From dd568490089ae6d5bcf03068bfc4ca6b9103badb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 6 May 2022 17:53:29 +1200 Subject: [PATCH] .gitlab-ci: Work around new git restrictions arising from CVE-2022-24765 It was realised that git would run commands found in a git repo (eg from configuration). Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider --- .gitlab-ci-main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml index 3ac0e772576..1a01435a925 100644 --- a/.gitlab-ci-main.yml +++ b/.gitlab-ci-main.yml @@ -133,6 +133,8 @@ include: - export CXX="ccache c++" - ccache -z -M 500M - ccache -s + # We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI + - git config --global --add safe.directory `pwd` after_script: - mount - df -h