CI package jobs: workaround for git security fix

https://github.blog/2022-04-12-git-security-vulnerability-announced/

We could chown the build directory to our own user, but that's
relatively slow. Since we fully control the environment (relatively
speaking, we're still running on other's machines), the vulnerability
doesn't affect this particular use case.

diff --git a/.ci/package/build.sh b/.ci/package/build.sh
index 9c3748b4ea09d41fdb214aa6411dfa75d5bb8a83..400d84c7fe58c77e6b8513ffb4658928e96d42bc 100755 (executable)
--- a/.ci/package/build.sh
+++ b/.ci/package/build.sh
@@ -5,6 +5,11 @@ set -eu
 build_linux() {
   . /etc/os-release
 
+  # https://github.com/actions/checkout/issues/760
+  git config --global --add safe.directory "$PWD" || true
+  GIT_CEILING_DIRECTORIES=$PWD
+  export GIT_CEILING_DIRECTORIES
+
   case "$ID" in
   debian | ubuntu)
     bash .ci/package/deb/build.sh