diff options
author | Matthias Dressel <code@deadcode.eu> | 2022-05-06 00:50:25 +0300 |
---|---|---|
committer | Matthias Dressel <code@deadcode.eu> | 2022-05-25 20:41:34 +0300 |
commit | 7d859f9c728e5042f9e1fbb98625d624c489a50e (patch) | |
tree | 5256f75ed3461438b0d6f7309302a4b84c5f4e45 | |
parent | c1264cd27e4a4e3b4ec95565ba23237539322839 (diff) |
CI: Deactivate git 'safe.directory'
An attacker already has arbitrary code execution inside the container.
Ref: CVE-2022-24765
-rw-r--r-- | .gitlab-ci.yml | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4d9150d..38a8775 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -64,6 +64,7 @@ style-check: extends: .debian-amd64-common stage: style script: + - git config --global --add safe.directory '*' - git grep -I -n -P "\t|\r| $" -- . ':(exclude)*/compat/*' && echo "Trailing whitespace" && exit 1 - git grep -I -n -i -e 'david' --and --not -e 'copyright' -- . ':(exclude)THANKS.md' ':(exclude).gitlab-ci.yml' && echo "Misspelled dav1d" && exit 1 - git grep -I -l -z "" -- . ':(exclude)*/compat/*' | while IFS= read -r -d '' i; do @@ -93,6 +94,7 @@ x86inc-check: extends: .debian-amd64-common stage: style script: + - git config --global --add safe.directory '*' - git remote rm x86inc 2> /dev/null || true - git remote add x86inc https://code.videolan.org/videolan/x86inc.asm.git - git fetch -q x86inc master @@ -423,6 +425,7 @@ build-debian-armv7-clang-5: build-ubuntu-snap: extends: .ubuntu-common script: + - git config --global --add safe.directory '*' - cd package/snap && snapcraft snap - | if [ "$CI_PROJECT_NAMESPACE" = "videolan" ]; then |