From e0e7717b563a8166f711eadd77eb6a74d361f0d4 Mon Sep 17 00:00:00 2001
From: pyr0ball <pyroballpcs@gmail.com>
Date: Thu, 26 Feb 2026 22:07:39 -0800
Subject: [PATCH] fix: auto-configure git safe.directory in setup.sh for
 /opt-style installs

Git 2.35.2+ rejects repos where directory owner != current user, which
is the common case when cloned as root into /opt. setup.sh now detects
this and calls git config --global --add safe.directory automatically.
When run via sudo, it writes into SUDO_USER's config rather than root's.
README updated with both fixes: git safe.directory and chown for preflight.
---
 README.md | 12 ++++++++++--
 setup.sh  | 26 ++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 8a5ec77..d1a6748 100644
--- a/README.md
+++ b/README.md
@@ -42,13 +42,21 @@ make start PROFILE=single-gpu
 
 ### Installing to `/opt` or other system directories
 
-If you clone into a root-owned directory, fix ownership first so preflight can write `.env` and `compose.override.yml`:
+If you clone into a root-owned directory (e.g. `sudo git clone ... /opt/peregrine`), two things need fixing:
+
+**1. Git ownership warning** (`fatal: detected dubious ownership`) — `./manage.sh setup` fixes this automatically. If you need git to work *before* running setup:
+
+```bash
+git config --global --add safe.directory /opt/peregrine
+```
+
+**2. Preflight write access** — preflight writes `.env` and `compose.override.yml` into the repo directory. Fix ownership once:
 
 ```bash
 sudo chown -R $USER:$USER /opt/peregrine
 ```
 
-Then run without `sudo` — Peregrine doesn't need it.
+After that, run everything without `sudo`.
 
 ### Podman
 
diff --git a/setup.sh b/setup.sh
index 0adcd1d..453d273 100755
--- a/setup.sh
+++ b/setup.sh
@@ -64,6 +64,31 @@ install_build_tools() {
     success "make installed."
 }
 
+# ── Git safe.directory ─────────────────────────────────────────────────────────
+# Git 2.35.2+ rejects repos where the directory owner != current user.
+# Common when cloned as root into /opt and then run as a regular user.
+# Fix by registering the repo path in the appropriate user's git config.
+configure_git_safe_dir() {
+    local repo_dir
+    repo_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+    # If git is happy already, nothing to do
+    if git -C "$repo_dir" rev-parse --git-dir &>/dev/null 2>&1; then
+        success "Git repository ownership OK."
+        return
+    fi
+
+    info "Configuring git safe.directory for $repo_dir…"
+    if [[ -n "${SUDO_USER:-}" ]]; then
+        # Running under sudo — write into the invoking user's config, not root's
+        sudo -u "$SUDO_USER" git config --global --add safe.directory "$repo_dir"
+        success "safe.directory set for user '${SUDO_USER}'."
+    else
+        git config --global --add safe.directory "$repo_dir"
+        success "safe.directory set."
+    fi
+}
+
 # ── Git ────────────────────────────────────────────────────────────────────────
 install_git() {
     if cmd_exists git; then success "git already installed: $(git --version)"; return; fi
@@ -317,6 +342,7 @@ main() {
 
     install_build_tools
     install_git
+    configure_git_safe_dir
     # Podman takes precedence if already installed; otherwise install Docker
     if ! check_podman; then
         install_docker