-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
git 2.35.5's safe.directory causes regression nixos-rebuild on git-based flakes #6443
Comments
nixpkgs issue NixOS/nixpkgs#169193 |
Is there a known workaround?
|
@jessestricker NixOS/nixpkgs#169193 (comment) (or NixOS/nixpkgs#169193 (comment) for the explicit version) is a better workaround, since you don't need to edit the root home imperatively, and works just as well with flakes. |
I have no idea why the "fix" for that CVE applies when we're explicitly naming the git repository to use with |
This issue has been mentioned on NixOS Discourse. There might be relevant details there: |
Describe the bug
The issue comes if you are trying to build a flake with a different user than the repository owner:
This was originally reported here: nix-community/nix-direnv#166
I wonder if nix could change the way it calls git on these kind of flakes in a way it both avoids the security issue that git is trying to fix and don't trigger the warning. The new behavior of git is described here: https://github.blog/2022-04-12-git-security-vulnerability-announced/
After all the question is, if those security measures actually make sense in the nix context. Nix will likely build and use those flakes, which means they need to be trusted anyway. In this case might be acceptable to just define a flake repository as a safe.directory by default.
The text was updated successfully, but these errors were encountered: