| Message ID | 20221021083401.2940299-1-alexandre.belloni@bootlin.com |
|---|---|
| State | New |
| Headers | show |
| Series | bb.tests.fetch.GitShallowTest: always allow file transport | expand |
Not sure how to fix it, but before adding more "-c core.fsyncobjectfiles=0", please check https://bugzilla.yoctoproject.org/show_bug.cgi?id=14939 On Fri, Oct 21, 2022 at 10:34 AM Alexandre Belloni via lists.openembedded.org <alexandre.belloni=bootlin.com@lists.openembedded.org> wrote: > From: Alexandre Belloni <alexandre.belloni@bootlin.com> > > Following CVE-2022-39253, distributions are disabling file:// transport for > submodules. See > https://git.launchpad.net/ubuntu/+source/git/tree/debian/patches/CVE-2022-39253-11.patch?h=applied/ubuntu/jammy-security > > [YOCTO #14941] > > Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> > --- > lib/bb/tests/fetch.py | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py > index b4ed691f3319..4ef2ed2b66b8 100644 > --- a/lib/bb/tests/fetch.py > +++ b/lib/bb/tests/fetch.py > @@ -1865,6 +1865,9 @@ class GitShallowTest(FetcherTest): > # Make this look like it was cloned from a remote... > self.git('config --add remote.origin.url "%s"' % smdir, cwd=smdir) > self.git('config --add remote.origin.fetch > "+refs/heads/*:refs/remotes/origin/*"', cwd=smdir) > + > + self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c > gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always") > + > self.add_empty_file('asub', cwd=smdir) > self.add_empty_file('bsub', cwd=smdir) > > @@ -1898,6 +1901,8 @@ class GitShallowTest(FetcherTest): > self.add_empty_file('asub', cwd=smdir) > self.add_empty_file('bsub', cwd=smdir) > > + self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c > gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always") > + > self.git('submodule init', cwd=self.srcdir) > self.git('submodule add file://%s' % smdir, cwd=self.srcdir) > self.git('submodule update', cwd=self.srcdir) > -- > 2.37.3 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#14044): > https://lists.openembedded.org/g/bitbake-devel/message/14044 > Mute This Topic: https://lists.openembedded.org/mt/94472006/3617156 > Group Owner: bitbake-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/bitbake-devel/unsub [ > Martin.Jansa@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On 21/10/2022 10:42:45+0200, Martin Jansa wrote: > Not sure how to fix it, but before adding more "-c > core.fsyncobjectfiles=0", please check > https://bugzilla.yoctoproject.org/show_bug.cgi?id=14939 > Yeah, I just copied the default value, I should probably append instead > On Fri, Oct 21, 2022 at 10:34 AM Alexandre Belloni via > lists.openembedded.org <alexandre.belloni=bootlin.com@lists.openembedded.org> > wrote: > > > From: Alexandre Belloni <alexandre.belloni@bootlin.com> > > > > Following CVE-2022-39253, distributions are disabling file:// transport for > > submodules. See > > https://git.launchpad.net/ubuntu/+source/git/tree/debian/patches/CVE-2022-39253-11.patch?h=applied/ubuntu/jammy-security > > > > [YOCTO #14941] > > > > Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> > > --- > > lib/bb/tests/fetch.py | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py > > index b4ed691f3319..4ef2ed2b66b8 100644 > > --- a/lib/bb/tests/fetch.py > > +++ b/lib/bb/tests/fetch.py > > @@ -1865,6 +1865,9 @@ class GitShallowTest(FetcherTest): > > # Make this look like it was cloned from a remote... > > self.git('config --add remote.origin.url "%s"' % smdir, cwd=smdir) > > self.git('config --add remote.origin.fetch > > "+refs/heads/*:refs/remotes/origin/*"', cwd=smdir) > > + > > + self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c > > gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always") > > + > > self.add_empty_file('asub', cwd=smdir) > > self.add_empty_file('bsub', cwd=smdir) > > > > @@ -1898,6 +1901,8 @@ class GitShallowTest(FetcherTest): > > self.add_empty_file('asub', cwd=smdir) > > self.add_empty_file('bsub', cwd=smdir) > > > > + self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c > > gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always") > > + > > self.git('submodule init', cwd=self.srcdir) > > self.git('submodule add file://%s' % smdir, cwd=self.srcdir) > > self.git('submodule update', cwd=self.srcdir) > > -- > > 2.37.3 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#14044): > > https://lists.openembedded.org/g/bitbake-devel/message/14044 > > Mute This Topic: https://lists.openembedded.org/mt/94472006/3617156 > > Group Owner: bitbake-devel+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/bitbake-devel/unsub [ > > Martin.Jansa@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > > >
diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py index b4ed691f3319..4ef2ed2b66b8 100644 --- a/lib/bb/tests/fetch.py +++ b/lib/bb/tests/fetch.py @@ -1865,6 +1865,9 @@ class GitShallowTest(FetcherTest): # Make this look like it was cloned from a remote... self.git('config --add remote.origin.url "%s"' % smdir, cwd=smdir) self.git('config --add remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"', cwd=smdir) + + self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always") + self.add_empty_file('asub', cwd=smdir) self.add_empty_file('bsub', cwd=smdir) @@ -1898,6 +1901,8 @@ class GitShallowTest(FetcherTest): self.add_empty_file('asub', cwd=smdir) self.add_empty_file('bsub', cwd=smdir) + self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always") + self.git('submodule init', cwd=self.srcdir) self.git('submodule add file://%s' % smdir, cwd=self.srcdir) self.git('submodule update', cwd=self.srcdir)