diff options
| author | Markus Heiser <markus.heiser@darmarit.de> | 2022-04-22 17:37:04 +0200 |
|---|---|---|
| committer | Markus Heiser <markus.heiser@darmarit.de> | 2022-04-22 17:37:04 +0200 |
| commit | 463254e3b4afb721af8ee36511607ceaa28b9dc3 (patch) | |
| tree | dde6dea5993ee9f40bf90ac34994c859a8e9d856 /utils | |
| parent | 6ff48859e33911309acf4a6a62eb43a4e73a52d5 (diff) | |
[fix] since git v2.35.2 root can't read from unsafe repository
Git v2.35.2 closes an security issue, it is no longer possible that root uses a
git repo that is owned by someone else, the error message is::
fatal: unsafe repository ('/share/darmarit.org/cache/searxng' is owned by someone else)
The fix is to run the `git diff --name-only` not as root in a sudo command.
[1] https://github.blog/2022-04-12-git-security-vulnerability-announced/
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Diffstat (limited to 'utils')
| -rwxr-xr-x | utils/lib_install.sh | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/utils/lib_install.sh b/utils/lib_install.sh index e8e3297c..5d84c066 100755 --- a/utils/lib_install.sh +++ b/utils/lib_install.sh @@ -92,6 +92,10 @@ init_SEARX_SRC_INIT_FILES(){ local fname local msg="" + local _prefix="" + if [[ -n ${SUDO_USER} ]]; then + _prefix="sudo -u ${SUDO_USER}" + fi # Monitor local modified files from the repository, only if the local file # differs to the corresponding file in the instance @@ -108,7 +112,7 @@ init_SEARX_SRC_INIT_FILES(){ msg="to update use: sudo -H ./utils/searx.sh install init-src" fi fi - done <<< "$(git diff --name-only)" + done <<< "$($_prefix git diff --name-only)" [ -n "$msg" ] && info_msg "$msg" } |