Page MenuHomePhorge

/config/ can run git log commands that silently fail ("fatal: detected dubious ownership in repository at ....")
Open, NormalPublic

Description

Preamble

It seems to me that, when visiting this page:

/config/

The webserver user (www-data?) tries to execute this git command from Phorge and Arcanist:

git log --format='%H %ct' -n 1 --

This can cause the following error (that does not appear in the log, but that's another story):

fatal: detected dubious ownership in repository at '/var/www/phorge'
To add an exception for this directory, call:

	git config --global --add safe.directory /var/www/phorge

And, if I try to auto-fix that from Phorge, issuing this command from the www-user:

git config --global --add safe.directory /var/www/phorge

You probably get this error:

fatal: $HOME not set

Then, if you set the HOME, you may set other errors (but this is your fault)

error: could not lock config file /var/www/.gitconfig: Permission denied

So you can put that "home directory" writable so that the webserver user can write .gitconfig files. Example:

sudo chown www-data: /var/www/

But let's understand the main issue that is not caused by your weird environment but maybe by Phorge.

Description of the problem

So, among lot of weird issues, it seems to me that this is objectively problematic:

  • Phorge does not set the $HOME variable in that git command

Without knowing the HOME, it's nearly impossible to issue some git commands from the webserver user, in most recent versions of git. So, even if you have a correct /var/www/.gitconfig with [safe] stuff, git cannot really know that.

For example, to me, this fixed the issue, so, exposing an HOME variable to the git command:

-git log --format=%s -n 1 --
+HOME=/var/www git log --format=%s -n 1 --

This may deserve some thoughts to clarify if exporting the HOME directory is already done from other places, and, in case, we can do that in /config/.