From a9852abfc5ed7c3faf6a667bdd29a2d6e49bc150 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Wed, 13 Apr 2022 15:04:46 +1000
Subject: [PATCH] Mark our source trees as safe for git to use as other users

git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.

This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history.  So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.

This plays havoc with our model.  Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks.  We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.

This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe.  This is an
encroachment of the global system for sure, but is about the only
switch available at the moment.  For discussion of other approaches,
see [2].

Also, squashing the below backport which is needed for bionic
- https://review.opendev.org/q/I941ef5ea90970a0901236afe81c551aaf24ac1d8

Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798

[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636

Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
(cherry picked from commit 676dcaf94487665882be048cfe1f3206d6807e0f)
---
 functions-common | 12 ++++++++++++
 unstack.sh       |  6 ++++++
 2 files changed, 18 insertions(+)

diff --git a/functions-common b/functions-common
index 83ae83a171..f980879eb6 100644
--- a/functions-common
+++ b/functions-common
@@ -588,6 +588,18 @@ function git_clone {
         fi
     fi
 
+    # NOTE(ianw) 2022-04-13 : commit [1] has broken many assumptions
+    # about how we clone and work with repos.  Mark them safe globally
+    # as a work-around.
+    #
+    # NOTE(danms): On bionic (and likely others) git-config may write
+    # ~stackuser/.gitconfig if not run with sudo -H. Using --system
+    # writes these changes to /etc/gitconfig which is more
+    # discoverable anyway.
+    #
+    # [1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
+    sudo git config --system --add safe.directory ${git_dest}
+
     # print out the results so we know what change was used in the logs
     cd $git_dest
     git show --oneline | head -1
diff --git a/unstack.sh b/unstack.sh
index ccea0ef585..a69c951f68 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -181,3 +181,9 @@ if is_service_enabled cinder && is_package_installed lvm2; then
     clean_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME || /bin/true
     clean_lvm_filter
 fi
+
+
+# Clean any safe.directory items we wrote into the global
+# gitconfig. We can identify the relevant ones by checking that they
+# point to somewhere in our $DEST directory.
+sudo sed -i "/directory=${DEST}/ d" /etc/gitconfig