.copr: Replace chown call with standard workflow safe.directory setting

As a user this isn't necessary, and potentially dangerous when running this as root. This is a workaround which is specific to running containers in GitHub workflows, so configure git there.
martinpitt · Aug 2, 2023 · 3845400 · 3845400
1 parent 3b2807f
commit 3845400
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/.copr/make-srpm.sh b/.copr/make-srpm.sh
@@ -14,10 +14,6 @@ EXPANDER_URL=https://github.com/fedora-selinux/macro-expander
 
 rpm -q rpm-build git-core
 
-# Ensure that the git directory is owned by us to appease Git's
-# anti-CVE-2022-24765 measures.
-chown $(id -u):$(id -g) "$rootdir"
-
 base_head_id="$(git -C "$rootdir" rev-parse HEAD)"
 base_short_head_id="${base_head_id:0:7}"
 base_date="$(TZ=UTC git show -s --format=%cd --date=format-local:%F_%T HEAD | tr -d :-)"

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -22,6 +22,8 @@ jobs:
     steps:
       - run: dnf install --nogpgcheck -y make git-core rpm-build 'dnf-command(builddep)'
       - uses: actions/checkout@v2
+      # https://github.blog/2022-04-12-git-security-vulnerability-announced/
+      - run: git config --global --add safe.directory /__w/
       - run: make -C .copr srpm outdir="$PWD"
       - name: Store the SRPM as an artifact
         uses: actions/upload-artifact@v2