| 1 |
commit: 22187f7ebc613fc36d2b57b390a7f8e2b88c8b3d |
| 2 |
Author: Chema Alonso Josa <nimiux <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat Oct 28 14:27:07 2017 +0000 |
| 4 |
Commit: José María Alonso <nimiux <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Oct 28 14:27:07 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/lisp.git/commit/?id=22187f7e |
| 7 |
|
| 8 |
git-r3.eclass: Syng with gentoo repo |
| 9 |
|
| 10 |
eclass/git-r3.eclass | 31 ++++++++++++++++++++++++------- |
| 11 |
1 file changed, 24 insertions(+), 7 deletions(-) |
| 12 |
|
| 13 |
diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass |
| 14 |
index bc7d4d92..c9d2731a 100644 |
| 15 |
--- a/eclass/git-r3.eclass |
| 16 |
+++ b/eclass/git-r3.eclass |
| 17 |
@@ -105,18 +105,22 @@ fi |
| 18 |
# @ECLASS-VARIABLE: EGIT_REPO_URI |
| 19 |
# @REQUIRED |
| 20 |
# @DESCRIPTION: |
| 21 |
-# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs |
| 22 |
-# are provided, the eclass will consider them as fallback URIs to try |
| 23 |
-# if the first URI does not work. For supported URI syntaxes, read up |
| 24 |
-# the manpage for git-clone(1). |
| 25 |
+# URIs to the repository, e.g. https://foo. If multiple URIs are |
| 26 |
+# provided, the eclass will consider the remaining URIs as fallbacks |
| 27 |
+# to try if the first URI does not work. For supported URI syntaxes, |
| 28 |
+# read the manpage for git-clone(1). |
| 29 |
# |
| 30 |
-# It can be overriden via env using ${PN}_LIVE_REPO variable. |
| 31 |
+# URIs should be using https:// whenever possible. http:// and git:// |
| 32 |
+# URIs are completely unsecured and their use (even if only as |
| 33 |
+# a fallback) renders the ebuild completely vulnerable to MITM attacks. |
| 34 |
+# |
| 35 |
+# It can be overridden via env using ${PN}_LIVE_REPO variable. |
| 36 |
# |
| 37 |
# Can be a whitespace-separated list or an array. |
| 38 |
# |
| 39 |
# Example: |
| 40 |
# @CODE |
| 41 |
-# EGIT_REPO_URI="git://a/b.git https://c/d.git" |
| 42 |
+# EGIT_REPO_URI="https://a/b.git https://c/d.git" |
| 43 |
# @CODE |
| 44 |
|
| 45 |
# @ECLASS-VARIABLE: EVCS_OFFLINE |
| 46 |
@@ -566,6 +570,16 @@ git-r3_fetch() { |
| 47 |
|
| 48 |
[[ ${repos[@]} ]] || die "No URI provided and EGIT_REPO_URI unset" |
| 49 |
|
| 50 |
+ local r |
| 51 |
+ for r in "${repos[@]}"; do |
| 52 |
+ if [[ ${r} == git:* || ${r} == http:* ]]; then |
| 53 |
+ ewarn "git-r3: ${r%%:*} protocol is completely unsecure and may render the ebuild" |
| 54 |
+ ewarn "easily susceptible to MITM attacks (even if used only as fallback). Please" |
| 55 |
+ ewarn "use https instead." |
| 56 |
+ ewarn "[URI: ${r}]" |
| 57 |
+ fi |
| 58 |
+ done |
| 59 |
+ |
| 60 |
local -x GIT_DIR |
| 61 |
_git-r3_set_gitdir "${repos[0]}" |
| 62 |
|
| 63 |
@@ -578,7 +592,7 @@ git-r3_fetch() { |
| 64 |
fi |
| 65 |
|
| 66 |
# try to fetch from the remote |
| 67 |
- local r success saved_umask |
| 68 |
+ local success saved_umask |
| 69 |
if [[ ${EVCS_UMASK} ]]; then |
| 70 |
saved_umask=$(umask) |
| 71 |
umask "${EVCS_UMASK}" || die "Bad options to umask: ${EVCS_UMASK}" |
| 72 |
@@ -853,6 +867,9 @@ git-r3_checkout() { |
| 73 |
echo "${orig_repo}/objects" > "${GIT_DIR}"/objects/info/alternates || die |
| 74 |
# now copy the refs |
| 75 |
cp -R "${orig_repo}"/refs/* "${GIT_DIR}"/refs/ || die |
| 76 |
+ if [[ -f ${orig_repo}/packed-refs ]]; then |
| 77 |
+ cp "${orig_repo}"/packed-refs "${GIT_DIR}"/packed-refs || die |
| 78 |
+ fi |
| 79 |
|
| 80 |
# (no need to copy HEAD, we will set it via checkout) |
Archives