fix: consider all git repos inside the chroot safe

Git 2.45.1 expanded its security checks to deny cloning even local repos that are owned by another user. Previously, this just affected network filesystems. On our buildserver, this prevents makepkg from cloning repos from our shared srcdest into the srcdir, if these repos were created by another packager. To disable this check, set `safe.directory` to `*`. This looks like a glob, but is really just a special value. The only other option would be to add each Git repository in srcdest to the configuration. Component: makechrootpkg
author: Jan Alexander Steffens (heftig) <heftig@archlinux.org> 2024-05-17 22:50:26 +0200
committer: Christian Heusel <christian@heusel.eu> 2024-05-18 00:15:06 +0200
commit: 7cb72699f651a9e7ac8996070b974e1dda0a9733 (patch)
tree: 674069bd50ac74677c81f7e8d5cac2e28c922895
parent: d1790c295a054982734aa9b1b3eb4f7d4de234f6 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/makechrootpkg.in b/src/makechrootpkg.in
index 5378eb1..459f7ce 100644
--- a/src/makechrootpkg.in
+++ b/src/makechrootpkg.in
@@ -188,6 +188,11 @@ builduser ALL = NOPASSWD: /usr/bin/pacman
 EOF
 	chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
 
+	cat > "$copydir/etc/gitconfig" <<EOF
+[safe]
+	directory = *
+EOF
+
 	# This is a little gross, but this way the script is recreated every time in the
 	# working copy
 	{
author	Jan Alexander Steffens (heftig) <heftig@archlinux.org>	2024-05-17 22:50:26 +0200
committer	Christian Heusel <christian@heusel.eu>	2024-05-18 00:15:06 +0200
commit	7cb72699f651a9e7ac8996070b974e1dda0a9733 (patch)
tree	674069bd50ac74677c81f7e8d5cac2e28c922895
parent	d1790c295a054982734aa9b1b3eb4f7d4de234f6 (diff)