)]}'
{
  "commit": "676dcaf94487665882be048cfe1f3206d6807e0f",
  "tree": "fd70fd0ccd9ef3c3a004e7adb121c4aa45b3e598",
  "parents": [
    "ce0ff1fd9d32a3cc33d46caacda555c4f6773515"
  ],
  "author": {
    "name": "Ian Wienand",
    "email": "iwienand@redhat.com",
    "time": "Wed Apr 13 15:04:46 2022 +1000"
  },
  "committer": {
    "name": "Ian Wienand",
    "email": "iwienand@redhat.com",
    "time": "Wed Apr 13 16:49:07 2022 +1000"
  },
  "message": "Mark our source trees as safe for git to use as other users\n\ngit commit [1] introduced a new behaviour to work around a CVE that\ndisallows any git operations in directories not owned by the current\nuser.\n\nThis may seem unrelated to installation, but it plays havoc with PBR,\nwhich calls out to git to get to get revision history.  So if you are\n\"pip install\"-ing from a source tree you don\u0027t own, the PBR git calls\nin that tree now fail and the install blows up.\n\nThis plays havoc with our model.  Firstly, we checkout all code as\n\"stack\" then install it globally with \"sudo\" (i.e. root) -- which\nbreaks.  We also have cases of essentially the opposite -- checkouts\nwe have installed as root, but then run tox in them as a regular user;\ntox wants to install the source in its venv but now we have another\nuser conflict.\n\nThis uses the only available configuration option to avoid that by\nglobally setting the source directories we clone as safe.  This is an\nencroachment of the global system for sure, but is about the only\nswitch available at the moment.  For discussion of other approaches,\nsee [2].\n\nRelated-Bug: https://bugs.launchpad.net/devstack/+bug/1968798\n\n[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9\n[2] https://review.opendev.org/c/openstack/devstack/+/837636\n\nChange-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "b2cf9d99c6d13da856b785b386a3f8134bf1f9df",
      "old_mode": 33188,
      "old_path": "functions-common",
      "new_id": "ddef2e4980e0e42e9dbfea020a79246c173289a8",
      "new_mode": 33188,
      "new_path": "functions-common"
    }
  ]
}