File 0007-repo-make-ownership-checks-optional.patch of Package libgit2.28345

From b58e9053b43f8487b1bf523b2259f76cb868105d Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Mon, 11 Apr 2022 21:31:25 -0400
Subject: [PATCH 07/20] repo: make ownership checks optional

Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can
disable repository ownership validation.
---
 include/git2/common.h | 12 +++++++++++-
 src/libgit2.c         |  8 ++++++++
 src/repository.c      |  4 +++-
 src/repository.h      |  1 +
 tests/clar_libgit2.c  |  5 +++++
 tests/clar_libgit2.h  |  1 +
 tests/main.c          |  1 +
 tests/repo/open.c     | 10 ++++++++++
 8 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/include/git2/common.h b/include/git2/common.h
index 2ee829025..134ae6024 100644
--- a/include/git2/common.h
+++ b/include/git2/common.h
@@ -211,7 +211,9 @@ typedef enum {
# 	GIT_OPT_SET_ODB_PACKED_PRIORITY,
# 	GIT_OPT_SET_ODB_LOOSE_PRIORITY,
# 	GIT_OPT_GET_EXTENSIONS,
#-	GIT_OPT_SET_EXTENSIONS
#+	GIT_OPT_SET_EXTENSIONS,
# 	GIT_OPT_SET_ALLOCATOR,
# 	GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY,
# 	GIT_OPT_GET_PACK_MAX_OBJECTS,
#-	GIT_OPT_SET_PACK_MAX_OBJECTS
 	GIT_OPT_ENABLE_FSYNC_GITDIR,
 	GIT_OPT_GET_WINDOWS_SHAREMODE,
 	GIT_OPT_SET_WINDOWS_SHAREMODE,
-	GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION,
+	GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION,
+	GIT_OPT_GET_OWNER_VALIDATION,
+	GIT_OPT_SET_OWNER_VALIDATION
 } git_libgit2_opt_t;
 
 /**
@@ -449,6 +451,14 @@ typedef enum {
#  *      > to support repositories with the `noop` extension but does want
#  *      > to support repositories with the `newext` extension.
#  *		> Set the maximum number of objects libgit2 will allow in a pack
#  *		> file when downloading a pack file from a remote.
  *		> additional checksum calculation on each object. This defaults
  *		> to enabled.
  *
+ *   opts(GIT_OPT_GET_OWNER_VALIDATION, int *enabled)
+ *      > Gets the owner validation setting for repository
+ *      > directories.
+ *
+ *   opts(GIT_OPT_SET_OWNER_VALIDATION, int enabled)
+ *      > Set that repository directories should be owned by the current
+ *      > user. The default is to validate ownership.
+ *
  * @param option Option key
  * @param ... value to set the option
  * @return 0 on success, <0 on failure
#diff --git a/src/libgit2.c b/src/libgit2.c
diff --git a/src/settings.c b/src/settings.c
index cc793b458..dc73fba8b 100644
#--- a/src/libgit2.c
#+++ b/src/libgit2.c
--- a/src/settings.c
+++ b/src/settings.c
@@ -390,6 +390,14 @@ int git_libgit2_opts(int key, ...)
# 		}
# 		*(va_arg(ap, size_t *)) = git_indexer__max_objects;
 		git_odb__strict_hash_verification = (va_arg(ap, int) != 0);
 		break;
 
+	case GIT_OPT_GET_OWNER_VALIDATION:
+		*(va_arg(ap, int *)) = git_repository__validate_ownership;
+		break;
+
+	case GIT_OPT_SET_OWNER_VALIDATION:
+		git_repository__validate_ownership = (va_arg(ap, int) != 0);
+		break;
+
 	default:
# 		giterr_set(GIT_ERROR_INVALID, "invalid option key");
 		giterr_set(GITERR_INVALID, "invalid option key");
 		error = -1;
diff --git a/src/repository.c b/src/repository.c
index ac2581167..cc69d9692 100644
--- a/src/repository.c
+++ b/src/repository.c
@@ -38,6 +38,7 @@
 # include "win32/w32_util.h"
 #endif
 
+bool git_repository__validate_ownership = true;
 bool git_repository__fsync_gitdir = false;
 
 static const struct {
@@ -976,7 +977,8 @@ int git_repository_open_ext(
 	 */
 	validation_path = repo->is_bare ? repo->gitdir : repo->workdir;
 
-	if ((error = validate_ownership(validation_path)) < 0)
+	if (git_repository__validate_ownership &&
+	    (error = validate_ownership(validation_path)) < 0)
 		goto cleanup;
 
 cleanup:
diff --git a/src/repository.h b/src/repository.h
index cbc160140..b0c326a14 100644
--- a/src/repository.h
+++ b/src/repository.h
@@ -34,6 +34,7 @@
 #define GIT_DIR_SHORTNAME "GIT~1"
 
 extern bool git_repository__fsync_gitdir;
+extern bool git_repository__validate_ownership;
 
 /** Cvar cache identifiers */
 typedef enum {
diff --git a/tests/clar_libgit2.c b/tests/clar_libgit2.c
index c4550c32a..3b2473cdc 100644
--- a/tests/clar_libgit2.c
+++ b/tests/clar_libgit2.c
@@ -603,6 +603,11 @@ void cl_sandbox_set_search_path_defaults(void)
# 	git_buf_dispose(&path);
# }
# 
# void cl_sandbox_set_search_path_defaults(void);
# 	git_buf_dispose(&path);
 	git_buf_free(&path);
 }
 
+void cl_sandbox_disable_ownership_validation(void)
+{
+	git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 0);
+}
+
 #ifdef GIT_WIN32
 bool cl_sandbox_supports_8dot3(void)
 {
diff --git a/tests/clar_libgit2.h b/tests/clar_libgit2.h
index e3b7bd9f8..da3f41524 100644
--- a/tests/clar_libgit2.h
+++ b/tests/clar_libgit2.h
@@ -222,6 +222,7 @@ void cl_fake_home(void);
 void cl_fake_home_cleanup(void *);
 
 void cl_sandbox_set_search_path_defaults(void);
+void cl_sandbox_disable_ownership_validation(void);
 
 #ifdef GIT_WIN32
# # define cl_msleep(x) Sleep(x)
 bool cl_sandbox_supports_8dot3(void);
diff --git a/tests/main.c b/tests/main.c
index 56751c288..d879073a8 100644
--- a/tests/main.c
+++ b/tests/main.c
@@ -26,6 +26,7 @@ int main(int argc, char *argv[])
# 
 	git_libgit2_init();
 	cl_global_trace_register();
 	cl_sandbox_set_search_path_defaults();
+	cl_sandbox_disable_ownership_validation();
 
 	/* Run the test suite */
 	res = clar_test_run();
diff --git a/tests/repo/open.c b/tests/repo/open.c
index f23ba1c18..a2f006c0d 100644
--- a/tests/repo/open.c
+++ b/tests/repo/open.c
@@ -3,11 +3,13 @@
 #include "sysdir.h"
 #include <ctype.h>
 
+static int validate_ownership = 0;
 static git_buf config_path = GIT_BUF_INIT;
 
 void test_repo_open__initialize(void)
 {
 	cl_git_pass(git_libgit2_opts(GIT_OPT_GET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, &config_path));
+	cl_git_pass(git_libgit2_opts(GIT_OPT_GET_OWNER_VALIDATION, &validate_ownership));
 }
 
 void test_repo_open__cleanup(void)
@@ -23,6 +25,8 @@ void test_repo_open__cleanup(void)
 
 	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, config_path.ptr));
 	git_buf_free(&config_path);
+
+	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, validate_ownership));
 }
 
 void test_repo_open__bare_empty_repo(void)
@@ -470,6 +474,8 @@ void test_repo_open__validates_dir_ownership(void)
 {
 	git_repository *repo;
 
+	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));
+
 	cl_fixture_sandbox("empty_standard_repo");
 	cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));
 
@@ -494,6 +500,8 @@ void test_repo_open__can_allowlist_dirs_with_problematic_ownership(void)
 	        config_filename = GIT_BUF_INIT,
 	        config_data = GIT_BUF_INIT;
 
+	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));
+
 	cl_fixture_sandbox("empty_standard_repo");
 	cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));
 
@@ -537,6 +545,8 @@ void test_repo_open__can_reset_safe_directory_list(void)
 	        config_filename = GIT_BUF_INIT,
 	        config_data = GIT_BUF_INIT;
 
+	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));
+
 	cl_fixture_sandbox("empty_standard_repo");
 	cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));
 
-- 
2.37.1