diff options
author | Massimiliano Culpo <massimiliano.culpo@gmail.com> | 2022-04-13 13:10:00 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-13 11:10:00 +0000 |
commit | 0480afe29d772ef03471b3a3ae747ad15bab18a5 (patch) | |
tree | 1aa9e2222c64d53d084166c126735343613638df /.github/workflows | |
parent | cb56e9b74532f5a0d1a95b8f4671628802cd6a51 (diff) | |
download | spack-0480afe29d772ef03471b3a3ae747ad15bab18a5.tar.gz spack-0480afe29d772ef03471b3a3ae747ad15bab18a5.tar.bz2 spack-0480afe29d772ef03471b3a3ae747ad15bab18a5.tar.xz spack-0480afe29d772ef03471b3a3ae747ad15bab18a5.zip |
CI: avoid issues with Ubuntu patched git by adding safe.directory (#30042)
Ubuntu patched git v2.25.1 with a security fix that also
introduced a breaking change, so v2.25.1 behaves like
v2.35.2 with respect to the use cases in CVE-2022-24765
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/bootstrap.yml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/.github/workflows/bootstrap.yml b/.github/workflows/bootstrap.yml index 27cdf170f1..4af7abb278 100644 --- a/.github/workflows/bootstrap.yml +++ b/.github/workflows/bootstrap.yml @@ -61,6 +61,14 @@ jobs: bzip2 curl file g++ gcc gfortran git gnupg2 gzip \ make patch unzip xz-utils python3 python3-dev tree \ cmake bison + - name: Work around CVE-2022-24765 + run: | + # Apparently Ubuntu patched git v2.25.1 with a security patch that introduces + # a breaking behavior. See: + # - https://github.blog/2022-04-12-git-security-vulnerability-announced/ + # - https://github.com/actions/checkout/issues/760 + # - http://changelogs.ubuntu.com/changelogs/pool/main/g/git/git_2.25.1-1ubuntu3.3/changelog + git config --global --add safe.directory /__w/spack/spack - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # @v2 - name: Setup repo and non-root user run: | @@ -90,6 +98,14 @@ jobs: apt-get install -y \ bzip2 curl file g++ gcc gfortran git gnupg2 gzip \ make patch unzip xz-utils python3 python3-dev tree + - name: Work around CVE-2022-24765 + run: | + # Apparently Ubuntu patched git v2.25.1 with a security patch that introduces + # a breaking behavior. See: + # - https://github.blog/2022-04-12-git-security-vulnerability-announced/ + # - https://github.com/actions/checkout/issues/760 + # - http://changelogs.ubuntu.com/changelogs/pool/main/g/git/git_2.25.1-1ubuntu3.3/changelog + git config --global --add safe.directory /__w/spack/spack - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # @v2 - name: Setup repo and non-root user run: | @@ -202,6 +218,14 @@ jobs: apt-get install -y \ bzip2 curl file g++ gcc patchelf gfortran git gzip \ make patch unzip xz-utils python3 python3-dev tree + - name: Work around CVE-2022-24765 + run: | + # Apparently Ubuntu patched git v2.25.1 with a security patch that introduces + # a breaking behavior. See: + # - https://github.blog/2022-04-12-git-security-vulnerability-announced/ + # - https://github.com/actions/checkout/issues/760 + # - http://changelogs.ubuntu.com/changelogs/pool/main/g/git/git_2.25.1-1ubuntu3.3/changelog + git config --global --add safe.directory /__w/spack/spack - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Setup repo and non-root user run: | @@ -231,6 +255,14 @@ jobs: bzip2 curl file g++ gcc patchelf gfortran git gzip \ make patch unzip xz-utils python3 python3-dev tree \ gawk + - name: Work around CVE-2022-24765 + run: | + # Apparently Ubuntu patched git v2.25.1 with a security patch that introduces + # a breaking behavior. See: + # - https://github.blog/2022-04-12-git-security-vulnerability-announced/ + # - https://github.com/actions/checkout/issues/760 + # - http://changelogs.ubuntu.com/changelogs/pool/main/g/git/git_2.25.1-1ubuntu3.3/changelog + git config --global --add safe.directory /__w/spack/spack - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Setup repo and non-root user run: | |