-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add submodule path to git safe.directory before initialize the submodule #15554
Conversation
execute_process( | ||
COMMAND git config --global --unset safe.directory ${CMAKE_SOURCE_DIR}/deps/${SUBMODULE_PATH} | ||
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} | ||
ERROR_QUIET |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note I used ERROR_QUIET
here to suppress errors in case the submodule's safe.directory
entry doesn’t exist at the time of cleanup.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think that putting any commands modifying global config in our CMake files is a good idea, even if the change is temporary.
This might be acceptable (but still a hack) if limited to Dockerfiles or CI, but definitely not in the general build system that everyone runs.
Unfortunately, the |
There seems to be a difference in behaviour across different |
Indeed. Just found this here: https://github.blog/open-source/git/highlights-from-git-2-36/#stricter-repository-ownership-checks Beginning in Git 2.35.2, Git changed its default behavior to prevent you from executing git commands
in a repository owned by a different user than the current one. This is designed to prevent git invocations
from unintentionally executing commands which the repository owner configured. |
Maybe we could apply such configs in the build.sh script for each submodule before calling cmake. I believe those scripts will only be used by CI anyway. Would that be better? |
Another way would be just to ensure to use the same user when creating the docker image and when running the build insider the container, no? |
Why not just do the |
This pull request is stale because it has been open for 14 days with no activity. |
This pull request was closed due to a lack of activity for 7 days after it was stale. |
We recently encountered errors while updating Z3 and CVC5 in the buildpack images for #15551.
See the build logs here: https://github.com/ethereum/solidity/actions/runs/11575096134/job/32220871629?pr=15551 and https://github.com/ethereum/solidity/actions/runs/11575096134/job/32220870627?pr=15551
This PR aims to address these issues by temporarily marking the submodules directory as a
safe.directory
before attempting to initialize it.