From d71e3a2f0c57cfe2560fccca8d6ad488140bacd4 Mon Sep 17 00:00:00 2001 From: Benjamin Moody Date: Thu, 12 Dec 2024 17:33:09 -0500 Subject: [PATCH] install-pn-test-server: allow unsafely cloning local directories. Recent versions of git in Debian bookworm have broken the ability to clone a local directory that is owned by another user. (It's not obvious to me whether this is a long-term problem in git upstream or a temporary problem in Debian.) install-pn-test-server fully trusts the selected source repositories - i.e., we intend on executing code from them - so marking these as "safe" is an annoyance but should not have security impact. --- deploy/test-server/install-pn-test-server | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/deploy/test-server/install-pn-test-server b/deploy/test-server/install-pn-test-server index 460680299e..edb71f7201 100755 --- a/deploy/test-server/install-pn-test-server +++ b/deploy/test-server/install-pn-test-server @@ -61,6 +61,9 @@ apt-get install -y \ ################################################################ if [ -n "$WFDB_REPOSITORY" ]; then + if [ -d "$WFDB_REPOSITORY" ]; then + git config --global --add safe.directory "$WFDB_REPOSITORY" + fi git clone "$WFDB_REPOSITORY" $HOME/wfdb ( cd $HOME/wfdb @@ -70,6 +73,9 @@ if [ -n "$WFDB_REPOSITORY" ]; then make -j$(nproc) -Cdata install ) if [ -n "$LIGHTWAVE_REPOSITORY" ]; then + if [ -d "$LIGHTWAVE_REPOSITORY" ]; then + git config --global --add safe.directory "$LIGHTWAVE_REPOSITORY" + fi git clone "$LIGHTWAVE_REPOSITORY" $HOME/lightwave ( cd $HOME/lightwave @@ -119,6 +125,9 @@ su pn -c ' virtualenv --no-download -ppython3 /physionet/python-env/physionet . /physionet/python-env/physionet/bin/activate + if [ -d "$REPOSITORY" ]; then + git config --global --add safe.directory "$REPOSITORY" + fi git clone --bare "$REPOSITORY" physionet-build.git cd /physionet/physionet-build.git GIT_WORK_TREE=/physionet/physionet-build git checkout --force "$REVISION_ID"