Page MenuHomePhabricator
Files F15404330

D21756.diff
No OneTemporary
Actions

D21756.diff
View Options

diff --git a/src/applications/diffusion/protocol/DiffusionCommandEngine.php b/src/applications/diffusion/protocol/DiffusionCommandEngine.php
--- a/src/applications/diffusion/protocol/DiffusionCommandEngine.php
+++ b/src/applications/diffusion/protocol/DiffusionCommandEngine.php
@@ -117,12 +117,16 @@
return $this->sudoAsDaemon;
}
+ protected function shouldAlwaysSudo() {
+ return false;
+ }
+
public function newFuture() {
$argv = $this->newCommandArgv();
$env = $this->newCommandEnvironment();
$is_passthru = $this->getPassthru();
- if ($this->getSudoAsDaemon()) {
+ if ($this->getSudoAsDaemon() || $this->shouldAlwaysSudo()) {
$command = call_user_func_array('csprintf', $argv);
$command = PhabricatorDaemon::sudoCommandAsDaemonUser($command);
$argv = array('%C', $command);
diff --git a/src/applications/diffusion/protocol/DiffusionGitCommandEngine.php b/src/applications/diffusion/protocol/DiffusionGitCommandEngine.php
--- a/src/applications/diffusion/protocol/DiffusionGitCommandEngine.php
+++ b/src/applications/diffusion/protocol/DiffusionGitCommandEngine.php
@@ -13,6 +13,20 @@
return array($pattern, $argv);
}
+ protected function shouldAlwaysSudo() {
+
+ // See T13673. In Git, always try to use "sudo" to execute commands as the
+ // daemon user (if such a user is configured), because Git 2.35.2 and newer
+ // (and some older versions of Git with backported security patches) refuse
+ // to execute if the top level repository directory is not owned by the
+ // current user.
+
+ // Previously, we used "sudo" only when performing writes to the
+ // repository directory.
+
+ return true;
+ }
+
protected function newCustomEnvironment() {
$env = array();

File Metadata

Mime Type
text/plain
Expires
Wed, Mar 19, 7:13 AM (2 w, 3 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7686323
Default Alt Text
D21756.diff (1 KB)

Event Timeline

Phabricator · Built by Phacility