[Bug]: git cloning submodule: fatal: transport 'file' not allowed
TobTobXX opened this issue · 6 comments
Checklist
- I agree to follow the Code of Conduct that this project adheres to.
- I have searched the issue tracker for a bug that matches the one I want to file, without success.
flatpak-builder version
1.2.2
Flatpak version
1.14.0
How to reproduce
- Clone this repo: https://github.com/TobTobXX/org.featherwallet.Feather/tree/org.featherwallet.Feather (check out the
org.featherwallet.Featherbranch) - Try to build it with this command:
flatpak-builder --repo=../repo --force-clean build-dir org.featherwallet.Feather.yaml --jobs=8(will probably also work (that is, fail) without the --jobs flag). - Observe as it builds it successfully up until the
feathermodule, when it'll error out.
Expected Behavior
It would build the stage and error in the build process or somewhere else instead of the cloning of submodules LMAO even flatpak gets confused by git???
The .gitmodule of the repo lists actual HTTP URLs not file:// URLs: .gitmodule
Actual Behavior
[... other modules build successfully ...]
========================================================================
Building module feather in /home/tobtobxx/projects/flatpaks/org.featherwallet.Feather/.flatpak-builder/build/feather-1
========================================================================
Note: switching to '2.1.0'.
You are in 'detached HEAD' state.
[ ... zipped git fluff ... ]
HEAD is now at 380ca7f Bump version to 2.1.0
Cloning into '/home/tobtobxx/projects/flatpaks/org.featherwallet.Feather/.flatpak-builder/build/feather-1/monero'...
fatal: transport 'file' not allowed
fatal: clone of 'file:///home/tobtobxx/projects/flatpaks/org.featherwallet.Feather/.flatpak-builder/git/https_github.com_feather-wallet_monero.git' into submodule path '/home/tobtobxx/projects/flatpaks/org.featherwallet.Feather/.flatpak-builder/build/feather-1/monero' failed
Failed to clone 'monero'. Retry scheduled
Cloning into '/home/tobtobxx/projects/flatpaks/org.featherwallet.Feather/.flatpak-builder/build/feather-1/monero'...
fatal: transport 'file' not allowed
fatal: clone of 'file:///home/tobtobxx/projects/flatpaks/org.featherwallet.Feather/.flatpak-builder/git/https_github.com_feather-wallet_monero.git' into submodule path '/home/tobtobxx/projects/flatpaks/org.featherwallet.Feather/.flatpak-builder/build/feather-1/monero' failed
Failed to clone 'monero' a second time, aborting
Error: module feather: Child process exited with code 1
Additional Information
What makes me believe this is a flatpak bug is that it worked about one or two weeks ago. I cleared all the build-dir/ and .flatpak-builder/ directories, but to no avail.
This is also a problem for org.kde.Platform builds.
As of git 2.38.1, the handling of submodules [..] is broken due to CVE-2022-39253.
See https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/YYY6KN2BJH7KR722GF26SEWNXPLAANNQ/ for details.
For those in search of a quick (but vulnerable) solution: git config --global protocol.file.allow always.
Note that this completely bypasses the vunlerability mitigation and requires you to trust the repos. I wasn't able to really undestand the vulnerabilities, so this might even not apply to building flatpaks. Who knows... YOLO.
flatpak-builder runs git inside of the sandbox. So it cannot directly read files from the host I believe.
Not every git invocation happens inside the sandbox so the commit above is not going to fix it completely.
In my case it does happen in vscode, but not in gnome-builder...