You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/04/18 14:52:00 UTC

[jira] [Work logged] (HADOOP-18202) create-release fails fatal: unsafe repository ('/build/source' is owned by someone else)

     [ https://issues.apache.org/jira/browse/HADOOP-18202?focusedWorklogId=757910&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-757910 ]

ASF GitHub Bot logged work on HADOOP-18202:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Apr/22 14:51
            Start Date: 18/Apr/22 14:51
    Worklog Time Spent: 10m 
      Work Description: steveloughran opened a new pull request, #4188:
URL: https://github.com/apache/hadoop/pull/4188

   
   Since CVE-2022-24765 in April 2022, git refuses to work in directories
   whose owner != the current user, unless explicitly told to trust it.
   
   This patches the create-release script to trust the /build/source
   dir mounted from the hosting OS, whose userid is inevitably different
   from that of the account in the container running git.
   
   ### Description of PR
   
   
   ### How was this patch tested?
   
   going to test the PR on my build machine (a different laptop)
   
   ### For code changes:
   
   - [X] Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
   - [ ] Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
   - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
   - [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`, `NOTICE-binary` files?
   
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 757910)
    Remaining Estimate: 0h
            Time Spent: 10m

> create-release fails fatal: unsafe repository ('/build/source' is owned by someone else)
> ----------------------------------------------------------------------------------------
>
>                 Key: HADOOP-18202
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18202
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 3.3.4, 3.3.3
>            Reporter: Steve Loughran
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The first git command in the create-release docker container is failing as git doesn't consider /build/source to belong to the current user.
> since CVE-2022-24765 and the april 2022 git releases to refuse to work in such directories
> https://github.blog/2022-04-12-git-security-vulnerability-announced/
> {code}
> $ /usr/bin/git clean -xdf -e /patchprocess
> fatal: unsafe repository ('/build/source' is owned by someone else)
> To add an exception for this directory, call:
> 	git config --global --add safe.directory /build/source
> {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org