File 0007-repo-make-ownership-checks-optional.patch of Package libgit2.28345
From b58e9053b43f8487b1bf523b2259f76cb868105d Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Mon, 11 Apr 2022 21:31:25 -0400
Subject: [PATCH 07/20] repo: make ownership checks optional
Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can
disable repository ownership validation.
---
include/git2/common.h | 12 +++++++++++-
src/libgit2.c | 8 ++++++++
src/repository.c | 4 +++-
src/repository.h | 1 +
tests/clar_libgit2.c | 5 +++++
tests/clar_libgit2.h | 1 +
tests/main.c | 1 +
tests/repo/open.c | 10 ++++++++++
8 files changed, 40 insertions(+), 2 deletions(-)
diff --git a/include/git2/common.h b/include/git2/common.h
index 2ee829025..134ae6024 100644
--- a/include/git2/common.h
+++ b/include/git2/common.h
@@ -211,7 +211,9 @@ typedef enum {
# GIT_OPT_SET_ODB_PACKED_PRIORITY,
# GIT_OPT_SET_ODB_LOOSE_PRIORITY,
# GIT_OPT_GET_EXTENSIONS,
#- GIT_OPT_SET_EXTENSIONS
#+ GIT_OPT_SET_EXTENSIONS,
# GIT_OPT_SET_ALLOCATOR,
# GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY,
# GIT_OPT_GET_PACK_MAX_OBJECTS,
#- GIT_OPT_SET_PACK_MAX_OBJECTS
GIT_OPT_ENABLE_FSYNC_GITDIR,
GIT_OPT_GET_WINDOWS_SHAREMODE,
GIT_OPT_SET_WINDOWS_SHAREMODE,
- GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION,
+ GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION,
+ GIT_OPT_GET_OWNER_VALIDATION,
+ GIT_OPT_SET_OWNER_VALIDATION
} git_libgit2_opt_t;
/**
@@ -449,6 +451,14 @@ typedef enum {
# * > to support repositories with the `noop` extension but does want
# * > to support repositories with the `newext` extension.
# * > Set the maximum number of objects libgit2 will allow in a pack
# * > file when downloading a pack file from a remote.
* > additional checksum calculation on each object. This defaults
* > to enabled.
*
+ * opts(GIT_OPT_GET_OWNER_VALIDATION, int *enabled)
+ * > Gets the owner validation setting for repository
+ * > directories.
+ *
+ * opts(GIT_OPT_SET_OWNER_VALIDATION, int enabled)
+ * > Set that repository directories should be owned by the current
+ * > user. The default is to validate ownership.
+ *
* @param option Option key
* @param ... value to set the option
* @return 0 on success, <0 on failure
#diff --git a/src/libgit2.c b/src/libgit2.c
diff --git a/src/settings.c b/src/settings.c
index cc793b458..dc73fba8b 100644
#--- a/src/libgit2.c
#+++ b/src/libgit2.c
--- a/src/settings.c
+++ b/src/settings.c
@@ -390,6 +390,14 @@ int git_libgit2_opts(int key, ...)
# }
# *(va_arg(ap, size_t *)) = git_indexer__max_objects;
git_odb__strict_hash_verification = (va_arg(ap, int) != 0);
break;
+ case GIT_OPT_GET_OWNER_VALIDATION:
+ *(va_arg(ap, int *)) = git_repository__validate_ownership;
+ break;
+
+ case GIT_OPT_SET_OWNER_VALIDATION:
+ git_repository__validate_ownership = (va_arg(ap, int) != 0);
+ break;
+
default:
# giterr_set(GIT_ERROR_INVALID, "invalid option key");
giterr_set(GITERR_INVALID, "invalid option key");
error = -1;
diff --git a/src/repository.c b/src/repository.c
index ac2581167..cc69d9692 100644
--- a/src/repository.c
+++ b/src/repository.c
@@ -38,6 +38,7 @@
# include "win32/w32_util.h"
#endif
+bool git_repository__validate_ownership = true;
bool git_repository__fsync_gitdir = false;
static const struct {
@@ -976,7 +977,8 @@ int git_repository_open_ext(
*/
validation_path = repo->is_bare ? repo->gitdir : repo->workdir;
- if ((error = validate_ownership(validation_path)) < 0)
+ if (git_repository__validate_ownership &&
+ (error = validate_ownership(validation_path)) < 0)
goto cleanup;
cleanup:
diff --git a/src/repository.h b/src/repository.h
index cbc160140..b0c326a14 100644
--- a/src/repository.h
+++ b/src/repository.h
@@ -34,6 +34,7 @@
#define GIT_DIR_SHORTNAME "GIT~1"
extern bool git_repository__fsync_gitdir;
+extern bool git_repository__validate_ownership;
/** Cvar cache identifiers */
typedef enum {
diff --git a/tests/clar_libgit2.c b/tests/clar_libgit2.c
index c4550c32a..3b2473cdc 100644
--- a/tests/clar_libgit2.c
+++ b/tests/clar_libgit2.c
@@ -603,6 +603,11 @@ void cl_sandbox_set_search_path_defaults(void)
# git_buf_dispose(&path);
# }
#
# void cl_sandbox_set_search_path_defaults(void);
# git_buf_dispose(&path);
git_buf_free(&path);
}
+void cl_sandbox_disable_ownership_validation(void)
+{
+ git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 0);
+}
+
#ifdef GIT_WIN32
bool cl_sandbox_supports_8dot3(void)
{
diff --git a/tests/clar_libgit2.h b/tests/clar_libgit2.h
index e3b7bd9f8..da3f41524 100644
--- a/tests/clar_libgit2.h
+++ b/tests/clar_libgit2.h
@@ -222,6 +222,7 @@ void cl_fake_home(void);
void cl_fake_home_cleanup(void *);
void cl_sandbox_set_search_path_defaults(void);
+void cl_sandbox_disable_ownership_validation(void);
#ifdef GIT_WIN32
# # define cl_msleep(x) Sleep(x)
bool cl_sandbox_supports_8dot3(void);
diff --git a/tests/main.c b/tests/main.c
index 56751c288..d879073a8 100644
--- a/tests/main.c
+++ b/tests/main.c
@@ -26,6 +26,7 @@ int main(int argc, char *argv[])
#
git_libgit2_init();
cl_global_trace_register();
cl_sandbox_set_search_path_defaults();
+ cl_sandbox_disable_ownership_validation();
/* Run the test suite */
res = clar_test_run();
diff --git a/tests/repo/open.c b/tests/repo/open.c
index f23ba1c18..a2f006c0d 100644
--- a/tests/repo/open.c
+++ b/tests/repo/open.c
@@ -3,11 +3,13 @@
#include "sysdir.h"
#include <ctype.h>
+static int validate_ownership = 0;
static git_buf config_path = GIT_BUF_INIT;
void test_repo_open__initialize(void)
{
cl_git_pass(git_libgit2_opts(GIT_OPT_GET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, &config_path));
+ cl_git_pass(git_libgit2_opts(GIT_OPT_GET_OWNER_VALIDATION, &validate_ownership));
}
void test_repo_open__cleanup(void)
@@ -23,6 +25,8 @@ void test_repo_open__cleanup(void)
cl_git_pass(git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, config_path.ptr));
git_buf_free(&config_path);
+
+ cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, validate_ownership));
}
void test_repo_open__bare_empty_repo(void)
@@ -470,6 +474,8 @@ void test_repo_open__validates_dir_ownership(void)
{
git_repository *repo;
+ cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));
+
cl_fixture_sandbox("empty_standard_repo");
cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));
@@ -494,6 +500,8 @@ void test_repo_open__can_allowlist_dirs_with_problematic_ownership(void)
config_filename = GIT_BUF_INIT,
config_data = GIT_BUF_INIT;
+ cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));
+
cl_fixture_sandbox("empty_standard_repo");
cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));
@@ -537,6 +545,8 @@ void test_repo_open__can_reset_safe_directory_list(void)
config_filename = GIT_BUF_INIT,
config_data = GIT_BUF_INIT;
+ cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));
+
cl_fixture_sandbox("empty_standard_repo");
cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));
--
2.37.1