mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-14 08:54:46 +00:00
ebb0a9b939
A recent git security update disabled the file transport by default, see https://github.blog/2022-10-18-git-security-vulnerabilities-announced/#cve-2022-39253 We can pick an upstream patch which needed to be rebased unfortunately, so we can't fetch it directly from GitHub.
52 lines
2.0 KiB
Diff
52 lines
2.0 KiB
Diff
commit e9219b88de5ed37af337ee2d2e71e7ec7c0aad1b
|
|
Author: Robbert van Ginkel <rvanginkel@buf.build>
|
|
Date: Thu Oct 20 16:43:28 2022 -0400
|
|
|
|
Fix git unit test by using fake git server rather than file:// (#1518)
|
|
|
|
More recent versions of git fix a CVE by disabling some usage of the
|
|
`file://` transport, see
|
|
https://github.blog/2022-10-18-git-security-vulnerabilities-announced/#cve-2022-39253.
|
|
We were using this transport in tests.
|
|
|
|
Instead, use https://git-scm.com/docs/git-http-backend to serve up this
|
|
repository locally so we don't have to use the file protocol. This
|
|
should be a more accurate tests, since we mostly expect submodules to
|
|
come from servers.
|
|
|
|
diff --git a/private/pkg/git/git_test.go b/private/pkg/git/git_test.go
|
|
index 7b77b6cd..7132054e 100644
|
|
--- a/private/pkg/git/git_test.go
|
|
+++ b/private/pkg/git/git_test.go
|
|
@@ -17,6 +17,8 @@ package git
|
|
import (
|
|
"context"
|
|
"errors"
|
|
+ "net/http/cgi"
|
|
+ "net/http/httptest"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
@@ -213,6 +215,21 @@ func createGitDirs(
|
|
runCommand(ctx, t, container, runner, "git", "-C", submodulePath, "add", "test.proto")
|
|
runCommand(ctx, t, container, runner, "git", "-C", submodulePath, "commit", "-m", "commit 0")
|
|
|
|
+ gitExecPath, err := command.RunStdout(ctx, container, runner, "git", "--exec-path")
|
|
+ require.NoError(t, err)
|
|
+ t.Log(filepath.Join(string(gitExecPath), "git-http-backend"))
|
|
+ // https://git-scm.com/docs/git-http-backend#_description
|
|
+ f, err := os.Create(filepath.Join(submodulePath, ".git", "git-daemon-export-ok"))
|
|
+ require.NoError(t, err)
|
|
+ require.NoError(t, f.Close())
|
|
+ server := httptest.NewServer(&cgi.Handler{
|
|
+ Path: filepath.Join(strings.TrimSpace(string(gitExecPath)), "git-http-backend"),
|
|
+ Dir: submodulePath,
|
|
+ Env: []string{"GIT_PROJECT_ROOT=" + submodulePath},
|
|
+ })
|
|
+ t.Cleanup(server.Close)
|
|
+ submodulePath = server.URL
|
|
+
|
|
originPath := filepath.Join(tmpDir, "origin")
|
|
require.NoError(t, os.MkdirAll(originPath, 0777))
|
|
runCommand(ctx, t, container, runner, "git", "-C", originPath, "init")
|