According to this QA, we may use safe.directory argument to add directory to be marked as whitelist, due to latest CVE found on git. But it seems there is no way to add certain dirs recursively.
I have so many repositories to add, so i want to use recursive add instead, if the feature is exist. The repositories mostly placed on my mounted NTFS disk on ubuntu, so the owner of files inside is always root. Looks like the latest update restricts git operations if the logged in user is not match with owner of the git directory by showing error such fatal: unsafe repository ('/media/data1/project1/si/project' is owned by someone else.
199k55 gold badges452 silver badges863 bronze badges
asked Apr 13, 2022 at 10:23
From Git 2.36, you can also add * representing ‘all’ to the safe.directory. It’s not recursive as you asked, but it may help depending upon your situation i.e.
git config --global --add safe.directory "*"See https://github.blog/2022-04-18-highlights-from-git-2-36/ and search for safe.directory.
33.8k27 gold badges102 silver badges152 bronze badges
answered Apr 20, 2022 at 17:23
8691 gold badge6 silver badges8 bronze badges
6 Comments
With Git 2.46 (Q3 2024), batch 13, the safe.directory configuration knob has been updated to optionally allow leading path matches.
See commit 313eec1 (29 May 2024) by Junio C Hamano (gitster).
(Merged by Junio C Hamano — gitster — in commit b8bdb2f, 12 Jun 2024)
safe.directory: allow “lead/ing/path/*” match
When
safe.directorywas introduced in v2.30.3 timeframe, 8959555 (setup_git_directory(): add an owner check for the top-level directory, 2022-03-02, Git v2.36.0-rc2 — merge)(setup_git_directory(): add an owner check for the top-level directory, 2022-03-02), it only allowed specific opt-out directories.
Immediately after an embargoed release that included the change, 0f85c4a (“setup: opt-out of check with safe.directory=*”, 2022-04-13, Git v2.36.0 — merge) was done as a response to loosen the check so that a single ‘*’ can be used to say “I trust all repositories” for folks who host too many repositories to list individually.Let’s further loosen the check to allow people to say “everything under this hierarchy is deemed safe” by specifying such a leading directory with “
/*” appended to it.
git config now includes in its man page:
Giving a directory with
/*appended to it will allow access to all repositories under the named directory.
answered Jul 31, 2024 at 19:57
1.3m568 gold badges4.8k silver badges5.7k bronze badges
Comments
What I did for now, but may not be the perfect solution, is to find all .git folders and add them through a find command.
find /full/path -name '.git' -type d -exec bash -c 'git config --global --add safe.directory ${0%/.git}' {} \;Want to remind, that it is necessary to add the full path in the find command, so it will resolve the full path.
answered Apr 13, 2022 at 14:19
2 Comments
Start asking to get answers
Find the answer to your question by asking.
Explore related questions
See similar questions with these tags.