mirror of
https://github.com/moby/buildkit.git
synced 2026-06-24 08:47:57 +00:00
8086fae369
When git runs as root under sudo it consults SUDO_UID to decide whether a repository's ownership can be trusted, additionally granting access to repositories owned by the user who invoked sudo. GitCLI builds a restricted environment for the git subprocess and did not forward SUDO_UID, so commands such as `sudo docker build` tripped git's "detected dubious ownership" check and silently lost commit provenance: the build still succeeds but prints "current commit information was not captured by the build". Forward SUDO_UID (only when present) on the host git config path enabled via WithHostGitConfig, i.e. client-side local git inspection. The default isolated path used by daemon-side callers is left untouched so it does not pick up host environment. This matches git's own default behavior under sudo: it does not disable safe.directory checks and is not equivalent to safe.directory=*; it merely lets git trust repositories owned by the invoking user. Only SUDO_UID is forwarded (git's ownership check is uid-based and never consults SUDO_GID). Fixes the root cause for docker/buildx#3855. buildx inspects the build context through this GitCLI with WithHostGitConfig enabled, so buildx picks the fix up via a moby/buildkit dependency bump with no buildx-side code change. Signed-off-by: MohammadHasan Akbari <jarqvi.jarqvi@gmail.com>