Allow git to run on an other user repository

Reported by Anton:

"Recent versions of libgit2 broke stagit for me due to the added opt-out
GIT_OPT_SET_OWNER_VALIDATION configuration knob. My repositories are owned by
root:vcs and I run stagit as another user which happens to be in vcs group but
not the owner of the repository. Disabling the validation makes stagit work as
expected again."

Some notes:

When using regular git it also provides a knob. This is due to a security
concern in some cases, which is not applicable to stagit.

	git log somerepo

	fatal: unsafe repository ('somerepo' is owned by someone else)
	To add an exception for this directory, call:

	        git config --global --add safe.directory somerepo

See also / related:
- https://github.blog/2022-04-12-git-security-vulnerability-announced/

diff --git a/stagit-index.c b/stagit-index.c
index 26ef16d93302b5314b16cc2d495802638b8ef4d2..735775b1ccbe8eef2434db2efa4ef90e8ae253f4 100644 (file)
--- a/stagit-index.c
+++ b/stagit-index.c
@@ -188,6 +188,8 @@ main(int argc, char *argv[])
        git_libgit2_init();
        for (i = 1; i <= GIT_CONFIG_LEVEL_APP; i++)
                git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, i, "");
+       /* do not require the git repository to be owned by the current user */
+       git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 0);
 
 #ifdef __OpenBSD__
        if (pledge("stdio rpath", NULL) == -1)

diff --git a/stagit.c b/stagit.c
index 54622a116824e9e980774ac3bf1ad376a1dcf744..2a9c3fe7bcb19dade7bf44f7496e67d0ec154308 100644 (file)
--- a/stagit.c
+++ b/stagit.c
@@ -1235,6 +1235,8 @@ main(int argc, char *argv[])
        git_libgit2_init();
        for (i = 1; i <= GIT_CONFIG_LEVEL_APP; i++)
                git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, i, "");
+       /* do not require the git repository to be owned by the current user */
+       git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 0);
 
 #ifdef __OpenBSD__
        if (unveil(repodir, "r") == -1)