Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jenkinsfile: Add root repository and submodule repositories as safe directories #2449

Merged
merged 15 commits into from
Apr 18, 2022

Conversation

mweisgut
Copy link
Collaborator

@mweisgut mweisgut commented Apr 14, 2022

After the security vulnerability CVE-2022-24765, the latest git version available in ubuntu 20.04 was patched.

With this patch, git checks the owner of the top-level directory and does not perform a git command if the owner is not the current user. This check can be disabled for a repository by adding it as a safe directory, i.e., git config --global --add safe.directory <dir>.

In a current CI run, the user is root, but the files and directories in the cloned Hyrise project directory have the owner 113.

This PR adds the directory of the root repository and the directories of the submodule repositories as safe directories to avoid CI errors of the following kind:

fatal: unsafe repository ('/var/lib/jenkins/workspace/hyrise_hyrise_PR-2448' is owned by someone else)

References

@mweisgut mweisgut added the FullCI Run all CI tests (slow, but required for merge) label Apr 14, 2022
@mweisgut
Copy link
Collaborator Author

The Jenkinsfile might be the better place for the fix.

@mweisgut mweisgut mentioned this pull request Apr 14, 2022
27 tasks
@mweisgut mweisgut changed the title Fix CI Jenkinsfile: Add root repository and submodule repositories as safe directories Apr 16, 2022
@mweisgut mweisgut marked this pull request as ready for review April 16, 2022 11:41
@mweisgut mweisgut requested a review from Bouncner April 16, 2022 11:42
@mweisgut mweisgut self-assigned this Apr 17, 2022
Copy link
Collaborator

@Bouncner Bouncner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we cannot do anything against having a different user than the dir owner here?

Have to trust you here. 🙂

@mweisgut
Copy link
Collaborator Author

mweisgut commented Apr 18, 2022

So we cannot do anything against having a different user than the dir owner here?

Have to trust you here. 🙂

There probably is something we can do against having a different user than the dir owner. However, so far, I do not know how to achieve it. Since this problem is currently blocking CI runs, I would use this workaround now to be able to perform CI runs again. The user-owner discrepancy is captured in #2450.

@mweisgut mweisgut merged commit 02e587e into master Apr 18, 2022
@mweisgut mweisgut deleted the fix_ci branch April 18, 2022 10:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
FullCI Run all CI tests (slow, but required for merge)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants