iAllow git to run on an other user repository - stagit-gemini - Stagit for gemini protocol Openbsd Err thinkerwim.openbsd.amsterdam 70 hgit clone git://thinkerwim.org/stagit-gemini.git URL:git://thinkerwim.org/stagit-gemini.git thinkerwim.org 70 1Log /git/stagit-gemini/log.gph thinkerwim.org 70 1Files /git/stagit-gemini/files.gph thinkerwim.org 70 1Refs /git/stagit-gemini/refs.gph thinkerwim.org 70 1README /git/stagit-gemini/file/README.gph thinkerwim.org 70 1LICENSE /git/stagit-gemini/file/LICENSE.gph thinkerwim.org 70 i--- Err thinkerwim.openbsd.amsterdam 70 1commit 8c74699abac4d2331eeb70c01c5b0367282a3281 /git/stagit-gemini/commit/8c74699abac4d2331eeb70c01c5b0367282a3281.gph thinkerwim.org 70 1parent 9a8c60cb308d58cfc10d1ecfd6f6779bd8e806f5 /git/stagit-gemini/commit/9a8c60cb308d58cfc10d1ecfd6f6779bd8e806f5.gph thinkerwim.org 70 hAuthor: Hiltjo Posthuma URL:mailto:hiltjo@codemadness.org thinkerwim.org 70 iDate: Tue, 24 May 2022 11:09:18 +0200 Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 iAllow git to run on an other user repository Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 iReported by Anton: Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i"Recent versions of libgit2 broke stagit for me due to the added opt-out Err thinkerwim.openbsd.amsterdam 70 iGIT_OPT_SET_OWNER_VALIDATION configuration knob. My repositories are owned by Err thinkerwim.openbsd.amsterdam 70 iroot:vcs and I run stagit as another user which happens to be in vcs group but Err thinkerwim.openbsd.amsterdam 70 inot the owner of the repository. Disabling the validation makes stagit work as Err thinkerwim.openbsd.amsterdam 70 iexpected again." Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 iSome notes: Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 iWhen using regular git it also provides a knob. This is due to a security Err thinkerwim.openbsd.amsterdam 70 iconcern in some cases, which is not applicable to stagit. Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i git log somerepo Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i fatal: unsafe repository ('somerepo' is owned by someone else) Err thinkerwim.openbsd.amsterdam 70 i To add an exception for this directory, call: Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i git config --global --add safe.directory somerepo Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 iSee also / related: Err thinkerwim.openbsd.amsterdam 70 i- https://github.blog/2022-04-12-git-security-vulnerability-announced/ Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 iDiffstat: Err thinkerwim.openbsd.amsterdam 70 i M stagit-gopher-index.c | 2 ++ Err thinkerwim.openbsd.amsterdam 70 i M stagit-gopher.c | 2 ++ Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i2 files changed, 4 insertions(+), 0 deletions(-) Err thinkerwim.openbsd.amsterdam 70 i--- Err thinkerwim.openbsd.amsterdam 70 1diff --git a/stagit-gopher-index.c b/stagit-gopher-index.c /git/stagit-gemini/file/stagit-gopher-index.c.gph thinkerwim.org 70 i@@ -253,6 +253,8 @@ main(int argc, char *argv[]) Err thinkerwim.openbsd.amsterdam 70 i git_libgit2_init(); Err thinkerwim.openbsd.amsterdam 70 i for (i = 1; i <= GIT_CONFIG_LEVEL_APP; i++) Err thinkerwim.openbsd.amsterdam 70 i git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, i, ""); Err thinkerwim.openbsd.amsterdam 70 i+ /* do not require the git repository to be owned by the current user */ Err thinkerwim.openbsd.amsterdam 70 i+ git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 0); Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i #ifdef __OpenBSD__ Err thinkerwim.openbsd.amsterdam 70 i if (pledge("stdio rpath", NULL) == -1) Err thinkerwim.openbsd.amsterdam 70 1diff --git a/stagit-gopher.c b/stagit-gopher.c /git/stagit-gemini/file/stagit-gopher.c.gph thinkerwim.org 70 i@@ -1296,6 +1296,8 @@ main(int argc, char *argv[]) Err thinkerwim.openbsd.amsterdam 70 i git_libgit2_init(); Err thinkerwim.openbsd.amsterdam 70 i for (i = 1; i <= GIT_CONFIG_LEVEL_APP; i++) Err thinkerwim.openbsd.amsterdam 70 i git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, i, ""); Err thinkerwim.openbsd.amsterdam 70 i+ /* do not require the git repository to be owned by the current user */ Err thinkerwim.openbsd.amsterdam 70 i+ git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 0); Err thinkerwim.openbsd.amsterdam 70 i Err thinkerwim.openbsd.amsterdam 70 i #ifdef __OpenBSD__ Err thinkerwim.openbsd.amsterdam 70 i if (unveil(repodir, "r") == -1) Err thinkerwim.openbsd.amsterdam 70 .