Skip to content

Commit de41eb9

Browse files
singulierelunny
singuliere
authored and
lunny
committed
gitconfig: set safe.directory = *
Allow git push to work when networked file systems with mixed ownership are used with Gitea docker images >= 1.16.6 or Gitea binaries running alongside git versions published after 04/2022. There are circumstances independent of Gitea (networked file systems with various permission systems) by which the git repositories managed by Gitea may have mixed owners. It is not a behavior that Gitea have control over nor is it a problem as long as the permissions for Gitea to operate are correct. Gitea instances have been operating under these conditions for a number of years. It is detected as a potential security risk ( see GHSA-vw2c-22j4-2fh2 ) by the most recent git versions. However, Gitea always runs git commands with a current directory matching the repository on which it operates. That makes Gitea immune from this security problem and it is safe to ignore the mixed owner permission check. This gitconfig modification is done on a file dedicated to the user exclusively used by Gitea. Fixes: #19455
1 parent 9068c78 commit de41eb9

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

docs/content/doc/installation/from-binary.en-us.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,8 @@ adduser \
6868
git
6969
```
7070

71+
**NOTE:** If such a dedicated Gitea user is not created and Gitea is run from an already existing user instead, it may modify the global git configuration file. It is possible to use an altnerate global git configuration file by setting the [GIT_CONFIG_GLOBAL](https://git-scm.com/docs/git#Documentation/git.txt-codeGITCONFIGGLOBALcode) if [git version 2.32 or above](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt#L92-L93) is installed.
72+
7173
### Create required directory structure
7274

7375
```sh

modules/git/git.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -251,6 +251,16 @@ func syncGitConfig() (err error) {
251251
}
252252
}
253253

254+
if CheckGitVersionAtLeast("2.36") == nil {
255+
//
256+
// Disable the security check because Gitea runs the git CLI from within the
257+
// repository. See https://github.com/go-gitea/gitea/issues/19455 for the full discussion.
258+
//
259+
if err := checkAndSetConfig("safe.directory", "*", true); err != nil {
260+
return err
261+
}
262+
}
263+
254264
if runtime.GOOS == "windows" {
255265
if err := configSet("core.longpaths", "true"); err != nil {
256266
return err

0 commit comments

Comments
 (0)