From: Eric Wong <e@80x24.org>
Date: Mon, 3 Jun 2024 22:05:53 +0000 (+0000)
Subject: git_http_backend: bypass safe.directory restrictions
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=972c98c36210f1757eb770215954529d77f36363;p=thirdparty%2Fpublic-inbox.git

git_http_backend: bypass safe.directory restrictions

git.git commit f4aa8c8b (fetch/clone: detect dubious ownership
of local repositories, 2024-04-10) has proven to be overly aggressive
and breaks existing setups where git-http-backend is serving
read-only repositories from reasonably trusted sources and not
running hooks of any sort.

Just mark everything as safe since our public-facing instances
have always assumed writes to all git repos come from a
different user than whatever user -netd/-httpd runs as.
---

diff --git a/lib/PublicInbox/GitHTTPBackend.pm b/lib/PublicInbox/GitHTTPBackend.pm
index 396aa7839..ac610d4b1 100644
--- a/lib/PublicInbox/GitHTTPBackend.pm
+++ b/lib/PublicInbox/GitHTTPBackend.pm
@@ -106,7 +106,9 @@ sub serve_smart {
 	$env{PATH_TRANSLATED} = "$git->{git_dir}/$path";
 	my $rdr = input_prepare($env) or return r(500);
 	$rdr->{quiet} = 1;
-	my $qsp = PublicInbox::Qspawn->new([qw(git http-backend)], \%env, $rdr);
+	my $cmd = $git->cmd('http-backend');
+	splice @$cmd, 1, 0, '-c', 'safe.directory=*';
+	my $qsp = PublicInbox::Qspawn->new($cmd, \%env, $rdr);
 	$qsp->psgi_yield($env, $limiter, \&ghb_parse_hdr, $env, $git, $path);
 }