From c08b5bd21faa2dc96b5ddb4c656b4146063ed5fb Mon Sep 17 00:00:00 2001
From: Thierry Escande <thierry.escande@huawei.com>
Date: Mon, 25 Apr 2022 11:28:19 +0200
Subject: [PATCH] CI: Set CI project directory safe for git

Since the git clone done by CI has its own uid and git operations
occurring within the build container uses a different uid, we need to
add the CI_PROJECT_DIR folder to the safe directory git configuration.

This is related to CVE-2022-24765 [1].

[1] https://github.blog/2022-04-12-git-security-vulnerability-announced/

Signed-off-by: Thierry Escande <thierry.escande@huawei.com>
---
 .gitlab-ci.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 473ff473..e8982562 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -69,6 +69,8 @@ stages:
     BB_ENV_PASSTHROUGH_ADDITIONS: DISTRO MACHINE
     SOURCE_MIRROR_URL_CH: http://114.116.235.68/source-mirror
   before_script:
+    # Tell git this repository is safe even if cloned with a different uid
+    - git config --global --add safe.directory $CI_PROJECT_DIR
     # The repo tool seems to insist on having a branch checked out or
     # something like that... Without this we get errors like
     #     fatal: couldn't find remote ref refs/heads/master
-- 
GitLab