Trust file-content-metadata path on CVMFS when cloning

To mitigate the vulnerability CVE-2024-32004, when cloning from a local repository, the directory have to be owned by the user doing the cloning or explicitly trusted. This change temporarily trusts the file-content-metadata repository in CVMFS before cloning it, if needed.

See: https://lore.kernel.org/git/20240529102307.GF1098944@coredump.intra.peff.net/T/#t

Replaces !4585 (closed)

added RTA label

added 1 commit

• 33e5d7c9 - Trust file-content-metadata path on CVMFS when cloning

Compare with previous version

added 1 commit

• 3e1c2544 - Trust file-content-metadata path on CVMFS when cloning

Compare with previous version

changed the description

mentioned in merge request !4585 (closed)

/ci-test

added ci-test-triggered label

• [2025-01-13 15:57] Validation started with lhcb-master-mr#12214

@sponce Can you review and merge this one when you have time? (I already discussed the general concept with @clemenci) Once it's merged I'll hotfix all of the releases on CVMFS so we can finally update git in DIRAC.

@msaur This will need to be backported to all MC releases.

approved this merge request

resolved all threads

merged

mentioned in commit 5aee24da

picked the changes into the branch cherry-pick-5aee24da with commit c1514274

mentioned in commit c1514274

mentioned in merge request !4874 (merged)