From 463254e3b4afb721af8ee36511607ceaa28b9dc3 Mon Sep 17 00:00:00 2001
From: Markus Heiser <markus.heiser@darmarit.de>
Date: Fri, 22 Apr 2022 17:37:04 +0200
Subject: [PATCH] [fix] since git v2.35.2 root can't read from unsafe
 repository

Git v2.35.2 closes an security issue, it is no longer possible that root uses a
git repo that is owned by someone else, the error message is::

    fatal: unsafe repository ('/share/darmarit.org/cache/searxng' is owned by someone else)

The fix is to run the `git diff --name-only` not as root in a sudo command.

[1] https://github.blog/2022-04-12-git-security-vulnerability-announced/
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
---
 utils/lib_install.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/utils/lib_install.sh b/utils/lib_install.sh
index e8e3297c5..5d84c066f 100755
--- a/utils/lib_install.sh
+++ b/utils/lib_install.sh
@@ -92,6 +92,10 @@ init_SEARX_SRC_INIT_FILES(){
 
     local fname
     local msg=""
+    local _prefix=""
+    if [[ -n ${SUDO_USER} ]]; then
+        _prefix="sudo -u ${SUDO_USER}"
+    fi
 
     # Monitor local modified files from the repository, only if the local file
     # differs to the corresponding file in the instance
@@ -108,7 +112,7 @@ init_SEARX_SRC_INIT_FILES(){
                 msg="to update use:  sudo -H ./utils/searx.sh install init-src"
             fi
         fi
-    done <<< "$(git diff --name-only)"
+    done <<< "$($_prefix git diff --name-only)"
     [ -n "$msg" ] &&  info_msg "$msg"
 }