From 16699329d10a4161686c4abf4f5f0973e1c9c849 Mon Sep 17 00:00:00 2001 From: Ralf Hubert Date: Sun, 29 Dec 2024 06:50:36 +0100 Subject: [PATCH 1/6] namespace-sandbox: fix creation of root directory CreateTarget is called with a relative target directory. In case the directory is the root-directory (`/`) the path passed to CreateTarget is just an empty string which fails in `mkdir` with: src/namespace-sandbox/namespace-sandbox.c:471: cannot create : No such file or directory This happens for example on systems where the home directory of nobody in /etc/passwd is `/`. --- src/namespace-sandbox/namespace-sandbox.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/namespace-sandbox/namespace-sandbox.c b/src/namespace-sandbox/namespace-sandbox.c index d8367bae..5720ddf1 100644 --- a/src/namespace-sandbox/namespace-sandbox.c +++ b/src/namespace-sandbox/namespace-sandbox.c @@ -437,11 +437,17 @@ static void SetupDevices() { // Recursively creates the file or directory specified in "path" and its parent // directories. static int CreateTarget(const char *path, bool is_directory) { + static const char* ROOT_DIR = "."; + if (path == NULL) { errno = EINVAL; return -1; } + if (strlen(path) == 0) { + path = ROOT_DIR; + } + struct stat sb; // If the path already exists... if (stat(path, &sb) == 0) { From db4ef42f65f284511ab1172151308e0896606b8b Mon Sep 17 00:00:00 2001 From: Ralf Hubert Date: Sun, 29 Dec 2024 07:00:15 +0100 Subject: [PATCH 2/6] test: use master branch explicit Make tests work on machines where the git init.defaultBranch is set to something different than master. --- test/black-box/buildid-change/run.sh | 2 +- test/black-box/clean/run.sh | 2 +- test/black-box/git-alternatives/run.sh | 2 +- test/black-box/git-scm-retry/run.sh | 2 +- test/black-box/git-scm-switch/run.sh | 6 +++--- test/black-box/git-scm/run.sh | 2 +- test/black-box/nested-scms/run.sh | 4 ++-- test/black-box/status/run.sh | 2 +- test/integration/jenkins/run.py | 2 +- test/unit/test_input_gitscm.py | 8 ++++++++ test/unit/test_input_gitscm_status.py | 10 +++++----- 11 files changed, 25 insertions(+), 17 deletions(-) diff --git a/test/black-box/buildid-change/run.sh b/test/black-box/buildid-change/run.sh index 015e8047..afa22071 100755 --- a/test/black-box/buildid-change/run.sh +++ b/test/black-box/buildid-change/run.sh @@ -14,7 +14,7 @@ popd # fill git repo D="$(mktemp -d)" pushd "$D" -git init . +git init -b master . git config user.email "bob@bob.bob" git config user.name test echo "first" > first.txt diff --git a/test/black-box/clean/run.sh b/test/black-box/clean/run.sh index e8553b86..17fc42c5 100755 --- a/test/black-box/clean/run.sh +++ b/test/black-box/clean/run.sh @@ -9,7 +9,7 @@ rm -rf default.yaml # init a git - repo gitDir=$(mktemp -d) pushd "${gitDir}" -git init +git init -b master git config user.email "bob@bob.bob" git config user.name test echo "git" > test.dat diff --git a/test/black-box/git-alternatives/run.sh b/test/black-box/git-alternatives/run.sh index 3d5c6085..388da230 100755 --- a/test/black-box/git-alternatives/run.sh +++ b/test/black-box/git-alternatives/run.sh @@ -18,7 +18,7 @@ cp recipe1.yaml "$bob/recipes/t.yaml" repo=$dir/repo.git init_repo() { mkdir "$1" - git init "$1" + git init -b master "$1" git -C "$1" config user.email "bob@bob.bob" git -C "$1" config user.name test diff --git a/test/black-box/git-scm-retry/run.sh b/test/black-box/git-scm-retry/run.sh index 9d7b0e21..d7907321 100755 --- a/test/black-box/git-scm-retry/run.sh +++ b/test/black-box/git-scm-retry/run.sh @@ -17,7 +17,7 @@ cp t.yaml "$bob/recipes" # Directory to play in work=$dir/_work mkdir "$work" -git init "$work" +git init -b master "$work" git -C "$work" config user.email "bob@bob.bob" git -C "$work" config user.name test diff --git a/test/black-box/git-scm-switch/run.sh b/test/black-box/git-scm-switch/run.sh index 6a679247..3aebe5da 100755 --- a/test/black-box/git-scm-switch/run.sh +++ b/test/black-box/git-scm-switch/run.sh @@ -14,7 +14,7 @@ cleanup # Prepare git repositories pushd "$git_submod" -git init . +git init -b master . git config user.email "bob@bob.bob" git config user.name test echo sub > sub.txt @@ -23,7 +23,7 @@ git commit -m import popd pushd "$git_dir1" -git init . +git init -b master . git config user.email "bob@bob.bob" git config user.name test echo "hello world" > test.txt @@ -43,7 +43,7 @@ d1_c2=$(git rev-parse HEAD) popd pushd "$git_dir2" -git init . +git init -b master . git config user.email "bob@bob.bob" git config user.name test echo "hello bob" > bob.txt diff --git a/test/black-box/git-scm/run.sh b/test/black-box/git-scm/run.sh index faed6162..68ecbd82 100755 --- a/test/black-box/git-scm/run.sh +++ b/test/black-box/git-scm/run.sh @@ -17,7 +17,7 @@ cp recipe1.yaml "$bob/recipes/t.yaml" # Directory to play in work=$dir/work mkdir "$work" -git init "$work" +git init -b master "$work" git -C "$work" config user.email "bob@bob.bob" git -C "$work" config user.name test diff --git a/test/black-box/nested-scms/run.sh b/test/black-box/nested-scms/run.sh index 3dbdbe86..be2a3b30 100755 --- a/test/black-box/nested-scms/run.sh +++ b/test/black-box/nested-scms/run.sh @@ -12,7 +12,7 @@ cleanup # Prepare git repositories pushd "$git_dir1" -git init . +git init -b master . git config user.email "bob@bob.bob" git config user.name test echo "commit-1" > git1.txt @@ -25,7 +25,7 @@ git tag -a -m "Second Tag" tag2 popd pushd "$git_dir2" -git init . +git init -b master . git config user.email "bob@bob.bob" git config user.name test echo "commit-1" > git2.txt diff --git a/test/black-box/status/run.sh b/test/black-box/status/run.sh index b331999d..2e3869cf 100755 --- a/test/black-box/status/run.sh +++ b/test/black-box/status/run.sh @@ -17,7 +17,7 @@ trap 'rm -rf "${gitDir}" "${urlDir}" "${svnDir}"' EXIT # init a git - repo pushd ${gitDir} -git init +git init -b master git config user.email "bob@bob.bob" git config user.name test echo "git" > test.dat diff --git a/test/integration/jenkins/run.py b/test/integration/jenkins/run.py index 448020f0..0f175374 100644 --- a/test/integration/jenkins/run.py +++ b/test/integration/jenkins/run.py @@ -185,7 +185,7 @@ def testGitModule(jc): with tempfile.TemporaryDirectory() as gitDir: with open(os.path.join(gitDir, "result.txt"), "w") as f: f.write("foo") - subprocess.run(["git", "init", gitDir], check=True) + subprocess.run(["git", "init", "-b", "master", gitDir], check=True) subprocess.run(["git", "config", "user.email", "bob@test"], check=True, cwd=gitDir) subprocess.run(["git", "config", "user.name", "bob"], check=True, cwd=gitDir) subprocess.run(["git", "add", "result.txt"], check=True, cwd=gitDir) diff --git a/test/unit/test_input_gitscm.py b/test/unit/test_input_gitscm.py index c43130d1..c7f71dfd 100644 --- a/test/unit/test_input_gitscm.py +++ b/test/unit/test_input_gitscm.py @@ -228,6 +228,7 @@ def setUpClass(cls): 'git init .', 'git config user.email "bob@bob.bob"', 'git config user.name test', + 'git checkout -b master', 'echo "hello world" > test.txt', 'git add test.txt', 'git commit -m "first commit"', @@ -416,6 +417,7 @@ def setUpClass(cls): git init . git config user.email "bob@bob.bob" git config user.name test + git checkout -b master for i in $(seq 3) ; do echo "#$i" > test.txt @@ -520,6 +522,7 @@ def setUp(self): git init . git config user.email "bob@bob.bob" git config user.name test + git checkout -b master echo subsub > subsub.txt git add subsub.txt git commit -m import @@ -530,6 +533,7 @@ def setUp(self): git init . git config user.email "bob@bob.bob" git config user.name test + git checkout -b master echo 1 > test.txt git add test.txt mkdir -p some/deep @@ -542,6 +546,7 @@ def setUp(self): # setup main module and add first submodule cd main git init . + git checkout -b master git config user.email "bob@bob.bob" git config user.name test echo 1 > test.txt @@ -619,6 +624,7 @@ def addSub2(self): cmds = """\ cd sub2 git init . + git checkout -b master git config user.email "bob@bob.bob" git config user.name test echo 2 > test.txt @@ -882,6 +888,7 @@ def setUp(self): cmds = """\ git init . + git checkout -b master git config user.email "bob@bob.bob" git config user.name test echo -n "hello world" > test.txt @@ -1023,6 +1030,7 @@ def setUp(self): git init . git config user.email "bob@bob.bob" git config user.name test + git checkout -b master echo -n "hello world" > test.txt git add test.txt git commit -m "first commit" diff --git a/test/unit/test_input_gitscm_status.py b/test/unit/test_input_gitscm_status.py index b59134e1..dc4a64f5 100644 --- a/test/unit/test_input_gitscm_status.py +++ b/test/unit/test_input_gitscm_status.py @@ -39,7 +39,7 @@ def setUp(self): self.repodir = tempfile.mkdtemp() self.repodir_local = tempfile.mkdtemp() - self.callGit('git init', cwd=self.repodir) + self.callGit('git init -b master', cwd=self.repodir) # setup user name and email for travis self.callGit('git config user.email "bob@bob.bob"', cwd=self.repodir) @@ -168,7 +168,7 @@ def setUpClass(cls): # make sub-submodule cd subsub - git init . + git init -b master . git config user.email "bob@bob.bob" git config user.name test echo subsub > test.txt @@ -178,7 +178,7 @@ def setUpClass(cls): # setup first submodule cd sub - git init . + git init -b master . git config user.email "bob@bob.bob" git config user.name test echo sub > test.txt @@ -190,7 +190,7 @@ def setUpClass(cls): # setup second submodule cd sub2 - git init . + git init -b master . git config user.email "bob@bob.bob" git config user.name test echo sub2 > test.txt @@ -200,7 +200,7 @@ def setUpClass(cls): # setup main module cd main - git init . + git init -b master . git config user.email "bob@bob.bob" git config user.name test echo main > test.txt From 5ab7cb33fc1f0546dc26befcc598184a3e45a102 Mon Sep 17 00:00:00 2001 From: Ralf Hubert Date: Sun, 29 Dec 2024 07:02:37 +0100 Subject: [PATCH 3/6] test: black-box: fix for non debian distributions GNU Inteutils and net-tools hostname implementations don't support `-A`. Looks like this is available on debian only. Use the hostid tool instead. --- test/black-box/fingerprints/recipes/sandbox.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/black-box/fingerprints/recipes/sandbox.yaml b/test/black-box/fingerprints/recipes/sandbox.yaml index 7ff590eb..cc872c3c 100644 --- a/test/black-box/fingerprints/recipes/sandbox.yaml +++ b/test/black-box/fingerprints/recipes/sandbox.yaml @@ -26,9 +26,9 @@ multiPackage: - name: sandbox-image-2 use: [sandbox] fingerprintIf: True - fingerprintScript: "hostname -A" + fingerprintScript: "hostid" buildScript: | - cp /id.txt . 2>/dev/null || hostname -A > id.txt + cp /id.txt . 2>/dev/null || hostid > id.txt packageScript: | cp -a $1/* . From d9e9fa2850b6b86cd12d610cec0aa5f742d72b76 Mon Sep 17 00:00:00 2001 From: Ralf Hubert Date: Sun, 29 Dec 2024 07:10:38 +0100 Subject: [PATCH 4/6] test: enable future java for jenkins If the java version is to new for the lastest jenkins release it refuses to start: [TEST]: Waiting for Jenkins to get ready... Running with Java 23 from /usr/lib/jvm/java-23-openjdk, which is not yet fully supported. Run the command again with the --enable-future-java flag to enable preview support for future Java versions. Supported Java versions are: [17, 21] See https://jenkins.io/redirect/java-support/ for more information. --- test/integration/jenkins/run.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/integration/jenkins/run.py b/test/integration/jenkins/run.py index 0f175374..5e0dc537 100644 --- a/test/integration/jenkins/run.py +++ b/test/integration/jenkins/run.py @@ -322,7 +322,8 @@ def download(url, dest): "-Djenkins.install.runSetupWizard=false", "-Dhudson.plugins.git.GitSCM.ALLOW_LOCAL_CHECKOUT=true", "-Dcasc.jenkins.config=" + os.path.abspath("jenkins.yaml"), - "-jar", jenkins], + "-jar", jenkins, + "--enable-future-java" ], env=env) print("[TEST]:", "Jenkins running as pid", jenkinsProc.pid, "in", jenkinsHome) From cc221ac63f06f03d9af42ed4fe3762a493f965c5 Mon Sep 17 00:00:00 2001 From: Ralf Hubert Date: Sun, 29 Dec 2024 07:33:08 +0100 Subject: [PATCH 5/6] git: allow file protocol The fix for CVE-2022-39253 ([1]) disallows file mode transfers for submodules. Since (at least) our unit tests rely on file transfers allow it if file protocol is used. [1] https://www.cve.org/CVERecord?id=CVE-2022-39253 --- pym/bob/scm/git.py | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/pym/bob/scm/git.py b/pym/bob/scm/git.py index 4f8d7a43..289a09c2 100644 --- a/pym/bob/scm/git.py +++ b/pym/bob/scm/git.py @@ -184,6 +184,12 @@ def getProperties(self, isJenkins, pretty=False): properties.update({GitScm.REMOTE_PREFIX+key : val}) return properties + def _getGitConfigOptions(self): + config = [ "-c", "submodule.recurse=0" ] + if self.__url.startswith("file:") or self.__url.startswith("/"): + config += [ "-c", "protocol.file.allow=always" ] + return config + async def invoke(self, invoker, switch=False): alternatesFile = invoker.joinPath(self.__dir, ".git/objects/info/alternates") @@ -240,7 +246,7 @@ async def invoke(self, invoker, switch=False): # refspec is kept in the git config. # Base fetch command with shallow support - fetchCmd = ["git", "-c", "submodule.recurse=0", "fetch", "-p"] + fetchCmd = ["git", *self._getGitConfigOptions(), "fetch", "-p"] if isinstance(self.__shallow, int): fetchCmd.append("--depth={}".format(self.__shallow)) elif isinstance(self.__shallow, str): @@ -366,8 +372,8 @@ async def __checkoutTagOnBranch(self, invoker, fetchCmd, switch): # move to attic invoker.fail("Cannot switch: Current state woulde be lost.") - await invoker.checkCommand(["git", "-c", "submodule.recurse=0", "reset", - "--keep", commit], cwd=self.__dir) + await invoker.checkCommand(["git", *self._getGitConfigOptions(), + "reset", "--keep", commit], cwd=self.__dir) await self.__updateSubmodulesPost(invoker, preUpdate) async def __checkoutTag(self, invoker, fetchCmd, switch): @@ -476,7 +482,7 @@ async def __forwardBranch(self, invoker, oldUpstreamCommit): # commits on the newly fetched upstream. if oldUpstreamCommit is not None: await invoker.checkCommand( - ["git", "-c", "submodule.recurse=0", "rebase", "--onto", + ["git", *self._getGitConfigOptions(), "rebase", "--onto", "refs/remotes/origin/"+self.__branch, oldUpstreamCommit], cwd=self.__dir) else: @@ -484,20 +490,20 @@ async def __forwardBranch(self, invoker, oldUpstreamCommit): # anyway. invoker.warn("Rebasing", self.__dir, "but old upstream commit not known! Please check result.") await invoker.checkCommand( - ["git", "-c", "submodule.recurse=0", "rebase", + ["git", *self._getGitConfigOptions(), "rebase", "refs/remotes/origin/"+self.__branch], cwd=self.__dir) else: # Just do a fast-forward only merge. await invoker.checkCommand( - ["git", "-c", "submodule.recurse=0", "merge", "--ff-only", + ["git", *self._getGitConfigOptions(), "merge", "--ff-only", "refs/remotes/origin/"+self.__branch], cwd=self.__dir) async def __checkoutSubmodules(self, invoker): if not self.__submodules: return - args = ["git", "-c", "submodule.recurse=0", "submodule", "update", "--init"] + args = ["git", *self._getGitConfigOptions(), "submodule", "update", "--init"] if self.__shallowSubmodules: args += ["--depth", "1"] if self.__recurseSubmodules: @@ -574,7 +580,7 @@ async def __updateSubmodulesPost(self, invoker, oldState, base = "."): return {} # Sync remote URLs into our config in case they were changed - args = ["git", "-c", "submodule.recurse=0", "-C", base, "submodule", "sync"] + args = ["git", *self._getGitConfigOptions(), "-C", base, "submodule", "sync"] await invoker.checkCommand(args, cwd=self.__dir) # List all paths as per .gitmodules. This gives us the list of all @@ -603,7 +609,8 @@ async def __updateSubmodulesPost(self, invoker, oldState, base = "."): } # Do the update of safe submodules - args = ["git", "-c", "submodule.recurse=0", "-C", base, "submodule", "update", "--init"] + args = ["git", *self._getGitConfigOptions(), "-C", base, + "submodule", "update", "--init"] if self.__shallowSubmodules: args += ["--depth", "1"] args.append("--") From 9d8f3fd535bddd374243b1bc4cb46ad7775c55ba Mon Sep 17 00:00:00 2001 From: Ralf Hubert Date: Sun, 29 Dec 2024 07:39:01 +0100 Subject: [PATCH 6/6] tests: git: allow file protocol --- test/black-box/git-scm-switch/run.sh | 2 +- test/unit/test_input_gitscm.py | 9 ++++++--- test/unit/test_input_gitscm_status.py | 13 +++++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/test/black-box/git-scm-switch/run.sh b/test/black-box/git-scm-switch/run.sh index 3aebe5da..3153f326 100755 --- a/test/black-box/git-scm-switch/run.sh +++ b/test/black-box/git-scm-switch/run.sh @@ -31,7 +31,7 @@ git add test.txt git commit -m "initial commit" git tag -a -m "Tag0" tag0 d1_c0=$(git rev-parse HEAD) -git submodule add "$git_submod" submod +git -c protocol.file.allow=always submodule add "$git_submod" submod git commit -m "first commit" git tag -a -m "First Tag" tag1 git checkout -b foobar diff --git a/test/unit/test_input_gitscm.py b/test/unit/test_input_gitscm.py index c7f71dfd..e7e8c94a 100644 --- a/test/unit/test_input_gitscm.py +++ b/test/unit/test_input_gitscm.py @@ -226,6 +226,7 @@ def setUpClass(cls): with tempfile.TemporaryDirectory() as tmp: cmds = "\n".join([ 'git init .', + 'git config --local protocol.file.allow always', 'git config user.email "bob@bob.bob"', 'git config user.name test', 'git checkout -b master', @@ -537,7 +538,8 @@ def setUp(self): echo 1 > test.txt git add test.txt mkdir -p some/deep - git submodule add --name whatever ../subsub1 some/deep/path + git -c protocol.file.allow=always \ + submodule add --name whatever ../subsub1 some/deep/path git commit -m "commit 1" echo 2 > test.txt git commit -a -m "commit 2" @@ -551,7 +553,8 @@ def setUp(self): git config user.name test echo 1 > test.txt git add test.txt - git submodule add ../sub1 + git -c protocol.file.allow=always \ + submodule add ../sub1 git commit -m "commit 1" git tag -a -m 'Tag 1' tag1 cd .. @@ -633,7 +636,7 @@ def addSub2(self): cd .. cd main - git submodule add ../sub2 + git -c protocol.file.allow=always submodule add ../sub2 git commit -m "commit 2" cd .. """ diff --git a/test/unit/test_input_gitscm_status.py b/test/unit/test_input_gitscm_status.py index dc4a64f5..52fc6943 100644 --- a/test/unit/test_input_gitscm_status.py +++ b/test/unit/test_input_gitscm_status.py @@ -184,7 +184,8 @@ def setUpClass(cls): echo sub > test.txt git add test.txt mkdir -p some/deep - git submodule add --name whatever ../subsub some/deep/path + git -c protocol.file.allow=always \ + submodule add --name whatever ../subsub some/deep/path git commit -m import cd .. @@ -205,8 +206,8 @@ def setUpClass(cls): git config user.name test echo main > test.txt git add test.txt - git submodule add ../sub - git submodule add ../sub2 + git -c protocol.file.allow=always submodule add ../sub + git -c protocol.file.allow=always submodule add ../sub2 git commit -m import cd .. """ @@ -387,7 +388,7 @@ def testUnexpectedSubmodule(self): self.invokeGit(scm) cmd = """\ - git submodule update --init + git -c protocol.file.allow=always submodule update --init """ subprocess.check_call([getBashPath(), "-c", cmd], cwd=self.workspace) @@ -404,7 +405,7 @@ def testUnexpectedSubSubModule(self): cmd = """\ cd sub - git submodule update --init + git -c protocol.file.allow=always submodule update --init """ subprocess.check_call([getBashPath(), "-c", cmd], cwd=self.workspace) @@ -462,7 +463,7 @@ def testSpecificUnexpectedSubmodule(self): self.invokeGit(scm) cmd = """\ - git submodule update --init sub + git -c protocol.file.allow=always submodule update --init sub """ subprocess.check_call([getBashPath(), "-c", cmd], cwd=self.workspace)