From 9dbc3e0b82fd109740a4e866c75500ec11234a3c Mon Sep 17 00:00:00 2001 From: "Rodrigo Q. Saramago" Date: Wed, 14 Sep 2022 11:22:21 +0200 Subject: [PATCH] =?UTF-8?q?Add=20git=20`safe.directory`=20workaround=20in?= =?UTF-8?q?=20emscripten=20build=20script=20Co-authored-by:=20Kamil=20?= =?UTF-8?q?=C5=9Aliwak=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/build_emscripten.sh | 4 +++- scripts/ci/build_emscripten.sh | 5 +---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/scripts/build_emscripten.sh b/scripts/build_emscripten.sh index 43a402fd6..58acf22c2 100755 --- a/scripts/build_emscripten.sh +++ b/scripts/build_emscripten.sh @@ -35,6 +35,8 @@ else fi # solbuildpackpusher/solidity-buildpack-deps:emscripten-13 +# NOTE: Without `safe.directory` git would assume it's not safe to operate on /root/project since it's owned by a different user. +# See https://github.blog/2022-04-12-git-security-vulnerability-announced/ docker run -v "$(pwd):/root/project" -w /root/project \ solbuildpackpusher/solidity-buildpack-deps@sha256:f1c13f3450d1f2e53ea18ac1ac1a17e932573cb9a5ccd0fd9ef6dd44f6402fa9 \ - ./scripts/ci/build_emscripten.sh "$BUILD_DIR" + /bin/bash -c "git config --global --add safe.directory /root/project && ./scripts/ci/build_emscripten.sh $BUILD_DIR" diff --git a/scripts/ci/build_emscripten.sh b/scripts/ci/build_emscripten.sh index f2e475c2a..c1e117c6c 100755 --- a/scripts/ci/build_emscripten.sh +++ b/scripts/ci/build_emscripten.sh @@ -40,12 +40,9 @@ else BUILD_DIR="$1" fi -apt-get update -apt-get install lz4 --no-install-recommends - WORKSPACE=/root/project -cd $WORKSPACE +cd "$WORKSPACE" # shellcheck disable=SC2166 if [[ "$CIRCLE_BRANCH" = release || -n "$CIRCLE_TAG" || -n "$FORCE_RELEASE" || "$(git tag --points-at HEAD 2>/dev/null)" == v* ]]