mirror of
https://git.yoctoproject.org/meta-raspberrypi
synced 2026-01-12 03:10:08 +00:00
de9bfd04d5
Due to https://nvd.nist.gov/vuln/detail/cve-2022-24765, git introduced a feature where without explicitly allowing it, it won't parse or consider hooks that are owned by another git user while erroring out with: fatal: detected dubious ownership in repository at [...] This won't be an issue in our setup due to how we guard the code via PRs so we configure git to avoid this check. Signed-off-by: Andrei Gherzan <andrei@gherzan.com>
30 lines
766 B
Bash
Executable File
30 lines
766 B
Bash
Executable File
#!/bin/sh
|
|
|
|
# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com>
|
|
#
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
set -e
|
|
|
|
# shellcheck disable=SC1091
|
|
. /utils.sh
|
|
|
|
GIT_REPO_PATH="/work"
|
|
|
|
[ -n "$BASE_REF" ] ||
|
|
error "DCO checks needs to know the target branch. Make sure that is set in BASE_REF."
|
|
[ -d "$GIT_REPO_PATH/.git" ] ||
|
|
error "Can't find a git checkout under $GIT_REPO_PATH ."
|
|
cd "$GIT_REPO_PATH"
|
|
|
|
# The GitHub runner user and the container user might differ making git error
|
|
# out with:
|
|
# error: fatal: detected dubious ownership in repository at '/work'
|
|
# Avoid this as the security risk is minimum here while guarding the git hooks
|
|
# via PRs.
|
|
git config --global --add safe.directory /work
|
|
|
|
dco-check \
|
|
--verbose \
|
|
--default-branch "origin/$BASE_REF"
|