Disable core.protectNTFS (#17300)

core.protectNTFS protects NTFS from files which may be difficult to remove or interact
with using the win32 api, however, it also appears to prevent such files from
being entered into the git indexes - fundamentally causing breakages with PRs that
affect these files. However, deliberately setting this to false may cause security
issues due to the remain sparse checkout of files in the merge pipeline.

The only sensible option therefore is to provide an optional setting which admins
could set which would forcibly switch this off if they are affected by this issue.

Fix #17092

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2021-10-13 19:20:11 +01:00 committed by GitHub
parent 429258cff3
commit 01b9d35f1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 0 deletions

View File

@ -580,6 +580,8 @@ PATH =
;; ;;
;; (Go-Git only) Don't cache objects greater than this in memory. (Set to 0 to disable.) ;; (Go-Git only) Don't cache objects greater than this in memory. (Set to 0 to disable.)
;LARGE_OBJECT_THRESHOLD = 1048576 ;LARGE_OBJECT_THRESHOLD = 1048576
;; Set to true to forcibly set core.protectNTFS=false
;DISABLE_CORE_PROTECT_NTFS=false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

View File

@ -842,6 +842,7 @@ NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take ef
- `VERBOSE_PUSH`: **true**: Print status information about pushes as they are being processed. - `VERBOSE_PUSH`: **true**: Print status information about pushes as they are being processed.
- `VERBOSE_PUSH_DELAY`: **5s**: Only print verbose information if push takes longer than this delay. - `VERBOSE_PUSH_DELAY`: **5s**: Only print verbose information if push takes longer than this delay.
- `LARGE_OBJECT_THRESHOLD`: **1048576**: (Go-Git only), don't cache objects greater than this in memory. (Set to 0 to disable.) - `LARGE_OBJECT_THRESHOLD`: **1048576**: (Go-Git only), don't cache objects greater than this in memory. (Set to 0 to disable.)
- `DISABLE_CORE_PROTECT_NTFS`: **false** Set to true to forcibly set `core.protectNTFS` to false.
## Git - Timeout settings (`git.timeout`) ## Git - Timeout settings (`git.timeout`)
- `DEFAUlT`: **360**: Git operations default timeout seconds. - `DEFAUlT`: **360**: Git operations default timeout seconds.
- `MIGRATE`: **600**: Migrate external repositories timeout seconds. - `MIGRATE`: **600**: Migrate external repositories timeout seconds.

View File

@ -204,6 +204,12 @@ func Init(ctx context.Context) error {
return err return err
} }
} }
if setting.Git.DisableCoreProtectNTFS {
if err := checkAndSetConfig("core.protectntfs", "false", true); err != nil {
return err
}
GlobalCommandArgs = append(GlobalCommandArgs, "-c", "core.protectntfs=false")
}
return nil return nil
} }

View File

@ -26,6 +26,7 @@ var (
EnableAutoGitWireProtocol bool EnableAutoGitWireProtocol bool
PullRequestPushMessage bool PullRequestPushMessage bool
LargeObjectThreshold int64 LargeObjectThreshold int64
DisableCoreProtectNTFS bool
Timeout struct { Timeout struct {
Default int Default int
Migrate int Migrate int