From: Kirill Isakov <bootctl@gmail.com>
Date: Fri, 22 Apr 2022 06:00:44 +0000 (+0600)
Subject: CI package jobs: workaround for git security fix
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=a0078603e0a05c71fc96951415fd464f8ce6ceb1

CI package jobs: workaround for git security fix

https://github.blog/2022-04-12-git-security-vulnerability-announced/

We could chown the build directory to our own user, but that's
relatively slow. Since we fully control the environment (relatively
speaking, we're still running on other's machines), the vulnerability
doesn't affect this particular use case.
---

diff --git a/.ci/package/build.sh b/.ci/package/build.sh
index 9c3748b4..400d84c7 100755
--- a/.ci/package/build.sh
+++ b/.ci/package/build.sh
@@ -5,6 +5,11 @@ set -eu
 build_linux() {
   . /etc/os-release
 
+  # https://github.com/actions/checkout/issues/760
+  git config --global --add safe.directory "$PWD" || true
+  GIT_CEILING_DIRECTORIES=$PWD
+  export GIT_CEILING_DIRECTORIES
+
   case "$ID" in
   debian | ubuntu)
     bash .ci/package/deb/build.sh