I cannot add the parent directory to *safe.directory* in Git

by

Answer

This seems to be related to this announcement of a vulnerability:
https://github.blog/2022-04-12-git-security-vulnerability-announced/

I think it has less to do with your email, and more with the owner of the directories on your filesystem.
Is the user you’re currently logged in with also the owner of the folder?
How about the parent folder?
Also, are you invoking git from within the repository directory?
The update is only a few hours old, so I guess things are still in flux.

For now, as the message from git suggests, execute

git config --global --add safe.directory F:/GitHub/my-project

and make sure you are calling git from within F:/GitHub/my-project for now.

EDIT: As we found out in the comments below, the owner of the parent of the directory containing the .git folder (the git repository) is the issue.
Cloning the project anew is a platform independent way to make sure you are the owner.

Sidenote

I ran into the same problem using flutter on Linux, which on my distro was installed in /opt/flutter. I am not working as root, thus I run into the same problem.
Running git config --global --add safe.directory /opt/flutter did indeed fix the problem for me.

Longer edit: Clarification

Going through the post about the vulnerability again after a good night’s sleep, I think a bit of clarification is in order. I’ll leave the rest of the answer as is.
Lets look at the following simple directory structure.

/home/
├─ tommy/
│  ├─ .git/
│  ├─ rental_space/
│  │  ├─ mary/
│  │  │  ├─ projects/
│  │  │  │  ├─ phone_app/
│  │  │  │  │  ├─ .git/
│  │  ├─ anthony/

In this case, the user tommy owns his own directory under /home, but (for some reason) rents out space to other users, in this case mary and anthony.
If mary, by mistake, where to execute git in her directory, but outside of her phone_app project, then old git would go up the directory tree to search a .git repository. The first it finds is the one from /home/tommy/.git. This is a security risk, because another user, in this case anyone that can act as tommy, can affect mary‘s execution of git and possibly cause trouble.
From Git v2.35.2 and onward, the traversal will stop as soon as the directory entered belongs to a user other than mary. Say mary executed git in /home/tommy/rental_space/mary/projects, then git will check in projects, but find no .git. It will go up one directory, check in mary, but again find no .git. Then it will again go up, but rental_space belongs to tommy, not mary. The new git version will stop here and print the message we saw in the question.
Adding the directory /home/tommy/rental_space to the safe.directory variable would allow git to proceed but is, as explained, a security risk.

I used a Linux-like directory directory structure here, but the same is true on Windows.

More Related Contents:

  1. Fatal error “unsafe repository (‘/home/repon’ is owned by someone else)”
  2. Error when pushing amended commit to remote [duplicate]
  3. Can git automatically switch between spaces and tabs?
  4. gitosis vs gitolite? [closed]
  5. How to do a GitHub pull request
  6. Unable to Git-push master to Github – ‘origin’ does not appear to be a git repository / permission denied
  7. How to cherry-pick multiple commits
  8. Specify an SSH key for git push for a given domain
  9. Configure Git clients, like GitHub for Windows, to not ask for authentication
  10. Handling file renames in Git
  11. fetch in git doesn’t get all branches
  12. Git pre-commit hook : changed/added files
  13. How to track untracked content?
  14. List Git aliases
  15. Merging without whitespace conflicts
  16. Is there a way to lock individual files or directories on fork when using git?
  17. How to fix git error: RPC failed; curl 56 GnuTLS
  18. How to remove unused objects from a git repository?
  19. git reset vs git reset HEAD
  20. Is there a way to use a Mercurial repository as Git submodule?
  21. Repair corrupted Git repository
  22. Error “Updates were rejected because the remote contains work that you do not have locally”
  23. How to list all tags pointing to a specific commit in git
  24. How to resolve merge conflict in pull request in VSTS?
  25. Duplicate submodules with Git
  26. How to display the tag name and branch name using git log –graph
  27. Why does zsh kills my process every time I enter a git command
  28. Git – Ignoring a specific modification to a config file
  29. The following untracked working tree files would be overwritten by merge, but I don’t care
  30. Bower install using only https?

Leave a Comment