From a0078603e0a05c71fc96951415fd464f8ce6ceb1 Mon Sep 17 00:00:00 2001 From: Kirill Isakov Date: Fri, 22 Apr 2022 12:00:44 +0600 Subject: [PATCH] CI package jobs: workaround for git security fix https://github.blog/2022-04-12-git-security-vulnerability-announced/ We could chown the build directory to our own user, but that's relatively slow. Since we fully control the environment (relatively speaking, we're still running on other's machines), the vulnerability doesn't affect this particular use case. --- .ci/package/build.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.ci/package/build.sh b/.ci/package/build.sh index 9c3748b4..400d84c7 100755 --- a/.ci/package/build.sh +++ b/.ci/package/build.sh @@ -5,6 +5,11 @@ set -eu build_linux() { . /etc/os-release + # https://github.com/actions/checkout/issues/760 + git config --global --add safe.directory "$PWD" || true + GIT_CEILING_DIRECTORIES=$PWD + export GIT_CEILING_DIRECTORIES + case "$ID" in debian | ubuntu) bash .ci/package/deb/build.sh -- 2.20.1