Comments (5)
@JalexChen are you able to take a look at this? A quick fix would be to tag the second most recent commit to main as 'monthly' and push it up.
Assuming you find an issue with this release
from cimg-base.
It is related to a vulnerability fix in GIT:
https://github.blog/2022-04-12-git-security-vulnerability-announced/
Github actions had to make adjustments to fix their checkout step.
Have a look at these issues (and related PRs):
actions/checkout#759
actions/checkout#760
It was reported on CircleCI discuss about a month ago, but it looks like nobody took note:
https://discuss.circleci.com/t/unable-to-checkout-code/43672
What is your process around testing these cimg
releases?
I don't see much in the way of automated checks in your CI for this repo before publishing.
from cimg-base.
So this then isn't a regression in the image so to speak. Setting a working_directory outside of /home/circleci
isn't technically supported in Convenience Images. Considering the type of change git made and the fact that our images already allow passwordless sudo, I don't think it's unreasonable to set the default git behavior back to the old one. I believe I saw that was possible. I will double check.
In the meantime, possible solutions forward here:
- Change (or don't set) your working directory.
- Use the previous base image release,
2022.04
.
As for testing, we have some testing in this repository and some in external repositories. We are gearing up to quadruple down on the amount of testing that all images under cimg/
get in the next couple of months.
I'm going to keep this issue open to track the git behavior change request.
from cimg-base.
So this then isn't a regression in the image so to speak. Setting a working_directory outside of
/home/circleci
isn't technically supported in Convenience Images.
The CircleCI documentation explicitly suggests using /mnt/ramdisk
as working_directory
: https://circleci.com/docs/2.0/executor-types/#ram-disks
So how is it no regression that official CircleCI images don't work with suggested configuration?
from cimg-base.
The CircleCI documentation explicitly suggests using /mnt/ramdisk as working_directory:
If you want to use that feature yes. It doesn't say it works with a Convenience Image. Even in the example provided in that doc it uses the Docker Library alpine
image, which is not one of our images.
So how is it no regression that official CircleCI images don't work with suggested configuration?
We shipped an updated version of git
that works as git intended. This is the change they wanted.
As I mentioned above, I've been following this. Git introduced a config flag to add individual directories to be ignored by this new security feature. Then, in a version of git newer than what the May update provides, they allow an *
to be used, basically allowing us to have git work like it did before the CVE. I have a PR in place for this change. Please see #171 for info on when you can use it.
In the meantime, you can run the following in your config BEFORE - checkout
to get around this now, that's if you don't want to use one of my previous two suggestions:
- run: git config --global --add safe.directory '*'
# or
- run: git config --global --add safe.directory '/mnt/ramdisk'
- checkout
I hope that helps.
from cimg-base.
Related Issues (20)
- Where is SSH_CONFIG_DIR set? HOT 1
- The sample won't pass as cowsay is not in the system path HOT 1
- Nana123
- Basic Checkout of build fails on 22.04, works on 20.04 HOT 7
- Ubuntu 22.04 becomes default starting with July edge and September current HOT 1
- libncurses5-dev in stable-20.4 5 days ago, now is not present HOT 1
- Install git-lfs
- Docker Compose 2.10.1 HOT 1
- Upgrade `yq` to `v4.26.1` for CVE fix HOT 1
- Update Dockerize
- Might need alternative git source HOT 1
- Can you create this image please? HOT 1
- Add Retry Command HOT 2
- Docker image 20.04 and 18.04 no more pushed on Docker Hub HOT 3
- Missing file package HOT 1
- BUG: linking errors with cimg/python:3.11.0 and glibc HOT 2
- Last Ubuntu 18.04 Release will be for March 2023
- Test issue
- Incorrect version of yq for arm
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cimg-base.