meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
git:issues:safedirectory [2023/07/17 15:57] niziakgit:issues:safedirectory [2025/07/04 13:51] (current) niziak
Line 15: Line 15:
  
 ===== Source of problem ===== ===== Source of problem =====
 +
 +Current user is not owner of git repository directory (''.git'').
 +
 +  * Version 2.30.5 Contains commit: [[https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9|setup_git_directory(): add an owner check for the top-level directory]], See release notes: [[https://github.com/git/git/blob/aa9166bcc0ba654fc21f198a30647ec087f733ed/Documentation/RelNotes/2.30.5.txt|2.30.5.txt]]
 +  * More security checks were added with v 2.35.2 [[https://github.blog/2022-04-12-git-security-vulnerability-announced/|Git security vulnerability announced]]
 +
  
  
 ===== Workaround ===== ===== Workaround =====
  
 +Silence all warning (risky!):
 +<code bash>
 +git config --global --replace-all safe.directory '*'
 +</code>
 +
 +NOTE: ''*'' is not glob pattern. It is only special value which turns off warning for all dirs. ([[https://github.com/git-for-windows/git/issues/3809#issuecomment-1102681740|The command doesn't interpret the wildcard * as an operator]])
 +
 +<file config .gitconfig>
 +[safe]
 +    directory=*
 +</file>
 +
 +
 +Silence warning for specified directory:
 +<code bash>git config --global --add safe.directory /home/john/project</code>
 +
 +NOTE1: Multiple config entries can be addedd to add more directories
 +
 +NOTE2: ''safe.directory'' points only to one specified directory. It doesn't propagate to subdirectories.
 +
 +
 +==== Workaround using env ====
 +
 +Do not use envirnonment **GIT_CONFIG_PARAMETERS**. It is only for internal git use, and format is not published.
 +
 +For modern git (v2.31.0) it is possible to use new env config syntax:
 +<code>
 +GIT_CONFIG_COUNT=1
 +GIT_CONFIG_KEY_0=safe.directory
 +GIT_CONFIG_VALUE_0=*
 +</code>
 +See: [[https://git-scm.com/docs/git-config#Documentation/git-config.txt-GITCONFIGVALUEltngt|GIT_CONFIG_VALUE_]]
 +
 +GIT version changelog:
 +<code>
 +2.31.0: 
 +      Two new ways to feed configuration variable-value pairs via
 +      environment variables have been introduced, and the way
 +      GIT_CONFIG_PARAMETERS encodes variable/value pairs has been tweaked
 +      to make it more robust.
 +</code>
 +
 +Related GIT commit:
 +<code>
 +f9dbb64fadf599c588a39d2251bb3f9a2f7d572a  2021-01-12 13:27 +0100 Jeff King config: parse more robust format in GIT_CONFIG_PARAMETERS
 +</code>
 +
 +==== Workaround for WSL ====
 +
 +<code shell>git config --global --add safe.directory '%(prefix)///wsl$/Ubuntu-22.04/home/username/code/my-repo-name'</code>
  
 ==== Workaround for Yocto ==== ==== Workaround for Yocto ====
Line 32: Line 88:
  
 ==== Workaround for Gitlab CI ==== ==== Workaround for Gitlab CI ====
 +
 +<code bash>
 +git config --global --add safe.directory ${CI_PROJECT_DIR}
 +
 +# and if needed, for some submodules
 +git config --global --add safe.directory ${CI_PROJECT_DIR}/bootloader
 +</code>
 +
 +
 +
 +Workarounds:
 +  * [[https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29022|Configure project clone directory as safe by default]]
 +  * [[https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/3538|Mark project working directory as safe for Git ]]
 +
 +
 +**Best workaround:**
 +[[https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29022#note_1356788508]]
 +
 +<file toml config.toml>
 +[[runners]]
 +  environment = ["GIT_CONFIG_COUNT=1", "GIT_CONFIG_KEY_0=safe.directory", "GIT_CONFIG_VALUE_0=*", "GIT_CONFIG_PARAMETERS='safe.directory=*'"]
 +</file>
 +
 +or re-register runner with args:
 +<code bash>
 +gitlab-runner register \
 +      --env "GIT_CONFIG_COUNT=1" \
 +      --env "GIT_CONFIG_KEY_0=safe.directory" \
 +      --env "GIT_CONFIG_VALUE_0=*" \
 +      --env "GIT_CONFIG_PARAMETERS="'safe.directory=*'"
 +</code>
 +
 +**Note:** According to [[https://github.com/yoctoproject/poky/commit/5bca57859b280f73b23247aac7dec6b05f48fde8|bitbake.conf: mark all directories as safe for git to read ]]:
 +<code>
 +This can be set globally via the
 +internal environment variable GIT_CONFIG_PARAMETERS, we can't use
 +GIT_CONFIG_*_KEY/VALUE as that isn't present in all the releases which
 +have the ownership check.
 +</code>
 +