fix: git safe repo directory for docker image

Makefile

@@ -30,17 +30,30 @@
 ## set to the folder of the current .tex file. When called directly, we
 ## need to first change-dir to this folder.
 ifneq ($(DOCKER), false)
-DOCKER_IMAGE      = alpine-pandoc-hugo
-DOCKER_COMMAND    = docker run --rm -i
-DOCKER_USER       = -u "$(shell id -u):$(shell id -g)"
-DOCKER_VOLUME     = -v "$(shell pwd):/data" -w "/data"
-DOCKER_TEX_VOLUME = -v "$(dir $(realpath $<)):/data" -w "/data"
-
-PANDOC        = $(DOCKER_COMMAND) $(DOCKER_VOLUME)     $(DOCKER_USER) --entrypoint="pandoc"                $(DOCKER_IMAGE)
-HUGO          = $(DOCKER_COMMAND) $(DOCKER_VOLUME)     $(DOCKER_USER) --entrypoint="hugo"                  $(DOCKER_IMAGE)
-DOT           = $(DOCKER_COMMAND) $(DOCKER_VOLUME)     $(DOCKER_USER) --entrypoint="dot"                   $(DOCKER_IMAGE)
-LATEX         = $(DOCKER_COMMAND) $(DOCKER_TEX_VOLUME) $(DOCKER_USER) --entrypoint="latex"                 $(DOCKER_IMAGE)
-DELETE_SCRIPT = $(DOCKER_COMMAND) $(DOCKER_VOLUME)     $(DOCKER_USER) --entrypoint="/opt/delete-script.rb" $(DOCKER_IMAGE)
+DOCKER_REPO_MNTPOINT = /data
+DOCKER_IMAGE         = alpine-pandoc-hugo
+DOCKER_COMMAND       = docker run --rm -i
+DOCKER_USER          = -u "$(shell id -u):$(shell id -g)"
+DOCKER_VOLUME        = -v "$(shell pwd):$(DOCKER_REPO_MNTPOINT)" -w "$(DOCKER_REPO_MNTPOINT)"
+DOCKER_TEX_VOLUME    = -v "$(dir $(realpath $<)):$(DOCKER_REPO_MNTPOINT)" -w "$(DOCKER_REPO_MNTPOINT)"
+# GIT_DIR ensures that git works with the repository
+# no matter the owning user of the directory.
+# see https://github.com/Compilerbau/CB-Lecture-Bachelor/pull/16 for the discussion
+# around this specific workaround and
+# https://github.blog/2022-04-12-git-security-vulnerability-announced/ &
+# https://stackoverflow.com/questions/71901632/fatal-error-unsafe-repository-home-repon-is-owned-by-someone-else
+# for a general overview of the issue.
+DOCKER_GIT_ENV = --env GIT_DIR="$(DOCKER_REPO_MNTPOINT)/.git" \
+				 --env GIT_AUTHOR_NAME="$(shell git config user.name)" \
+				 --env GIT_AUTHOR_EMAIL="$(shell git config user.email)" \
+				 --env GIT_COMMITTER_NAME="$(shell git config user.name)" \
+				 --env GIT_COMMITTER_EMAIL="$(shell git config user.email)"
+
+PANDOC        = $(DOCKER_COMMAND) $(DOCKER_VOLUME)     $(DOCKER_USER) --entrypoint="pandoc"                                  $(DOCKER_IMAGE)
+HUGO          = $(DOCKER_COMMAND) $(DOCKER_VOLUME)     $(DOCKER_USER) --entrypoint="hugo"                                    $(DOCKER_IMAGE)
+DOT           = $(DOCKER_COMMAND) $(DOCKER_VOLUME)     $(DOCKER_USER) --entrypoint="dot"                                     $(DOCKER_IMAGE)
+LATEX         = $(DOCKER_COMMAND) $(DOCKER_TEX_VOLUME) $(DOCKER_USER) --entrypoint="latex"                                   $(DOCKER_IMAGE)
+DELETE_SCRIPT = $(DOCKER_COMMAND) $(DOCKER_VOLUME)     $(DOCKER_USER) --entrypoint="/opt/delete-script.rb" $(DOCKER_GIT_ENV) $(DOCKER_IMAGE)
 else
 PANDOC        = pandoc
 HUGO          = hugo