Since the announcement of CVE-2022-24765, newer git clients from the Ubuntu security and archive package repositories may throw errors about “unsafe repository … is owned by someone else” if directories are not owned by your personal user id.
First, try to resolve the issue by running the command suggested in the error message.
# attempt suggested resolution git config --global --add safe.directory /your/git/repo # test if issue is resolved git status
If this does not resolve the problem, then you need to upgrade to the latest git client, which is available via an Ubuntu PPA.
# show current version $ git --version git version 2.17.1 # install latest git client from ppa sudo apt-add-repository ppa:git-core/ppa sudo apt-get update sudo apt-get install git -y # show new version from PPA $ git --version git version 2.36.0
Then you can add the local directory to your ~/.gitconfig
git config --global --add safe.directory /your/git/repo # test if issue is resolved git status
Continue reading if you have issues with apt-add-repository hanging or are using a proxy to access the public internet.
Issue with apt-add-repository downloading key
If the apt-add-repository command hangs, it most likely has a problem downloading the signing key for the PPA.
From the PPA page, we can get the signing key fingerprint and use it to do a manual fetch.
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys E1DD270288B4E6030699E45FA1715D88E1DF1F24
Then rerun the apt-add-repository command.
Using a web proxy for public internet access
The ‘apt-*’ utilities unfortunately do not honor the same proxy values you might put in ‘/etc/apt/apt.conf.d/00proxy’ and are used by apt.
If you are using a proxy for public internet access then you need to add the ‘keyserver-options’ flag to the apt-key command like below.
sudo apt-key adv --keyserver-options http-proxy=http://mywebproxy:port --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys E1DD270288B4E6030699E45FA1715D88E1DF1F24
And in order for add-apt-repository to use the proxy, you need to export the proxy variables and make sure you “sudo -E” so that the environment variables are preserved when making the call.
export http_proxy=http://mywebproxy:port export https_proxy=http://mywebproxy:port sudo -E add-apt-repository ppa:git-core/ppa
Checking source of git package
The apt ‘policy’ command will show you which git package is currently installed, which Ubuntu repository is belongs to, and what candidate installations you have available.
Below is the output from a standard Ubuntu bionic installation, after we have added the git-core PPA repository (making 2.36 available as candidate) but before we have installed it (2.17 still being used).
$ sudo apt policy git
git:
Installed: 1:2.17.1-1ubuntu0.10
Candidate: 1:2.36.0-0ppa1~ubuntu18.04.1
Version table:
1:2.36.0-0ppa1~ubuntu18.04.1 500
500 http://ppa.launchpad.net/git-core/ppa/ubuntu bionic/main amd64 Packages
*** 1:2.17.1-1ubuntu0.10 500
500 http://us-east1.gce.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
100 /var/lib/dpkg/status
1:2.17.0-1ubuntu1 500
500 http://us-east1.gce.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
REFERENCES
github blog, CVE-2022-24765 security vulnerability announced
stackoverflow, install git client from ppa
unsafe repository reports: 1, 2, 3, 4,