[gentoo-dev] [PATCH] git-r3.eclass: Add checkout dirs as "safe" directories

[gentoo-dev] [PATCH] git-r3.eclass: Add checkout dirs as "safe" directories

[Michał Górny]

Mark all checkout directories as "safe" to avoid dubious ownership
errors with newer git versions when the checkout directory is accessed
from src_install().

Bug: https://bugs.gentoo.org/879353
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 eclass/git-r3.eclass | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass
index 59d4f9a0038f..bdb28565e2f9 100644
--- a/eclass/git-r3.eclass
+++ b/eclass/git-r3.eclass
@@ -887,6 +887,11 @@ git-r3_checkout() {
 			cp "${orig_repo}"/packed-refs "${GIT_DIR}"/packed-refs || die
 		fi
 
+		# mark this directory as "safe" so that src_install() can access it
+		# https://bugs.gentoo.org/879353
+		git config --global --add safe.directory \
+			"$(cd "${out_dir}" && echo "${PWD}")" || die
+
 		# (no need to copy HEAD, we will set it via checkout)
 
 		if [[ -f ${orig_repo}/shallow ]]; then
-- 
2.38.1

Re: [gentoo-dev] [PATCH] git-r3.eclass: Add checkout dirs as "safe" directories

[Florian Schmaus]

On 06.11.22 12:03, Michał Górny wrote:
> Mark all checkout directories as "safe" to avoid dubious ownership
> errors with newer git versions when the checkout directory is accessed
> from src_install().
> 
> Bug: https://bugs.gentoo.org/879353
> Signed-off-by: Michał Górny <mgorny@gentoo.org>
> ---
>   eclass/git-r3.eclass | 5 +++++
>   1 file changed, 5 insertions(+)
> 
> diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass
> index 59d4f9a0038f..bdb28565e2f9 100644
> --- a/eclass/git-r3.eclass
> +++ b/eclass/git-r3.eclass
> @@ -887,6 +887,11 @@ git-r3_checkout() {
>   			cp "${orig_repo}"/packed-refs "${GIT_DIR}"/packed-refs || die
>   		fi
>   
> +		# mark this directory as "safe" so that src_install() can access it
> +		# https://bugs.gentoo.org/879353
> +		git config --global --add safe.directory \
> +			"$(cd "${out_dir}" && echo "${PWD}")" || die

I guess there is no way we can avoid the --global and use --local instead?

- Flow

Re: [gentoo-dev] [PATCH] git-r3.eclass: Add checkout dirs as "safe" directories

[Michał Górny]

On Sun, 2022-11-06 at 12:19 +0100, Florian Schmaus wrote:
> On 06.11.22 12:03, Michał Górny wrote:
> > Mark all checkout directories as "safe" to avoid dubious ownership
> > errors with newer git versions when the checkout directory is accessed
> > from src_install().
> > 
> > Bug: https://bugs.gentoo.org/879353
> > Signed-off-by: Michał Górny <mgorny@gentoo.org>
> > ---
> >   eclass/git-r3.eclass | 5 +++++
> >   1 file changed, 5 insertions(+)
> > 
> > diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass
> > index 59d4f9a0038f..bdb28565e2f9 100644
> > --- a/eclass/git-r3.eclass
> > +++ b/eclass/git-r3.eclass
> > @@ -887,6 +887,11 @@ git-r3_checkout() {
> >   			cp "${orig_repo}"/packed-refs "${GIT_DIR}"/packed-refs || die
> >   		fi
> >   
> > +		# mark this directory as "safe" so that src_install() can access it
> > +		# https://bugs.gentoo.org/879353
> > +		git config --global --add safe.directory \
> > +			"$(cd "${out_dir}" && echo "${PWD}")" || die
> 
> I guess there is no way we can avoid the --global and use --local instead?
> 

safe.directory works only in protected scoeps, i.e. system, global and
command.  See git-config(1).

That said, the check wouldn't really make sense if the repository were
able to declare itself safe.

-- 
Best regards,
Michał Górny

Re: [gentoo-dev] [PATCH] git-r3.eclass: Add checkout dirs as "safe" directories

[Michael Orlitzky]

On Sun, 2022-11-06 at 12:19 +0100, Florian Schmaus wrote:
> 
> I guess there is no way we can avoid the --global and use --local instead?
> 

The setting is only respected if it's in the global ($HOME) or system
(/etc) configs. There's no explanation for that in the man page, but
it's probably because you can't let $repo/.git/config be in charge of
safety if $repo is untrustworthy.

Re: [gentoo-dev] [PATCH] git-r3.eclass: Add checkout dirs as "safe" directories

[Florian Schmaus]

On 06.11.22 12:38, Michał Górny wrote:
> On Sun, 2022-11-06 at 12:19 +0100, Florian Schmaus wrote:
>> On 06.11.22 12:03, Michał Górny wrote:
>>> Mark all checkout directories as "safe" to avoid dubious ownership
>>> errors with newer git versions when the checkout directory is accessed
>>> from src_install().
>>>
>>> Bug: https://bugs.gentoo.org/879353
>>> Signed-off-by: Michał Górny <mgorny@gentoo.org>
>>> ---
>>>    eclass/git-r3.eclass | 5 +++++
>>>    1 file changed, 5 insertions(+)
>>>
>>> diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass
>>> index 59d4f9a0038f..bdb28565e2f9 100644
>>> --- a/eclass/git-r3.eclass
>>> +++ b/eclass/git-r3.eclass
>>> @@ -887,6 +887,11 @@ git-r3_checkout() {
>>>    			cp "${orig_repo}"/packed-refs "${GIT_DIR}"/packed-refs || die
>>>    		fi
>>>    
>>> +		# mark this directory as "safe" so that src_install() can access it
>>> +		# https://bugs.gentoo.org/879353
>>> +		git config --global --add safe.directory \
>>> +			"$(cd "${out_dir}" && echo "${PWD}")" || die
>>
>> I guess there is no way we can avoid the --global and use --local instead?
>>
> 
> safe.directory works only in protected scoeps, i.e. system, global and
> command.  See git-config(1).
> 
> That said, the check wouldn't really make sense if the repository were
> able to declare itself safe.


Fair point, and I suspected as much.

Am I right that this does modify ~portage/.gitconfig (so usually 
/var/lib/portage/home/.gitconfig)? If so, I wonder if this could be 
avoided, e.g., by setting XDG_CONFIG_HOME to $T/.config. But I guess 
that has the potential to break other things. And having some eclass 
modifying the home directory of the portage user is not probably 
something we could live with. It would just we be nice if the 
save.directory setting would be just temporary during the emerge, e.g., 
set somewhere under T.

- Flow

Re: [gentoo-dev] [PATCH] git-r3.eclass: Add checkout dirs as "safe" directories

[Michał Górny]

On Sun, 2022-11-06 at 16:08 +0100, Florian Schmaus wrote:
> On 06.11.22 12:38, Michał Górny wrote:
> > On Sun, 2022-11-06 at 12:19 +0100, Florian Schmaus wrote:
> > > On 06.11.22 12:03, Michał Górny wrote:
> > > > Mark all checkout directories as "safe" to avoid dubious ownership
> > > > errors with newer git versions when the checkout directory is accessed
> > > > from src_install().
> > > > 
> > > > Bug: https://bugs.gentoo.org/879353
> > > > Signed-off-by: Michał Górny <mgorny@gentoo.org>
> > > > ---
> > > >    eclass/git-r3.eclass | 5 +++++
> > > >    1 file changed, 5 insertions(+)
> > > > 
> > > > diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass
> > > > index 59d4f9a0038f..bdb28565e2f9 100644
> > > > --- a/eclass/git-r3.eclass
> > > > +++ b/eclass/git-r3.eclass
> > > > @@ -887,6 +887,11 @@ git-r3_checkout() {
> > > >    			cp "${orig_repo}"/packed-refs "${GIT_DIR}"/packed-refs || die
> > > >    		fi
> > > >    
> > > > +		# mark this directory as "safe" so that src_install() can access it
> > > > +		# https://bugs.gentoo.org/879353
> > > > +		git config --global --add safe.directory \
> > > > +			"$(cd "${out_dir}" && echo "${PWD}")" || die
> > > 
> > > I guess there is no way we can avoid the --global and use --local instead?
> > > 
> > 
> > safe.directory works only in protected scoeps, i.e. system, global and
> > command.  See git-config(1).
> > 
> > That said, the check wouldn't really make sense if the repository were
> > able to declare itself safe.
> 
> 
> Fair point, and I suspected as much.
> 
> Am I right that this does modify ~portage/.gitconfig (so usually 
> /var/lib/portage/home/.gitconfig)? If so, I wonder if this could be 
> avoided, e.g., by setting XDG_CONFIG_HOME to $T/.config. But I guess 
> that has the potential to break other things. And having some eclass 
> modifying the home directory of the portage user is not probably 
> something we could live with. It would just we be nice if the 
> save.directory setting would be just temporary during the emerge, e.g., 
> set somewhere under T.
> 

HOME	
All
Ditto	
The full path to an appropriate temporary directory for use by any
programs invoked by the ebuild that may read or modify the home
directory. [1]

[1] https://projects.gentoo.org/pms/8/pms.html#x1-10900011.1

-- 
Best regards,
Michał Górny

Re: [gentoo-dev] [PATCH] git-r3.eclass: Add checkout dirs as "safe" directories

[Florian Schmaus]

On 06.11.22 16:52, Michał Górny wrote:
> On Sun, 2022-11-06 at 16:08 +0100, Florian Schmaus wrote:
>> Fair point, and I suspected as much.
>>
>> Am I right that this does modify ~portage/.gitconfig (so usually
>> /var/lib/portage/home/.gitconfig)? If so, I wonder if this could be
>> avoided, e.g., by setting XDG_CONFIG_HOME to $T/.config. But I guess
>> that has the potential to break other things. And having some eclass
>> modifying the home directory of the portage user is not probably
>> something we could live with. It would just we be nice if the
>> save.directory setting would be just temporary during the emerge, e.g.,
>> set somewhere under T.
>>
> 
> HOME	
> All
> Ditto	
> The full path to an appropriate temporary directory for use by any
> programs invoked by the ebuild that may read or modify the home
> directory. [1]

Nice, I wasn't aware that PMS mandates HOME being set.

- Flow