[all] Devstack jobs are failing due to a git security fix

Jeremy Stanley fungi at yuggoth.org
Wed Apr 13 12:02:05 UTC 2022


On 2022-04-13 11:17:06 +0200 (+0200), Dmitriy Rabotyagov wrote:
> I actually wonder if the approach with config flag to mark checkouts as
> safe should be applied more generally, when zuul preps repos for usage,
> instead of hook in devstack specifically. As it's a more general issue,
> since zuul repos can't be used as is now for other projects as well
> (limited to devstack).
[...]

I don't follow the logic here. Zuul checkouts are owned by the zuul
user which is also the user under which the job payload is executed.
This problem only arises if you try to run Git as a different user
than zuul.
-- 
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220413/c5a8358e/attachment.sig>


More information about the openstack-discuss mailing list