diff options
author | Zac Medico <zmedico@gentoo.org> | 2018-11-23 01:00:25 -0800 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2018-11-23 15:55:24 -0800 |
commit | 0490cfa00afcf1347e4e72528b20c93648d6871c (patch) | |
tree | 340225b5d6def9961df420df092414a64e405b71 /lib | |
parent | portage.process.spawn: add cwd parameter (diff) | |
download | portage-0490cfa00afcf1347e4e72528b20c93648d6871c.tar.gz portage-0490cfa00afcf1347e4e72528b20c93648d6871c.tar.bz2 portage-0490cfa00afcf1347e4e72528b20c93648d6871c.zip |
git: drop privileges for gc and merge (bug 669496)
Use portage.process.spawn (with new cwd parameter) and self.spawn_kwargs
to drop privileges for git gc and merge commands.
Fixes: 3cd8cf93abb6 ("GitSync: abort checkout for signature problem (bug 660372)")
Fixes: 903c4b1a6768 ("GitSync: support sync-depth (bug 552814)")
Bug: https://bugs.gentoo.org/669496
Signed-off-by: Zac Medico <zmedico@gentoo.org>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/portage/sync/modules/git/git.py | 10 | ||||
-rw-r--r-- | lib/portage/tests/sync/test_sync_local.py | 22 |
2 files changed, 26 insertions, 6 deletions
diff --git a/lib/portage/sync/modules/git/git.py b/lib/portage/sync/modules/git/git.py index e41af313e..7df4b6d61 100644 --- a/lib/portage/sync/modules/git/git.py +++ b/lib/portage/sync/modules/git/git.py @@ -147,8 +147,9 @@ class GitSync(NewBase): gc_cmd = ['git', '-c', 'gc.autodetach=false', 'gc', '--auto'] if quiet: gc_cmd.append('--quiet') - exitcode = subprocess.call(gc_cmd, - cwd=portage._unicode_encode(self.repo.location)) + exitcode = portage.process.spawn(gc_cmd, + cwd=portage._unicode_encode(self.repo.location), + **self.spawn_kwargs) if exitcode != os.EX_OK: msg = "!!! git gc error in %s" % self.repo.location self.logger(self.xterm_titles, msg) @@ -186,8 +187,9 @@ class GitSync(NewBase): merge_cmd.append('refs/remotes/%s' % remote_branch) if quiet: merge_cmd.append('--quiet') - exitcode = subprocess.call(merge_cmd, - cwd=portage._unicode_encode(self.repo.location)) + exitcode = portage.process.spawn(merge_cmd, + cwd=portage._unicode_encode(self.repo.location), + **self.spawn_kwargs) if exitcode != os.EX_OK: msg = "!!! git merge error in %s" % self.repo.location diff --git a/lib/portage/tests/sync/test_sync_local.py b/lib/portage/tests/sync/test_sync_local.py index 49c7a992d..5fb8afb7c 100644 --- a/lib/portage/tests/sync/test_sync_local.py +++ b/lib/portage/tests/sync/test_sync_local.py @@ -42,6 +42,7 @@ class SyncLocalTestCase(TestCase): [test_repo] location = %(EPREFIX)s/var/repositories/test_repo sync-type = %(sync-type)s + sync-depth = %(sync-depth)s sync-uri = file://%(EPREFIX)s/var/repositories/test_repo_sync sync-rcu = %(sync-rcu)s sync-rcu-store-dir = %(EPREFIX)s/var/repositories/test_repo_rcu_storedir @@ -91,9 +92,10 @@ class SyncLocalTestCase(TestCase): committer_email = "gentoo-dev@gentoo.org" def repos_set_conf(sync_type, dflt_keys=None, xtra_keys=None, - auto_sync="yes", sync_rcu=False): + auto_sync="yes", sync_rcu=False, sync_depth=None): env["PORTAGE_REPOSITORIES"] = repos_conf % {\ "EPREFIX": eprefix, "sync-type": sync_type, + "sync-depth": 0 if sync_depth is None else sync_depth, "sync-rcu": "yes" if sync_rcu else "no", "auto-sync": auto_sync, "default_keys": "" if dflt_keys is None else dflt_keys, @@ -197,6 +199,17 @@ class SyncLocalTestCase(TestCase): (homedir, lambda: shutil.rmtree(repo.user_location + '_rcu_storedir')), ) + upstream_git_commit = ( + ( + repo.location + "_sync", + git_cmd + ('commit', '--allow-empty', '-m', 'test empty commit'), + ), + ( + repo.location + "_sync", + git_cmd + ('commit', '--allow-empty', '-m', 'test empty commit 2'), + ), + ) + delete_sync_repo = ( (homedir, lambda: shutil.rmtree( repo.location + "_sync")), @@ -217,6 +230,10 @@ class SyncLocalTestCase(TestCase): (homedir, lambda: repos_set_conf("git")), ) + sync_type_git_shallow = ( + (homedir, lambda: repos_set_conf("git", sync_depth=1)), + ) + sync_rsync_rcu = ( (homedir, lambda: repos_set_conf("rsync", sync_rcu=True)), ) @@ -277,7 +294,8 @@ class SyncLocalTestCase(TestCase): delete_repo_location + sync_cmds + sync_cmds + \ bump_timestamp_cmds + sync_cmds + revert_rcu_layout + \ delete_sync_repo + git_repo_create + sync_type_git + \ - rename_repo + sync_cmds: + rename_repo + sync_cmds + upstream_git_commit + sync_cmds + \ + sync_type_git_shallow + upstream_git_commit + sync_cmds: if hasattr(cmd, '__call__'): cmd() |