diff options
| author | zeripath <art27@cantab.net> | 2021-10-13 21:02:45 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-13 23:02:45 +0300 |
| commit | 9c2b7a196e6e546650ed687b3e0992f6d5a11c33 (patch) | |
| tree | c31c1ebd60c60ff47182a2417f18e726a8bb372c | |
| parent | 1e278b15c2f04249e0e4654f2892581c8eb33645 (diff) | |
| download | gitea-9c2b7a196e6e546650ed687b3e0992f6d5a11c33.tar.gz gitea-9c2b7a196e6e546650ed687b3e0992f6d5a11c33.zip | |
Disable core.protectNTFS (#17300) (#17302)
Backport #17300
core.protectNTFS protects NTFS from files which may be difficult to remove or interact
with using the win32 api, however, it also appears to prevent such files from
being entered into the git indexes - fundamentally causing breakages with PRs that
affect these files. However, deliberately setting this to false may cause security
issues due to the remain sparse checkout of files in the merge pipeline.
The only sensible option therefore is to provide an optional setting which admins
could set which would forcibly switch this off if they are affected by this issue.
Fix #17092
Signed-off-by: Andrew Thornton <art27@cantab.net>
| -rw-r--r-- | custom/conf/app.example.ini | 2 | ||||
| -rw-r--r-- | docs/content/doc/advanced/config-cheat-sheet.en-us.md | 1 | ||||
| -rw-r--r-- | modules/git/git.go | 6 | ||||
| -rw-r--r-- | modules/setting/git.go | 1 |
4 files changed, 10 insertions, 0 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 251ec7a80e..784ef5df37 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -576,6 +576,8 @@ PATH = ;; ;; (Go-Git only) Don't cache objects greater than this in memory. (Set to 0 to disable.) ;LARGE_OBJECT_THRESHOLD = 1048576 +;; Set to true to forcibly set core.protectNTFS=false +;DISABLE_CORE_PROTECT_NTFS=false ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 611a7a887a..42cb29b9aa 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -839,6 +839,7 @@ NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take ef - `VERBOSE_PUSH`: **true**: Print status information about pushes as they are being processed. - `VERBOSE_PUSH_DELAY`: **5s**: Only print verbose information if push takes longer than this delay. - `LARGE_OBJECT_THRESHOLD`: **1048576**: (Go-Git only), don't cache objects greater than this in memory. (Set to 0 to disable.) +- `DISABLE_CORE_PROTECT_NTFS`: **false** Set to true to forcibly set `core.protectNTFS` to false. ## Git - Timeout settings (`git.timeout`) - `DEFAUlT`: **360**: Git operations default timeout seconds. - `MIGRATE`: **600**: Migrate external repositories timeout seconds. diff --git a/modules/git/git.go b/modules/git/git.go index ef6ec0c2bf..d8f4cdd239 100644 --- a/modules/git/git.go +++ b/modules/git/git.go @@ -188,6 +188,12 @@ func Init(ctx context.Context) error { return err } } + if setting.Git.DisableCoreProtectNTFS { + if err := checkAndSetConfig("core.protectntfs", "false", true); err != nil { + return err + } + GlobalCommandArgs = append(GlobalCommandArgs, "-c", "core.protectntfs=false") + } return nil } diff --git a/modules/setting/git.go b/modules/setting/git.go index aa838a8d64..aaa65ed81c 100644 --- a/modules/setting/git.go +++ b/modules/setting/git.go @@ -26,6 +26,7 @@ var ( EnableAutoGitWireProtocol bool PullRequestPushMessage bool LargeObjectThreshold int64 + DisableCoreProtectNTFS bool Timeout struct { Default int Migrate int |