diff options
| author | Emily Shaffer <nasamuffin@google.com> | 2023-09-15 13:26:38 -0700 |
|---|---|---|
| committer | LUCI <gerrit-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-11-09 22:13:17 +0000 |
| commit | 8a6d1724d9d9f4598d15338be9723542ba79467e (patch) | |
| tree | 952ef4c542e5ef711bb675e6d9c8949efa30ae6f /git_superproject.py | |
| parent | 3652b497bbbd6227b2cb84bb61a0fe8d21ba20d6 (diff) | |
| download | git-repo-8a6d1724d9d9f4598d15338be9723542ba79467e.tar.gz | |
git_superproject: tell git that superproject is bare
The superproject is initialized as a bare repo in Superproject:_Init().
That means that later operations must treat it as a bare repository,
specifying the gitdir and setting 'bare' appropriately when launching
GitCommand()s. It's also OK not to specify cwd here because GitCommand()
will drop cwd if bare == True anyways.
With this change, it's possible to run `repo init` and `repo sync` with the
Git config 'safe.bareRepository' set to 'explicit'. This config strengthens
Git's security posture against embedded bare repository attacks like
https://github.com/justinsteven/advisories/blob/main/2022_git_buried_bare_repos_and_fsmonitor_various_abuses.md.
Bug: b/227257481
Change-Id: I954a64c6883d2ca2af9c603e7076fd83b52584e9
Reviewed-on: https://gerrit-review.googlesource.com/c/git-repo/+/389794
Reviewed-by: Mike Frysinger <vapier@google.com>
Tested-by: Jason R. Coombs <jaraco@google.com>
Tested-by: Emily Shaffer <emilyshaffer@google.com>
Reviewed-by: Emily Shaffer <emilyshaffer@google.com>
Commit-Queue: Jason R. Coombs <jaraco@google.com>
Diffstat (limited to 'git_superproject.py')
| -rw-r--r-- | git_superproject.py | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/git_superproject.py b/git_superproject.py index b80f0130..fca0e6f7 100644 --- a/git_superproject.py +++ b/git_superproject.py | |||
| @@ -69,9 +69,9 @@ class UpdateProjectsResult(NamedTuple): | |||
| 69 | class Superproject: | 69 | class Superproject: |
| 70 | """Get commit ids from superproject. | 70 | """Get commit ids from superproject. |
| 71 | 71 | ||
| 72 | Initializes a local copy of a superproject for the manifest. This allows | 72 | Initializes a bare local copy of a superproject for the manifest. This |
| 73 | lookup of commit ids for all projects. It contains _project_commit_ids which | 73 | allows lookup of commit ids for all projects. It contains |
| 74 | is a dictionary with project/commit id entries. | 74 | _project_commit_ids which is a dictionary with project/commit id entries. |
| 75 | """ | 75 | """ |
| 76 | 76 | ||
| 77 | def __init__( | 77 | def __init__( |
| @@ -235,7 +235,8 @@ class Superproject: | |||
| 235 | p = GitCommand( | 235 | p = GitCommand( |
| 236 | None, | 236 | None, |
| 237 | cmd, | 237 | cmd, |
| 238 | cwd=self._work_git, | 238 | gitdir=self._work_git, |
| 239 | bare=True, | ||
| 239 | capture_stdout=True, | 240 | capture_stdout=True, |
| 240 | capture_stderr=True, | 241 | capture_stderr=True, |
| 241 | ) | 242 | ) |
| @@ -271,7 +272,8 @@ class Superproject: | |||
| 271 | p = GitCommand( | 272 | p = GitCommand( |
| 272 | None, | 273 | None, |
| 273 | cmd, | 274 | cmd, |
| 274 | cwd=self._work_git, | 275 | gitdir=self._work_git, |
| 276 | bare=True, | ||
| 275 | capture_stdout=True, | 277 | capture_stdout=True, |
| 276 | capture_stderr=True, | 278 | capture_stderr=True, |
| 277 | ) | 279 | ) |