git_superproject: tell git that superproject is bare

The superproject is initialized as a bare repo in Superproject:_Init(). That means that later operations must treat it as a bare repository, specifying the gitdir and setting 'bare' appropriately when launching GitCommand()s. It's also OK not to specify cwd here because GitCommand() will drop cwd if bare == True anyways. With this change, it's possible to run `repo init` and `repo sync` with the Git config 'safe.bareRepository' set to 'explicit'. This config strengthens Git's security posture against embedded bare repository attacks like https://github.com/justinsteven/advisories/blob/main/2022_git_buried_bare_repos_and_fsmonitor_various_abuses.md. Bug: b/227257481 Change-Id: I954a64c6883d2ca2af9c603e7076fd83b52584e9 Reviewed-on: https://gerrit-review.googlesource.com/c/git-repo/+/389794 Reviewed-by: Mike Frysinger <vapier@google.com> Tested-by: Jason R. Coombs <jaraco@google.com> Tested-by: Emily Shaffer <emilyshaffer@google.com> Reviewed-by: Emily Shaffer <emilyshaffer@google.com> Commit-Queue: Jason R. Coombs <jaraco@google.com>
2023-09-15 13:26:38 -07:00 · 2023-09-15 13:26:38 -07:00 · 8a6d1724d9
parent 3652b497bb
commit 8a6d1724d9
1 changed files with 7 additions and 5 deletions
--- a/git_superproject.py
+++ b/git_superproject.py
@ -69,9 +69,9 @@ class UpdateProjectsResult(NamedTuple):
 class Superproject:
    """Get commit ids from superproject.

-    Initializes a local copy of a superproject for the manifest. This allows
-    lookup of commit ids for all projects. It contains _project_commit_ids which
-    is a dictionary with project/commit id entries.
+    Initializes a bare local copy of a superproject for the manifest. This
+    allows lookup of commit ids for all projects. It contains
+    _project_commit_ids which is a dictionary with project/commit id entries.
    """

    def __init__(
@ -235,7 +235,8 @@ class Superproject:
        p = GitCommand(
            None,
            cmd,
-            cwd=self._work_git,
+            gitdir=self._work_git,
+            bare=True,
            capture_stdout=True,
            capture_stderr=True,
        )
@ -271,7 +272,8 @@ class Superproject:
        p = GitCommand(
            None,
            cmd,
-            cwd=self._work_git,
+            gitdir=self._work_git,
+            bare=True,
            capture_stdout=True,
            capture_stderr=True,
        )