ZaclysIndustries/searxngRebrandZaclys
2
0
Fork 0
forked from zaclys/searxng
Code Issues Pull requests Activity

[fix] since git v2.35.2 root can't read from unsafe repository

Browse source 
Git v2.35.2 closes an security issue, it is no longer possible that root uses a
git repo that is owned by someone else, the error message is::

    fatal: unsafe repository ('/share/darmarit.org/cache/searxng' is owned by someone else)

The fix is to run the `git diff --name-only` not as root in a sudo command.

[1] https://github.blog/2022-04-12-git-security-vulnerability-announced/
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser 2022-04-22 17:37:04 +02:00
parent 6ff48859e3
commit 463254e3b4
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
utils/lib_install.sh
View file

@ -92,6 +92,10 @@ init_SEARX_SRC_INIT_FILES(){
local fname local fname
local msg="" local msg=""
local _prefix=""
if [[ -n ${SUDO_USER} ]]; then
_prefix="sudo -u ${SUDO_USER}"
fi
# Monitor local modified files from the repository, only if the local file # Monitor local modified files from the repository, only if the local file
# differs to the corresponding file in the instance # differs to the corresponding file in the instance
@ -108,7 +112,7 @@ init_SEARX_SRC_INIT_FILES(){
msg="to update use: sudo -H ./utils/searx.sh install init-src" msg="to update use: sudo -H ./utils/searx.sh install init-src"
fi fi
fi fi
done <<< "$(git diff --name-only)" done <<< "$($_prefix git diff --name-only)"
[ -n "$msg" ] && info_msg "$msg" [ -n "$msg" ] && info_msg "$msg"
} }