You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a security policy that sets the safe.bareRepository flag to explicit due to this exploit.
When it is set to explicit, bundler does not work with git gems. Bundler clones the repo fine, but none of the subsequent git commands work because it is a bare repo.
According to this doc, you can specify a GIT_DIR env to explicitly state the repository; however when I tried to pass that to GIT_DIR=<path to cloned repo> bundle install, I kept getting the same error. But this requires knowing the repository path ahead of time, I was only able to pass this because I had already cached the repo. Another option is passing the path via --git-dir.
Maybe bundler can explicitly pass the --git-dir for its git subcommands? Or is there a way to tell the bundler to clone the repo in "non-bare" form?
Did you try upgrading rubygems & bundler?
Both are latest
Post steps to reproduce the problem
git config --global --add safe.bareRepository explicit
# Add any github gem with `git` url
bundler add pdf-core --git https://github.com/prawnpdf/pdf-core
Fetching https://github.com/prawnpdf/pdf-core
fatal: cannot use bare repository '/usr/local/X/home/Y/.rbenv/versions/3.2.1/lib/ruby/gems/3.2.0/cache/bundler/git/pdf-core-b72ffa5889bfc3d60ca579f17b4362d72473a979' (safe.bareRepository is 'explicit')
If not included with the output of your command, run bundle env and paste the output below
Describe the problem as clearly as you can
We have a security policy that sets the
safe.bareRepository
flag toexplicit
due to this exploit.When it is set to explicit, bundler does not work with
git
gems. Bundler clones the repo fine, but none of the subsequent git commands work because it is a bare repo.According to this doc, you can specify a
GIT_DIR
env to explicitly state the repository; however when I tried to pass that toGIT_DIR=<path to cloned repo> bundle install
, I kept getting the same error. But this requires knowing the repository path ahead of time, I was only able to pass this because I had already cached the repo. Another option is passing the path via--git-dir
.Maybe bundler can explicitly pass the
--git-dir
for its git subcommands? Or is there a way to tell the bundler to clone the repo in "non-bare" form?Did you try upgrading rubygems & bundler?
Both are latest
Post steps to reproduce the problem
If not included with the output of your command, run
bundle env
and paste the output belowThe text was updated successfully, but these errors were encountered: