realaravinth
/
hostea-website
forked from Hostea/website
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

minor updates to reflect the evolution of the safe.directory problem

master
Loïc Dachary 2022-06-02 12:35:17 +02:00
parent 5a6c7ddf62
commit 82d3a571c7
Signed by untrusted user: dachary
GPG Key ID: 992D23B392F9E4F2
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
content/blog/2022-05-15-unsafe-repository-is-owned-by-someone-else.md
View File

@ -1,5 +1,5 @@
+++
title = "[solved] Gitea 1.16.6 1.16.7 error: fatal: unsafe repository is owned by someone else"
title = "[solved] Gitea 1.16.[678] error: fatal: unsafe repository is owned by someone else"
date = 2022-05-15
description = "If Gitea runs as user git, calls a patched Git version and a parent directory of the git repositories is owned by a user other than git, it will fail."
[taxonomies]
@ -22,15 +22,15 @@ This started to show in the past few weeks to [users running the Gitea binary on
### Workarounds
* If using [Gitea docker images](https://hub.docker.com/r/gitea/gitea):
* do not upgrade to 1.16.6 or 1.16.7, or
* downgrade from 1.16.6 or 1.16.7 to 1.16.5 (do **not** downgrade from 1.17.x, it may corrupt your the Gitea database)
* do not upgrade to 1.16.6, 1.16.7 or 1.16.8, or
* downgrade from 1.16.6, 1.16.7 or 1.16.8 to 1.16.5 (do **not** downgrade from 1.17.x, it may corrupt your the Gitea database)
* If the Gitea binary was installed independently of git, upgrade git to a version that is [greater or equal to 2.36](https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory) and disable the security check entirely with:
* impersonate the [user dedicated to Gitea](https://docs.gitea.io/en-us/install-from-binary/#recommended-server-configuration) (usually git)
* `git config --global --replace-all safe.directory '*'`
### Bug fix
The [bug fix](https://github.com/go-gitea/gitea/pull/19707) is for Gitea to ensure `git config --global --replace-all safe.directory '*'` is set on its [dedicated user](https://docs.gitea.io/en-us/install-from-binary/#recommended-server-configuration) when it initializes. It is effective on the condition that the git CLI version is [greater or equal to 2.36](https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory).
The [bug fix](https://github.com/go-gitea/gitea/pull/19870) is for Gitea to ensure `git config --global --replace-all safe.directory '*'` is set on its [dedicated user](https://docs.gitea.io/en-us/install-from-binary/#recommended-server-configuration) when it initializes. It is effective on the condition that the git CLI version is [greater or equal to 2.36](https://git-scm.com/docs/git-config#Documentation/git-config.txt-safedirectory).
### Bug fix rationale
@ -40,4 +40,5 @@ The security check is triggered because the repository is owned by an unexpected
It appears non trivial to enforce a consistent ownership of files and directories, either within docker or outside docker when networked file systems are involved. The Gitea server was not troubled by this inconsistency so far because the permissions allow it to write and read where expected, regardless of the owner. It is not worth looking into but it is ancient and unrelated.
Gitea runs under a dedicated user, either when installed [from binary](https://docs.gitea.io/en-us/install-from-binary/#recommended-server-configuration) or from [docker](https://docs.gitea.io/en-us/install-with-docker/) and [modifies the global git configuration](https://github.com/go-gitea/gitea/blob/main/modules/git/git.go#L196-L207) depending on the git version at initialization time. Fixing the problem can therefore be done by [disabling the security check in the global git config file at initialization time](https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/50/diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209). It also requires a minimum version of git 2.36 to be installed [in the Gitea docker image](https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/50/diffs#6651ddff6eb82c840ced7c1dddee15c6e1913dd4_44_49).
Gitea runs under a dedicated user, either when installed [from binary](https://docs.gitea.io/en-us/install-from-binary/#recommended-server-configuration) or from [docker](https://docs.gitea.io/en-us/install-with-docker/) and [modifies the global git configuration](https://github.com/go-gitea/gitea/blob/main/modules/git/git.go#L196-L207) depending on the git version at initialization time. Fixing the problem can therefore be done by [disabling the security check in the global git config file at initialization time](https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/50/diffs#bcd72ff867cbd1ddd5b6518c3a05b5f1a6021286_209_209). It also requires a minimum version of git 2.36 to be installed, which is the case for Gitea docker images with [versions >= 1.16.9](https://github.com/go-gitea/gitea/pull/19871).