On 26/06/2024 19:14, Junio C Hamano wrote:
Phillip Wood <phillip.wood123@xxxxxxxxx> writes:
... What is happening is that
git-daemon checks that the repository path is listed as safe and then
changes into that directory and forks
git upload-pack --strict .
"git upload-pack" then checks "." against the list of safe directories
which fails. It fails because the safe directory check does not do any
normalization such as cleaning up "//" elements (as seen in your
example) or expanding relative paths on $git_dir before checking it
against the list of safe directories.
...
I think the fix is probably to make the safe directory check use the
absolute path of $git_dir. In the mean time there is a workaround if
you're happy to add "." to the list of safe directories.
It still is curious why unnormalized "." does not pass "*"
Sorry if I wasn't clear. "." is considered safe with "safe.directory =
*" but I was looking at why it was not considered safe when using
repository paths in safe.directory.
Best Wishes
Phillip
(which is
not even a pattern matching, but is a declaration that says "don't
bother which path we are talking about"), though. As long as the
value of that configuration is found to be '*' literally, safe
directory data is marked as "is_safe" (cf. setup.c:safe_directory_cb
and setup.c:ensure_valid_ownership; notice that data.path is not
even consulted if the value of the configuration variable is '*').
Anyway, thanks for digging.
