set safe.directory when getting config for git-annex-shell or git remotes
Fix more breakage caused by git's fix for CVE-2022-24765, this time involving a remote (either local or ssh) that is a repository not owned by the current user. Sponsored-by: Dartmouth College's DANDI project
This commit is contained in:
parent
32cb2bd3fa
commit
cbfd214993
10 changed files with 75 additions and 4 deletions
|
@ -72,12 +72,19 @@ read' repo = go repo
|
|||
go _ = assertLocal repo $ error "internal"
|
||||
git_config addparams d = withCreateProcess p (git_config' p)
|
||||
where
|
||||
params = addparams ++ ["config", "--null", "--list"]
|
||||
params = addparams ++ safedirparam
|
||||
++ ["config", "--null", "--list"]
|
||||
p = (proc "git" params)
|
||||
{ cwd = Just (fromRawFilePath d)
|
||||
, env = gitEnv repo
|
||||
, std_out = CreatePipe
|
||||
}
|
||||
safedirparam = if safeDirectory repo
|
||||
-- Use * rather than d, because git treats
|
||||
-- "dir/" differently than "dir" when comparing for
|
||||
-- safe.directory purposes.
|
||||
then ["-c", "safe.directory=*"]
|
||||
else []
|
||||
git_config' p _ (Just hout) _ pid =
|
||||
forceSuccessProcess p pid
|
||||
`after`
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue