Could not read from remote repository.
>
> Please make sure you have the correct access rights
> and the repository exists.
> james@computer1:~/whatever$ git config --add safe.directory
> /home/someoneelse/whatever/.git
> james@computer1:~/whatever$ git config --add safe.directory '*'
This adds the option to the local configuration, but it has to be in the
global (`--global`) or system (`--system`) config. A malicious user
that owned the repository could modify the local config, so it can't be
trusted for this reason.
--
brian m. carlson (they/them or he/him)
Toronto, Ontario, CA
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Regression bug with latest SAFE ownership patch
2024-08-17 3:15 Regression bug with latest SAFE ownership patch James
2024-08-17 15:34 ` brian m. carlson
@ 2024-08-18 17:30 ` Colin Stagner
1 sibling, 0 replies; 3+ messages in thread
From: Colin Stagner @ 2024-08-18 17:30 UTC (permalink / raw)
To: James, git
On 8/16/24 22:15, James wrote:
> I have a git repo which is on a shared server that I trust and control. Adding a safe.directory does _not_ allow me to use this repo anymore.
> james@computer1:~/whatever$ git remote show server2
> [remote "server2"]
> url = ssh://root@server2:/home/someoneelse/whatever/
> fetch = +refs/heads/*:refs/remotes/server2/*
I believe that safe.directory only affects repositories hosted on the
local filesystem—and not on SSH or HTTP(S) remotes.
I would discourage cloning a user repository with the root user, or
running git as root if you can at all avoid it.
Since you already have root access on this system, how difficult would
it be to add your SSH key as an authorized_key for someoneelse? Then you
could use ssh://someoneelse@server2:/home/someoneelse/whatever/.git as
your remote.
You could also share repositories via a simple gatekeeper or forge, like
gitolite.
Colin
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-08-18 17:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-17 3:15 Regression bug with latest SAFE ownership patch James
2024-08-17 15:34 ` brian m. carlson
2024-08-18 17:30 ` Colin Stagner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).