kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-14 11:00:10 +01:00
Code Activity

Merge branch 'git-svn-improvements' into 'master'

Browse Source 
git-svn improvements

See merge request fdroid/fdroidserver!453
This commit is contained in:
Hans-Christoph Steiner 2018-02-12 11:18:02 +00:00
commit d8679c3cad
1 changed files with 39 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
fdroidserver/common.py
View File

@ -815,7 +815,8 @@ class vcs_git(vcs):
# #
# supported in git >= 2.3 # supported in git >= 2.3
git_config = [ git_config = [
'-c', 'core.sshCommand=false', '-c', 'core.askpass=/bin/true',
'-c', 'core.sshCommand=/bin/false',
'-c', 'url.https://.insteadOf=ssh://', '-c', 'url.https://.insteadOf=ssh://',
] ]
for domain in ('bitbucket.org', 'github.com', 'gitlab.com'): for domain in ('bitbucket.org', 'github.com', 'gitlab.com'):
@ -827,7 +828,9 @@ class vcs_git(vcs):
git_config.append('url.https://u:p@' + domain + '.insteadOf=https://' + domain) git_config.append('url.https://u:p@' + domain + '.insteadOf=https://' + domain)
envs.update({ envs.update({
'GIT_TERMINAL_PROMPT': '0', 'GIT_TERMINAL_PROMPT': '0',
'GIT_SSH': 'false', # for git < 2.3 'GIT_ASKPASS': '/bin/true',
'SSH_ASKPASS': '/bin/true',
'GIT_SSH': '/bin/false', # for git < 2.3
}) })
return FDroidPopen(['git', ] + git_config + args, return FDroidPopen(['git', ] + git_config + args,
envs=envs, cwd=cwd, output=output) envs=envs, cwd=cwd, output=output)
@ -960,21 +963,34 @@ class vcs_gitsvn(vcs):
def git(self, args, envs=dict(), cwd=None, output=True): def git(self, args, envs=dict(), cwd=None, output=True):
'''Prevent git fetch/clone/submodule from hanging at the username/password prompt '''Prevent git fetch/clone/submodule from hanging at the username/password prompt
AskPass is set to /bin/true to let the process try to connect
without a username/password.
The SSH command is set to /bin/false to block all SSH URLs
(supported in git >= 2.3). This protects against
CVE-2017-1000117.
''' '''
# CVE-2017-1000117 block all SSH URLs (supported in git >= 2.3) git_config = [
config = ['-c', 'core.sshCommand=false'] '-c', 'core.askpass=/bin/true',
'-c', 'core.sshCommand=/bin/false',
]
envs.update({ envs.update({
'GIT_TERMINAL_PROMPT': '0', 'GIT_TERMINAL_PROMPT': '0',
'GIT_SSH': 'false', # for git < 2.3 'GIT_ASKPASS': '/bin/true',
'SVN_SSH': 'false', 'SSH_ASKPASS': '/bin/true',
'GIT_SSH': '/bin/false', # for git < 2.3
'SVN_SSH': '/bin/false',
}) })
return FDroidPopen(['git', ] + config + args, return FDroidPopen(['git', ] + git_config + args,
envs=envs, cwd=cwd, output=output) envs=envs, cwd=cwd, output=output)
def gotorevisionx(self, rev): def gotorevisionx(self, rev):
if not os.path.exists(self.local): if not os.path.exists(self.local):
# Brand new checkout # Brand new checkout
gitsvn_args = ['svn', 'clone'] gitsvn_args = ['svn', 'clone']
remote = None
if ';' in self.remote: if ';' in self.remote:
remote_split = self.remote.split(';') remote_split = self.remote.split(';')
for i in remote_split[1:]: for i in remote_split[1:]:
@ -984,17 +1000,23 @@ class vcs_gitsvn(vcs):
gitsvn_args.extend(['-t', i[5:]]) gitsvn_args.extend(['-t', i[5:]])
elif i.startswith('branches='): elif i.startswith('branches='):
gitsvn_args.extend(['-b', i[9:]]) gitsvn_args.extend(['-b', i[9:]])
gitsvn_args.extend([remote_split[0], self.local]) remote = remote_split[0]
p = self.git(gitsvn_args, output=False)
if p.returncode != 0:
self.clone_failed = True
raise VCSException("Git svn clone failed", p.output)
else: else:
gitsvn_args.extend([self.remote, self.local]) remote = self.remote
p = self.git(gitsvn_args, output=False)
if p.returncode != 0: if not remote.startswith('https://'):
self.clone_failed = True raise VCSException(_('HTTPS must be used with Subversion URLs!'))
raise VCSException("Git svn clone failed", p.output)
# git-svn sucks at certificate validation, this throws useful errors:
import requests
r = requests.head(remote)
r.raise_for_status()
gitsvn_args.extend(['--', remote, self.local])
p = self.git(gitsvn_args)
if p.returncode != 0:
self.clone_failed = True
raise VCSException(_('git svn clone failed'), p.output)
self.checkrepo() self.checkrepo()
else: else:
self.checkrepo() self.checkrepo()