"David C. Rankin" <drankinatty@xxxxxxxxx> writes: > Security enhancement in 2.45.1 have broken ability to serve git over > https and ssh from local git server running Apache. (web server runs > as http:http on Archlinux) > > The fix of adding the following to gitconfig (system-wide and > per-user in ~/.gitconfig) does not solve the problem: > > [safe] > directory = * It is not clear what you exactly meant "per-user" above, so just to make sure. Is this set in the global configuration file for the httpd (or whoever Apache runs as) user? The purpose of "dubious ownershop" thing is to protect the user who runs Git from random repositories' with potentially malicious hooks and configuration files, so the user being protected (in this case, whoever Apache runs as) needs to declare "I trust these repositories" in its ~/.gitconfig file. What individual owners of /srv/my-repo.git/ project has in their ~/.gitconfig file does not matter when deciding if Apache trusts these repositories.
