summaryrefslogtreecommitdiff
path: root/ci
diff options
context:
space:
mode:
authorJordan Petridis <jordan@centricular.com>2022-05-18 13:31:49 +0300
committerJordan Petridis <jordan@centricular.com>2022-08-21 08:02:44 +0300
commitb5d16197df384f1fd047f22afec7cedf9882dadf (patch)
treeca04b707566eeb5e6611929c92316908c5a71e34 /ci
parent4bdfda59e00f34415651bb1bd7fbd31f7426090a (diff)
ci: Mark git repositories we import as safe
We git add repositories of deps during building, but newer versions of git complain that the ownership doesn't correspond to the current user due to CVE-2022-24765 [1]. Mark them all as safe since they are not arbitrary repos and are already parts of our recipes we fetch. ``` Running command ['git', 'add', '--force', '-A', '.'] fatal: unsafe repository ('/builds/alatiera/cerbero/cerbero-build/sources/build-tools/pkg-config-0.29.2' is owned by someone else) ``` Gitlab runner issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29022 Git docs: https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory [1]: https://github.blog/2022-04-12-git-security-vulnerability-announced/#cve-2022-24765 Part-of: <https://gitlab.freedesktop.org/gstreamer/cerbero/-/merge_requests/862>
Diffstat (limited to 'ci')
-rwxr-xr-xci/docker_android_setup.sh4
-rwxr-xr-xci/docker_setup.sh4
2 files changed, 8 insertions, 0 deletions
diff --git a/ci/docker_android_setup.sh b/ci/docker_android_setup.sh
index aace7823..5fe09f8f 100755
--- a/ci/docker_android_setup.sh
+++ b/ci/docker_android_setup.sh
@@ -4,6 +4,10 @@ export ANDROID_HOME=$1
export ANDROID_NDK_HOME=$2
DEFAULT_BRANCH=$3
+# FIXME: might cause problems if the image is used outside CI
+# https://github.blog/2022-04-12-git-security-vulnerability-announced/#cve-2022-24765
+git config --global --replace-all safe.directory '*'
+
mkdir -p /android/sources
curl -o /android/sources/android-ndk.zip https://dl.google.com/android/repository/android-ndk-r21-linux-x86_64.zip
diff --git a/ci/docker_setup.sh b/ci/docker_setup.sh
index fae3329c..3d0d3449 100755
--- a/ci/docker_setup.sh
+++ b/ci/docker_setup.sh
@@ -5,6 +5,10 @@ set -e
git config --global user.email "cerbero@gstreamer.freedesktop.org"
git config --global user.name "Cerbero Build System"
+# FIXME: might cause problems if the image is used outside CI
+# https://github.blog/2022-04-12-git-security-vulnerability-announced/#cve-2022-24765
+git config --global --replace-all safe.directory '*'
+
mkdir $HOME/.cerbero
echo "allow_parallel_build=True" > $HOME/.cerbero/cerbero.cbc
echo "use_ccache=True" >> $HOME/.cerbero/cerbero.cbc
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-29 03:53:57 +0000