HADOOP-18202. create-release fails fatal: unsafe repository by steveloughran · Pull Request #4188 · apache/hadoop

steveloughran · 2022-04-18T14:51:09Z

Since CVE-2022-24765 in April 2022, git refuses to work in directories
whose owner != the current user, unless explicitly told to trust it.

This patches the create-release script to trust the /build/source
dir mounted from the hosting OS, whose userid is inevitably different
from that of the account in the container running git.

Description of PR

How was this patch tested?

going to test the PR on my build machine (a different laptop)

For code changes:

Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

Since CVE-2022-24765 in April 2022, git refuses to work in directories whose owner != the current user, unless explicitly told to trust it. This patches the create-release script to trust the /build/source dir mounted from the hosting OS, whose userid is inevitably different from that of the account in the container running git. Change-Id: I1646d7f5d098252c12b000c51a99f9df11919306

steveloughran · 2022-04-18T15:01:41Z

gets to the git clean command without problems

$ cd /build/source


****************************************************************************
                         Cleaning the Source Tree
****************************************************************************


$ /usr/bin/git clean -xdf -e /patchprocess

hadoop-yetus · 2022-04-18T15:52:16Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 54s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	shelldocs	0m 0s		Shelldocs was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
			_ trunk Compile Tests _
+0 🆗	mvndep	15m 51s		Maven dependency ordering for branch
+1 💚	shadedclient	21m 17s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 28s		Maven dependency ordering for patch
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	shellcheck	0m 1s		No new issues.
+1 💚	shadedclient	18m 48s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	asflicense	0m 36s		The patch does not generate ASF License warnings.
		59m 49s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4188/1/artifact/out/Dockerfile
GITHUB PR	#4188
Optional Tests	dupname asflicense codespell shellcheck shelldocs
uname	Linux 92ba393a56d4 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `de82c31`
Max. process+thread count	697 (vs. ulimit of 5500)
modules	C: U:
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4188/1/console
versions	git=2.25.1 maven=3.6.3 shellcheck=0.7.0
Powered by	Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org

This message was automatically generated.

ayushtkn

+1

steveloughran · 2022-04-18T18:22:39Z

thx. my full test of this pr (run the script) is still going on and appears to have uploaded snapshot 3.4.0 artifacts.

Since April 2022/CVE-2022-24765, git refuses to work in directories whose owner != the current user, unless explicitly told to trust it. This patches the create-release script to trust the /build/source dir mounted from the hosting OS, whose userid is inevitably different from that of the account in the container running git. Contributed by: Steve Loughran, Ayush Saxena and the new git error messages Change-Id: I855a105e6d0ab533468f9436578c8d4f81b0840b

) Since April 2022/CVE-2022-24765, git refuses to work in directories whose owner != the current user, unless explicitly told to trust it. This patches the create-release script to trust the /build/source dir mounted from the hosting OS, whose userid is inevitably different from that of the account in the container running git. Contributed by: Steve Loughran, Ayush Saxena and the new git error messages

This was referenced Apr 18, 2022

Releases/hadoop 18202 docker git branch 3.3.3 #4189

Closed

HADOOP-18202. create-release fails fatal: unsafe repository #4190

Closed

ayushtkn approved these changes Apr 18, 2022

View reviewed changes

steveloughran merged commit d7fd61d into apache:trunk Apr 18, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HADOOP-18202. create-release fails fatal: unsafe repository#4188

HADOOP-18202. create-release fails fatal: unsafe repository#4188
steveloughran merged 1 commit intoapache:trunkfrom
steveloughran:releases/HADOOP-18202-docker-git

steveloughran commented Apr 18, 2022

Uh oh!

steveloughran commented Apr 18, 2022

Uh oh!

hadoop-yetus commented Apr 18, 2022

Uh oh!

ayushtkn left a comment

Uh oh!

steveloughran commented Apr 18, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

steveloughran commented Apr 18, 2022

Description of PR

How was this patch tested?

For code changes:

Uh oh!

steveloughran commented Apr 18, 2022

Uh oh!

hadoop-yetus commented Apr 18, 2022

Uh oh!

ayushtkn left a comment

Choose a reason for hiding this comment

Uh oh!

steveloughran commented Apr 18, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants