klaus icon indicating copy to clipboard operation
klaus copied to clipboard

Published 20 hours ago verified publisher icon jonashaag

ownership issue

Open WaveringAna opened this issue 2 years ago • 12 comments

Doesn't seem to like my cloned repositories unless I run docker exec run git config --global --add safe.directory [repo] on it

To add an exception for this directory, call:

        git config --global --add safe.directory /repos/embedder
[2022-11-24 01:55:08,118] ERROR in app: Exception on /embedder/ [GET]
Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/flask/app.py", line 2073, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/lib/python3.10/site-packages/flask/app.py", line 1519, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/lib/python3.10/site-packages/flask/app.py", line 1517, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/lib/python3.10/site-packages/flask/app.py", line 1503, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
  File "/usr/lib/python3.10/site-packages/flask/views.py", line 84, in view
    return current_app.ensure_sync(self.dispatch_request)(*args, **kwargs)
  File "/usr/lib/python3.10/site-packages/klaus/views.py", line 167, in dispatch_request
    self.make_template_context(repo, namespace, rev, path.strip("/"))
  File "/usr/lib/python3.10/site-packages/klaus/views.py", line 330, in make_template_context
    history = self.context["repo"].history(
  File "/usr/lib/python3.10/site-packages/klaus/repo.py", line 205, in history
    output = subprocess.check_output(cmd, cwd=os.path.abspath(self.path))
  File "/usr/lib/python3.10/subprocess.py", line 420, in check_output
    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
  File "/usr/lib/python3.10/subprocess.py", line 524, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['git', 'log', '--format=%H', '--max-count=11', 'f2beb1ac348334962b85b03a204f14966c942```

WaveringAna avatar Nov 24 '22 01:11 WaveringAna

ownership permissions

$ docker exec 923249ff4894 ls -la repos
total 20
drwxr-xr-x    5 1000     1000          4096 Nov 24 01:53 .
drwxr-xr-x    1 root     root          4096 Nov 24 01:53 ..
drwxr-xr-x    8 1000     1000          4096 Nov 24 00:49 embedder
drwxr-xr-x    7 1000     1000          4096 Nov 24 01:53 klaus
drwxr-xr-x    5 1000     1000          4096 Nov 24 00:49 littlelink

WaveringAna avatar Nov 24 '22 01:11 WaveringAna

related https://github.com/go-gitea/gitea/issues/19455

maybe klaus should also be able to act as a user UID?

WaveringAna avatar Nov 24 '22 02:11 WaveringAna

I actually didnt know that docker can set this with the -u flag. It works perfectly when I set -u $(id -u):$(id -g) I'm gonna submit a PR with it as an option in the readme then

WaveringAna avatar Nov 24 '22 02:11 WaveringAna

Thanks for reporting and debugging! I don't understand what's the root cause here, can you please attempt to explain it a bit more elaborately?

jonashaag avatar Nov 24 '22 11:11 jonashaag

the git commands don't work if the git folder does not belong to the operating user ie: the docker container

WaveringAna avatar Nov 24 '22 15:11 WaveringAna

This is behaviour in newer versions of git, see https://github.blog/2022-04-18-highlights-from-git-2-36/#stricter-repository-ownership-checks

jelmer avatar Nov 24 '22 16:11 jelmer

@jelmer do you think this is a proper fix to this problem? I don’t have time to think about this right now so would trust your call

jonashaag avatar Nov 24 '22 21:11 jonashaag

The proposed fix works, but it assumes that the repositories being served are owned by the current user. If we go that route though, we'd probably want to hide or grey out the repositories not owned by the current user rather than letting git itself fail - which is not visible to the end user.

An alternative would be to just disable this feature in the docker container.

jelmer avatar Nov 24 '22 21:11 jelmer

Thanks, that's helpful. I think in this case it's better to just disable the feature: the Docker container is meant for getting started quickly, not for production workloads, and the old behaviour is much less annoying if you don't care about security.

jonashaag avatar Nov 28 '22 08:11 jonashaag

As an aside, I think it would be great if the docker image was more production ready. I personally run Klaus in Kubernetes, for example.

jelmer avatar Nov 28 '22 15:11 jelmer

I'm happy to merge any improvements. I don't use klaus a lot these days and when I use it then it's exclusively on a local dev machine

jonashaag avatar Nov 28 '22 16:11 jonashaag

As of Git 2.36:

To completely opt-out of this security check, set safe.directory to the string *. This will allow all repositories to be treated as if their directory was listed in the safe.directory list. If safe.directory=* is set in system config and you want to re-enable this protection, then initialize your list with an empty value before listing the repositories that you deem safe. Documentation

fin444 avatar May 04 '24 18:05 fin444