Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DNM] Support safe.bareRepository=explicit for .gitconfig #8106

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Kyle-Ye
Copy link
Contributor

@Kyle-Ye Kyle-Ye commented Nov 7, 2024

Close #8068

  • Add safe.bareRepository=explicit support

Motivation:

Git has add safe.bareRepository=explicit to opt-in mitigations for buried bare repos attack since 2.38.0.

Also some Git GUI app(SourceTree) is enforcing the new rule which breaking the building system including SwiftPM here.

See https://github.com/justinsteven/advisories/blob/main/2022_git_buried_bare_repos_and_fsmonitor_various_abuses.md
for detail.

Modifications:

Add --git-dir explicitly for bareRepo.

https://fossies.org/linux/git/Documentation/config/safe.txt

Result:

When safe.bareRepository=explicit is enabled globally on .gitconfig. SwiftPM resolve dependency successfully.

Steps to verify

SPMBareTest.zip

  1. Run git config set safe.bareRepository explicit --global.
  2. Download SPMBareTest.zip and unzip it.
  3. Run cd SPMBareTest && swift package resolve.

Context

Other package manager system tracking the issue:

@Kyle-Ye
Copy link
Contributor Author

Kyle-Ye commented Nov 7, 2024

The PR is only a POC for adding the support.

[Help wanted] And I think we need to figure out the following issue before merging.

Technic challenge:

When user has opt-in this security feature, we need to add --git-dir or set GIT_DIR for every call git call happening on a bare repository.

Set GIT_DIR env for git command

If we set it case by case, it is the same as adding --git-dir to every git command.

So we are talking about set it "globally" for the whole repo.

One way is modifying Git.environmentBlock when a repo start git operation and restore it when it ends.

The problem is I don't know if we have concurrent git operation for multi repo/dependency. And the documentation states that "modification is not thread safe, designed for testing only"

Pass --git-dir to every git command

Generally speaking, most git operation will call GitRepository/callGit. So we can add the check to add ["--git-dir", self.path.pathString] if the repo is a bare one.

But the problem is the way we detetmine if a repo is a bare one is through a getter function which will also call ``GitRepository/callGit`.

Even we do not call callGit in isBare() function, the problem still exists. Because git rev-parse --is-bare-repository will also fail if it is a bare one.

Other tasks/todo:

  • Add test case for covering the changes

@Kyle-Ye Kyle-Ye marked this pull request as ready for review November 7, 2024 09:41
@Kyle-Ye Kyle-Ye changed the title Support safe.bareRepository=explicit for .gitconfig [DNM] Support safe.bareRepository=explicit for .gitconfig Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Git config setting safe.bareRepository=explicit can break dependency resolution
1 participant