commit ec0c13afda12982de5ad37bae7b53bf7691ee480
parent ed41b3cefa0c3d05016e9508d25ba6a3309dd345
Author: LIU Hao <lh_mouse@126.com>
Date: Thu, 9 Jun 2022 19:40:17 +0800
build: ignore errors from `git describe`
Due to CVE-2022-24765, Git refuses to operate on local repositories if
it runs as a different user from its owner. Since version 2.35.2:
$ sudo git describe --tags
fatal: unsafe repository ('/home/lh_mouse/GitHub/nano-win' is owned by someone else)
To add an exception for this directory, call:
git config --global --add safe.directory /home/lh_mouse/GitHub/nano-win
Conventionally, a user, who wishes to build and install nano from Git,
does this:
$ ./configure
$ make
$ sudo make install
The first `make` command builds the program as the current user.
The `make install` then installs the built files.
However, we have a recipe for 'revision.h' that is always executed,
even in the case of `make install`. As here it is run as root, Git
actually fails and produces an empty string. This causes `make install`
to rebuild nano.o and winio.o and results in an empty version string in
the upper left corner.
The solution is simple: First we attempt a dryrun of `git describe`.
If it fails, 'revision.h', which should have been updated by the first
`make` command, will be left intact.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-24765
Signed-off-by: LIU Hao <lh_mouse@126.com>
Diffstat:
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
@@ -16,7 +16,8 @@ winio.o: revision.h
# only when the revision actually changed.
revision.h: FORCE
@[ -f $@ ] || touch $@
- @echo "#define $(SOMETHING)" | cmp -s $@ - || \
+ @! git describe >/dev/null 2>&1 || \
+ echo "#define $(SOMETHING)" | cmp -s $@ - || \
echo "#define $(SOMETHING)" > $@
FORCE:
