From c08b5bd21faa2dc96b5ddb4c656b4146063ed5fb Mon Sep 17 00:00:00 2001 From: Thierry Escande <thierry.escande@huawei.com> Date: Mon, 25 Apr 2022 11:28:19 +0200 Subject: [PATCH] CI: Set CI project directory safe for git Since the git clone done by CI has its own uid and git operations occurring within the build container uses a different uid, we need to add the CI_PROJECT_DIR folder to the safe directory git configuration. This is related to CVE-2022-24765 [1]. [1] https://github.blog/2022-04-12-git-security-vulnerability-announced/ Signed-off-by: Thierry Escande <thierry.escande@huawei.com> --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 473ff473..e8982562 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -69,6 +69,8 @@ stages: BB_ENV_PASSTHROUGH_ADDITIONS: DISTRO MACHINE SOURCE_MIRROR_URL_CH: http://114.116.235.68/source-mirror before_script: + # Tell git this repository is safe even if cloned with a different uid + - git config --global --add safe.directory $CI_PROJECT_DIR # The repo tool seems to insist on having a branch checked out or # something like that... Without this we get errors like # fatal: couldn't find remote ref refs/heads/master -- GitLab