In more recent versions, Git upstream does an owner check for the
top-level directory (see git upstream commit 8959555ce), also see
https://github.blog/2022-04-12-git-security-vulnerability-announced/
This change is included in git versions >=2.30.3, >=2.31.2, >=2.34.2,
>=2.35.2 + >=2.36.0-rc2, and therefore also affects the Git package
v2.35.2-1 as present in current Debian/unstable (as of 2022-04-16).
Because of that libtcap-abi-check-docker fails for us with:
| fatal: detected dubious ownership in repository at '/code'
| To add an exception for this directory, call:
|
| git config --global --add safe.directory /code
Running `git config --add safe.directory ...` as implemented in
jenkins-config's git rev 77040321 won't work though, as the resulting
.git/config won't be considered for security issues, so the `--global`
switch is essential and needs to be used as reported by the error
message mentioned above.
Now what was more tricky and required some more debugging:
We pass the environment of the Jenkins job down to the docker
environment (via --env-file=...), but we're running the docker container
with root user. Therefore the ~/.gitconfig inside the docker environment
is expected to be located at /var/lib/jenkins/, while we could only
prepare the one at /root/.gitconfig (without hardcoding jenkins UID etc
upfront in the docker image, which is clearly an approach to avoid).
So when we're running testrunner inside a docker environment and we are
running as user root, let's make sure to set $HOME to /root as one might
expect. Then the ~/.gitconfig with the safe.directory can be found as
expected.
Change-Id: I81b7764945f80cfb415779c2bc8bcf1fcd339b40
Generate and patch them on every build to make sure we use the latest
versions and compile from actual source.
This has the effect of updating the ASN1C code we are using to the
latest version available in the Debian release used.
Change-Id: If48392226e4f783c3a0fb64816e8109f2952c410
tests made in 'docker run' create files with 'root' owner and ws-cleanup
plugin can't delete them after. Fixing umask here to allow files
deletion.
Change-Id: Ie8c1710488974bc193c930f5df10909114371eb3