1 |
commit: 22187f7ebc613fc36d2b57b390a7f8e2b88c8b3d |
2 |
Author: Chema Alonso Josa <nimiux <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Oct 28 14:27:07 2017 +0000 |
4 |
Commit: José María Alonso <nimiux <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Oct 28 14:27:07 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/lisp.git/commit/?id=22187f7e |
7 |
|
8 |
git-r3.eclass: Syng with gentoo repo |
9 |
|
10 |
eclass/git-r3.eclass | 31 ++++++++++++++++++++++++------- |
11 |
1 file changed, 24 insertions(+), 7 deletions(-) |
12 |
|
13 |
diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass |
14 |
index bc7d4d92..c9d2731a 100644 |
15 |
--- a/eclass/git-r3.eclass |
16 |
+++ b/eclass/git-r3.eclass |
17 |
@@ -105,18 +105,22 @@ fi |
18 |
# @ECLASS-VARIABLE: EGIT_REPO_URI |
19 |
# @REQUIRED |
20 |
# @DESCRIPTION: |
21 |
-# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs |
22 |
-# are provided, the eclass will consider them as fallback URIs to try |
23 |
-# if the first URI does not work. For supported URI syntaxes, read up |
24 |
-# the manpage for git-clone(1). |
25 |
+# URIs to the repository, e.g. https://foo. If multiple URIs are |
26 |
+# provided, the eclass will consider the remaining URIs as fallbacks |
27 |
+# to try if the first URI does not work. For supported URI syntaxes, |
28 |
+# read the manpage for git-clone(1). |
29 |
# |
30 |
-# It can be overriden via env using ${PN}_LIVE_REPO variable. |
31 |
+# URIs should be using https:// whenever possible. http:// and git:// |
32 |
+# URIs are completely unsecured and their use (even if only as |
33 |
+# a fallback) renders the ebuild completely vulnerable to MITM attacks. |
34 |
+# |
35 |
+# It can be overridden via env using ${PN}_LIVE_REPO variable. |
36 |
# |
37 |
# Can be a whitespace-separated list or an array. |
38 |
# |
39 |
# Example: |
40 |
# @CODE |
41 |
-# EGIT_REPO_URI="git://a/b.git https://c/d.git" |
42 |
+# EGIT_REPO_URI="https://a/b.git https://c/d.git" |
43 |
# @CODE |
44 |
|
45 |
# @ECLASS-VARIABLE: EVCS_OFFLINE |
46 |
@@ -566,6 +570,16 @@ git-r3_fetch() { |
47 |
|
48 |
[[ ${repos[@]} ]] || die "No URI provided and EGIT_REPO_URI unset" |
49 |
|
50 |
+ local r |
51 |
+ for r in "${repos[@]}"; do |
52 |
+ if [[ ${r} == git:* || ${r} == http:* ]]; then |
53 |
+ ewarn "git-r3: ${r%%:*} protocol is completely unsecure and may render the ebuild" |
54 |
+ ewarn "easily susceptible to MITM attacks (even if used only as fallback). Please" |
55 |
+ ewarn "use https instead." |
56 |
+ ewarn "[URI: ${r}]" |
57 |
+ fi |
58 |
+ done |
59 |
+ |
60 |
local -x GIT_DIR |
61 |
_git-r3_set_gitdir "${repos[0]}" |
62 |
|
63 |
@@ -578,7 +592,7 @@ git-r3_fetch() { |
64 |
fi |
65 |
|
66 |
# try to fetch from the remote |
67 |
- local r success saved_umask |
68 |
+ local success saved_umask |
69 |
if [[ ${EVCS_UMASK} ]]; then |
70 |
saved_umask=$(umask) |
71 |
umask "${EVCS_UMASK}" || die "Bad options to umask: ${EVCS_UMASK}" |
72 |
@@ -853,6 +867,9 @@ git-r3_checkout() { |
73 |
echo "${orig_repo}/objects" > "${GIT_DIR}"/objects/info/alternates || die |
74 |
# now copy the refs |
75 |
cp -R "${orig_repo}"/refs/* "${GIT_DIR}"/refs/ || die |
76 |
+ if [[ -f ${orig_repo}/packed-refs ]]; then |
77 |
+ cp "${orig_repo}"/packed-refs "${GIT_DIR}"/packed-refs || die |
78 |
+ fi |
79 |
|
80 |
# (no need to copy HEAD, we will set it via checkout) |