[gentoo-portage-dev] [PATCH 2/2] git: drop privileges for gc and merge (bug 669496) - gentoo-portage-dev

From:	Zac Medico <zmedico@g.o>
To:	gentoo-portage-dev@l.g.o
Cc:	Zac Medico <zmedico@g.o>
Subject:	[gentoo-portage-dev] [PATCH 2/2] git: drop privileges for gc and merge (bug 669496)
Date:	Sat, 24 Nov 2018 00:18:03
Message-Id:	`20181124001525.31921-3-zmedico@gentoo.org`
In Reply to:	[gentoo-portage-dev] [PATCH 0/2] git: drop privileges for gc and merge (bug 669496) by Zac Medico

1

Use portage.process.spawn (with new cwd parameter) and self.spawn_kwargs

2

to drop privileges for git gc and merge commands.

3

4

Fixes: 3cd8cf93abb6 ("GitSync: abort checkout for signature problem (bug 660372)")

5

Fixes: 903c4b1a6768 ("GitSync: support sync-depth (bug 552814)")

6

Bug: https://bugs.gentoo.org/669496

7

Signed-off-by: Zac Medico <zmedico@g.o>

8

---

9

 lib/portage/sync/modules/git/git.py       | 10 ++++++----

10

 lib/portage/tests/sync/test_sync_local.py | 22 ++++++++++++++++++++--

11

 2 files changed, 26 insertions(+), 6 deletions(-)

12

13

diff --git a/lib/portage/sync/modules/git/git.py b/lib/portage/sync/modules/git/git.py

14

index e41af313e..7df4b6d61 100644

15

--- a/lib/portage/sync/modules/git/git.py

16

+++ b/lib/portage/sync/modules/git/git.py

17

@@ -147,8 +147,9 @@ class GitSync(NewBase):

18

 			gc_cmd = ['git', '-c', 'gc.autodetach=false', 'gc', '--auto']

19

 			if quiet:

20

 				gc_cmd.append('--quiet')

21

-			exitcode = subprocess.call(gc_cmd,

22

-				cwd=portage._unicode_encode(self.repo.location))

23

+			exitcode = portage.process.spawn(gc_cmd,

24

+				cwd=portage._unicode_encode(self.repo.location),

25

+				**self.spawn_kwargs)

26

 			if exitcode != os.EX_OK:

27

 				msg = "!!! git gc error in %s" % self.repo.location

28

 				self.logger(self.xterm_titles, msg)

29

@@ -186,8 +187,9 @@ class GitSync(NewBase):

30

 		merge_cmd.append('refs/remotes/%s' % remote_branch)

31

 		if quiet:

32

 			merge_cmd.append('--quiet')

33

-		exitcode = subprocess.call(merge_cmd,

34

-			cwd=portage._unicode_encode(self.repo.location))

35

+		exitcode = portage.process.spawn(merge_cmd,

36

+			cwd=portage._unicode_encode(self.repo.location),

37

+			**self.spawn_kwargs)

38

39

 		if exitcode != os.EX_OK:

40

 			msg = "!!! git merge error in %s" % self.repo.location

41

diff --git a/lib/portage/tests/sync/test_sync_local.py b/lib/portage/tests/sync/test_sync_local.py

42

index 49c7a992d..5fb8afb7c 100644

43

--- a/lib/portage/tests/sync/test_sync_local.py

44

+++ b/lib/portage/tests/sync/test_sync_local.py

45

@@ -42,6 +42,7 @@ class SyncLocalTestCase(TestCase):

46

 			[test_repo]

47

 			location = %(EPREFIX)s/var/repositories/test_repo

48

 			sync-type = %(sync-type)s

49

+			sync-depth = %(sync-depth)s

50

 			sync-uri = file://%(EPREFIX)s/var/repositories/test_repo_sync

51

 			sync-rcu = %(sync-rcu)s

52

 			sync-rcu-store-dir = %(EPREFIX)s/var/repositories/test_repo_rcu_storedir

53

@@ -91,9 +92,10 @@ class SyncLocalTestCase(TestCase):

54

 		committer_email = "gentoo-dev@g.o"

55

56

 		def repos_set_conf(sync_type, dflt_keys=None, xtra_keys=None,

57

-			auto_sync="yes", sync_rcu=False):

58

+			auto_sync="yes", sync_rcu=False, sync_depth=None):

59

 			env["PORTAGE_REPOSITORIES"] = repos_conf % {\

60

 				"EPREFIX": eprefix, "sync-type": sync_type,

61

+				"sync-depth": 0 if sync_depth is None else sync_depth,

62

 				"sync-rcu": "yes" if sync_rcu else "no",

63

 				"auto-sync": auto_sync,

64

 				"default_keys": "" if dflt_keys is None else dflt_keys,

65

@@ -197,6 +199,17 @@ class SyncLocalTestCase(TestCase):

66

 			(homedir, lambda: shutil.rmtree(repo.user_location + '_rcu_storedir')),

67

)

68

69

+		upstream_git_commit = (

70

+			(

71

+				repo.location + "_sync",

72

+				git_cmd + ('commit', '--allow-empty', '-m', 'test empty commit'),

73

+			),

74

+			(

75

+				repo.location + "_sync",

76

+				git_cmd + ('commit', '--allow-empty', '-m', 'test empty commit 2'),

77

+			),

78

+		)

79

+

80

 		delete_sync_repo = (

81

 			(homedir, lambda: shutil.rmtree(

82

 				repo.location + "_sync")),

83

@@ -217,6 +230,10 @@ class SyncLocalTestCase(TestCase):

84

 			(homedir, lambda: repos_set_conf("git")),

85

)

86

87

+		sync_type_git_shallow = (

88

+			(homedir, lambda: repos_set_conf("git", sync_depth=1)),

89

+		)

90

+

91

 		sync_rsync_rcu = (

92

 			(homedir, lambda: repos_set_conf("rsync", sync_rcu=True)),

93

)

94

@@ -277,7 +294,8 @@ class SyncLocalTestCase(TestCase):

95

 				delete_repo_location + sync_cmds + sync_cmds + \

96

 				bump_timestamp_cmds + sync_cmds + revert_rcu_layout + \

97

 				delete_sync_repo + git_repo_create + sync_type_git + \

98

-				rename_repo + sync_cmds:

99

+				rename_repo + sync_cmds + upstream_git_commit + sync_cmds + \

100

+				sync_type_git_shallow + upstream_git_commit + sync_cmds:

101

102

 				if hasattr(cmd, '__call__'):

103

 					cmd()

104

--

105

2.18.1

1	Use portage.process.spawn (with new cwd parameter) and self.spawn_kwargs
2	to drop privileges for git gc and merge commands.
3
4	Fixes: 3cd8cf93abb6 ("GitSync: abort checkout for signature problem (bug 660372)")
5	Fixes: 903c4b1a6768 ("GitSync: support sync-depth (bug 552814)")
6	Bug: https://bugs.gentoo.org/669496
7	Signed-off-by: Zac Medico <zmedico@g.o>
8	---
9	lib/portage/sync/modules/git/git.py \| 10 ++++++----
10	lib/portage/tests/sync/test_sync_local.py \| 22 ++++++++++++++++++++--
11	2 files changed, 26 insertions(+), 6 deletions(-)
12
13	diff --git a/lib/portage/sync/modules/git/git.py b/lib/portage/sync/modules/git/git.py
14	index e41af313e..7df4b6d61 100644
15	--- a/lib/portage/sync/modules/git/git.py
16	+++ b/lib/portage/sync/modules/git/git.py
17	@@ -147,8 +147,9 @@ class GitSync(NewBase):
18	gc_cmd = ['git', '-c', 'gc.autodetach=false', 'gc', '--auto']
19	if quiet:
20	gc_cmd.append('--quiet')
21	- exitcode = subprocess.call(gc_cmd,
22	- cwd=portage._unicode_encode(self.repo.location))
23	+ exitcode = portage.process.spawn(gc_cmd,
24	+ cwd=portage._unicode_encode(self.repo.location),
25	+ **self.spawn_kwargs)
26	if exitcode != os.EX_OK:
27	msg = "!!! git gc error in %s" % self.repo.location
28	self.logger(self.xterm_titles, msg)
29	@@ -186,8 +187,9 @@ class GitSync(NewBase):
30	merge_cmd.append('refs/remotes/%s' % remote_branch)
31	if quiet:
32	merge_cmd.append('--quiet')
33	- exitcode = subprocess.call(merge_cmd,
34	- cwd=portage._unicode_encode(self.repo.location))
35	+ exitcode = portage.process.spawn(merge_cmd,
36	+ cwd=portage._unicode_encode(self.repo.location),
37	+ **self.spawn_kwargs)
38
39	if exitcode != os.EX_OK:
40	msg = "!!! git merge error in %s" % self.repo.location
41	diff --git a/lib/portage/tests/sync/test_sync_local.py b/lib/portage/tests/sync/test_sync_local.py
42	index 49c7a992d..5fb8afb7c 100644
43	--- a/lib/portage/tests/sync/test_sync_local.py
44	+++ b/lib/portage/tests/sync/test_sync_local.py
45	@@ -42,6 +42,7 @@ class SyncLocalTestCase(TestCase):
46	[test_repo]
47	location = %(EPREFIX)s/var/repositories/test_repo
48	sync-type = %(sync-type)s
49	+ sync-depth = %(sync-depth)s
50	sync-uri = file://%(EPREFIX)s/var/repositories/test_repo_sync
51	sync-rcu = %(sync-rcu)s
52	sync-rcu-store-dir = %(EPREFIX)s/var/repositories/test_repo_rcu_storedir
53	@@ -91,9 +92,10 @@ class SyncLocalTestCase(TestCase):
54	committer_email = "gentoo-dev@g.o"
55
56	def repos_set_conf(sync_type, dflt_keys=None, xtra_keys=None,
57	- auto_sync="yes", sync_rcu=False):
58	+ auto_sync="yes", sync_rcu=False, sync_depth=None):
59	env["PORTAGE_REPOSITORIES"] = repos_conf % {\
60	"EPREFIX": eprefix, "sync-type": sync_type,
61	+ "sync-depth": 0 if sync_depth is None else sync_depth,
62	"sync-rcu": "yes" if sync_rcu else "no",
63	"auto-sync": auto_sync,
64	"default_keys": "" if dflt_keys is None else dflt_keys,
65	@@ -197,6 +199,17 @@ class SyncLocalTestCase(TestCase):
66	(homedir, lambda: shutil.rmtree(repo.user_location + '_rcu_storedir')),
67	)
68
69	+ upstream_git_commit = (
70	+ (
71	+ repo.location + "_sync",
72	+ git_cmd + ('commit', '--allow-empty', '-m', 'test empty commit'),
73	+ ),
74	+ (
75	+ repo.location + "_sync",
76	+ git_cmd + ('commit', '--allow-empty', '-m', 'test empty commit 2'),
77	+ ),
78	+ )
79	+
80	delete_sync_repo = (
81	(homedir, lambda: shutil.rmtree(
82	repo.location + "_sync")),
83	@@ -217,6 +230,10 @@ class SyncLocalTestCase(TestCase):
84	(homedir, lambda: repos_set_conf("git")),
85	)
86
87	+ sync_type_git_shallow = (
88	+ (homedir, lambda: repos_set_conf("git", sync_depth=1)),
89	+ )
90	+
91	sync_rsync_rcu = (
92	(homedir, lambda: repos_set_conf("rsync", sync_rcu=True)),
93	)
94	@@ -277,7 +294,8 @@ class SyncLocalTestCase(TestCase):
95	delete_repo_location + sync_cmds + sync_cmds + \
96	bump_timestamp_cmds + sync_cmds + revert_rcu_layout + \
97	delete_sync_repo + git_repo_create + sync_type_git + \
98	- rename_repo + sync_cmds:
99	+ rename_repo + sync_cmds + upstream_git_commit + sync_cmds + \
100	+ sync_type_git_shallow + upstream_git_commit + sync_cmds:
101
102	if hasattr(cmd, '__call__'):
103	cmd()
104	--
105	2.18.1

Gentoo Archives: gentoo-portage-dev