From patchwork Sat Aug 4 16:33:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 953472 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=free.fr Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="dD6V51oU"; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41jTxH1vPqz9sXZ for ; Sun, 5 Aug 2018 02:33:23 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 0E54C8890E; Sat, 4 Aug 2018 16:33:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rkorKAl3aukv; Sat, 4 Aug 2018 16:33:16 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id C9D8C8891A; Sat, 4 Aug 2018 16:33:14 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 3AF141C012F for ; Sat, 4 Aug 2018 16:33:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 373FE2201A for ; Sat, 4 Aug 2018 16:33:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2y6mkLOn8hy for ; Sat, 4 Aug 2018 16:33:10 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by silver.osuosl.org (Postfix) with ESMTPS id 0694121FFB for ; Sat, 4 Aug 2018 16:33:10 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id s12-v6so9437864wmc.0 for ; Sat, 04 Aug 2018 09:33:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=9j/gNfhVlqKt/TX6cWQ3WbYBXw8XoyE/ULJSxvLKNNs=; b=dD6V51oUk656b/W24iEIe7Q2JemsGNAlY3hUA3g8eCfiYydRY45q97bfSkYOMEbFCo PB/uNWEERsT77dLqYYF4+Twd4jz2caWK8LEoYpgp/jWPgBiWTl0cGlLcUc7VlGcoSr91 L6LtFPSCiARBm8kqJuIApa5mGzsCwsfNu08IHzthbcG50gI+mO06SKJa3cR9dl3OC1XQ 9othUsUo1SHi2jSoSGJCtYTUE6Gqay3mv4eyhj7RfyBS5boL+k1Zpkyn/amya7LxAUsW 7mV900avP5EwgfwL7Mdfbuo003pyC10jOgejlc6ItPmKNqhrWymO/JPoEESUcRXUpA9Q nGVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=9j/gNfhVlqKt/TX6cWQ3WbYBXw8XoyE/ULJSxvLKNNs=; b=Fr5eUVqniwjmnDAAyIrOGPgCccWG6EIROWjAciawrtI2VNvpMRiH3fctodLilL910S BVRKaa/7RxSxu2iDJfTHu1tnRgkpr5ZHP8GwcqH9AyPT+eVLBV+0nBfZF7+cxL9ekmW+ pN9dvFxmR7dhVWX0rT4uQ1ebPRVwUPM1UCwHDv2/wi/C4RokswscFsOneViML0EI+m5a HbQpvNNy4zqXrsY+Xy5wQ4/akCKswtjRacehrkhL534xPJ7jrJgq6EVVh0GtFbZVb+Au fjiZ1BFs8gmpwrmJMtjrQfcJWky7J/Ur4/4/CW4esgg6D/FMfQSOrwPmMUEl0DWN5J2k QVXA== X-Gm-Message-State: AOUpUlGUYXornrTlwrOdyzPFxgZBySZWbygKXwso4JJyZLovReFKhBV9 mtDXgggW2kV+pwW54ZZOUNjkWkPh X-Google-Smtp-Source: AAOMgpcgxWVBNn1vqsWGJ1cGn0Bd77kCqEzwj3Jij5CszIqQe1iqeSxoEgh9WG5Kso0HW818zCwuAg== X-Received: by 2002:a1c:e409:: with SMTP id b9-v6mr7328588wmh.34.1533400388236; Sat, 04 Aug 2018 09:33:08 -0700 (PDT) Received: from scaer.bzh.lan (2a01cb08861073008153739ff237c9ed.ipv6.abo.wanadoo.fr. [2a01:cb08:8610:7300:8153:739f:f237:c9ed]) by smtp.gmail.com with ESMTPSA id 200-v6sm4769188wmv.6.2018.08.04.09.33.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 04 Aug 2018 09:33:07 -0700 (PDT) From: "Yann E. MORIN" To: buildroot@buildroot.org Date: Sat, 4 Aug 2018 18:33:05 +0200 Message-Id: X-Mailer: git-send-email 2.14.1 In-Reply-To: References: Subject: [Buildroot] [PATCH 3/3] support/download: detect and abort when using a git branch by name X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Yann E. MORIN" , Thomas Petazzoni MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Using a git branch by its name does not work as people expect: 1. due to local caching, Buildroot will not re-fetch the repository, so people that expect to be able to follow the remote repository will be quite surprised and disapointed; 2. if the user removes the local cache, then the build is no longer reproducible, because the remote repository may change any time between two builds, and people will be quite surprised and disapointed. In either case, users are surprised and disapointed, which is a sad state of matters. :-( So, detect if the changeset requested is a branch by name, and abort in that case. Note that this only applies to using a branch by name. Any other mean of using the branch (tag, sha1) is still supported, of course. Note also that the download wrapper still first tries from the local cache, then from the primary site (if set), and falls back to trying the mirror eventually (if set). This is not a problem per-se, because a malicious user that is capable of pre-seeding either locations with a matching archive already gamed the system, and there is nothing we can do to prevent that... Signed-off-by: "Yann E. MORIN" Cc: Thomas Petazzoni --- support/download/git | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/support/download/git b/support/download/git index 11bb52c1e1..28391b908b 100755 --- a/support/download/git +++ b/support/download/git @@ -134,6 +134,13 @@ if ! _git rev-parse --quiet --verify "'${cset}^{commit}'" >/dev/null 2>&1; then exit 1 fi +# Check if the changeset is a branch name. +if _git show-ref "${cset}" |grep -qv refs/tags; then + printf "Commit '%s' is a branch name.\n" "${cset}" + printf "Using a branch name is not supported.\n" + exit 1 +fi + # The new cset we want to checkout might have different submodules, or # have sub-dirs converted to/from a submodule. So we would need to # deregister _current_ submodules before we checkout.