From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Cc: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Subject: [PATCH 1/3] fetch: support running as root
Date: Mon, 27 Sep 2021 16:05:43 -0500 [thread overview]
Message-ID: <20210927210545.23941-2-e@80x24.org> (raw)
In-Reply-To: <20210927210545.23941-1-e@80x24.org>
The "-w" perlop always succeeds as root, so we need to check
st_mode for writability bits to detect directories we shouldn't
write to.
Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Link: https://public-inbox.org/meta/20210927124056.kj5okiefvs4ztk27@meerkat.local/
---
lib/PublicInbox/Fetch.pm | 15 +++++++++++++--
t/v2mirror.t | 13 ++++++++++---
2 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/lib/PublicInbox/Fetch.pm b/lib/PublicInbox/Fetch.pm
index 7881b402e3f6..5ada1f49e4dc 100644
--- a/lib/PublicInbox/Fetch.pm
+++ b/lib/PublicInbox/Fetch.pm
@@ -6,7 +6,7 @@ use strict;
use v5.10.1;
use parent qw(PublicInbox::IPC);
use URI ();
-use PublicInbox::Spawn qw(popen_rd run_die);
+use PublicInbox::Spawn qw(popen_rd run_die spawn);
use PublicInbox::Admin;
use PublicInbox::LEI;
use PublicInbox::LeiCurl;
@@ -95,6 +95,13 @@ sub get_fingerprint2 {
Digest::SHA::sha256(do { local $/; <$rd> });
}
+sub writable_dir ($) {
+ my ($dir) = @_;
+ return unless -d $dir && -w _;
+ my @st = stat($dir);
+ $st[2] & 0222; # any writable bits set? (in case of root)
+}
+
sub do_fetch { # main entry point
my ($cls, $lei, $cd) = @_;
my $ibx_ver;
@@ -112,7 +119,7 @@ sub do_fetch { # main entry point
my ($git_url, $epoch);
for my $nr (@epochs) { # try newest epoch, first
my $edir = "$dir/git/$nr.git";
- unless (-d $edir && -w _) { # must be writable dir
+ if (!writable_dir($edir)) {
$skip->{$nr} = 1;
next;
}
@@ -122,6 +129,10 @@ sub do_fetch { # main entry point
$epoch = $nr;
} else {
warn "W: $edir missing remote.origin.url\n";
+ my $pid = spawn([qw(git config -l)], undef,
+ { 1 => $lei->{2}, 2 => $lei->{2} });
+ waitpid($pid, 0);
+ $lei->child_error($?) if $?;
}
}
@epochs = grep { !$skip->{$_} } @epochs if $skip;
diff --git a/t/v2mirror.t b/t/v2mirror.t
index 63d17ebfebba..37d64e83e53b 100644
--- a/t/v2mirror.t
+++ b/t/v2mirror.t
@@ -5,6 +5,7 @@ use v5.10.1;
use PublicInbox::TestCommon;
use File::Path qw(remove_tree make_path);
use Cwd qw(abs_path);
+use Carp ();
use PublicInbox::Spawn qw(which);
require_git(2.6);
require_cmd('curl');
@@ -102,7 +103,9 @@ my @new_epochs;
my $fetch_each_epoch = sub {
my %before = map { $_ => 1 } glob("$tmpdir/m/git/*");
run_script([qw(-fetch --exit-code -q)], undef, {-C => "$tmpdir/m"}) or
- xbail '-fetch fail';
+ xbail('-fetch fail ',
+ [ xqx([which('find'), "$tmpdir/m", qw(-type f -ls) ]) ],
+ Carp::longmess());
is($?, 0, '--exit-code 0 after fetch updated');
my @after = grep { !$before{$_} } glob("$tmpdir/m/git/*");
push @new_epochs, @after;
@@ -273,6 +276,10 @@ if ('test read-only epoch dirs') {
my @g = glob("$dst/git/*.git");
my @w = grep { -w $_ } @g;
my @r = grep { ! -w $_ } @g;
+ if ($> == 0) {
+ @w = grep { (stat($_))[2] & 0200 } @g;
+ @r = grep { !((stat($_))[2] & 0200) } @g;
+ }
is(scalar(@w), 1, 'one writable directory');
my ($w) = ($w[0] =~ m!/([0-9]+)\.git\z!);
is((grep {
@@ -287,7 +294,7 @@ if ('test read-only epoch dirs') {
"http://$host:$port/v2/", $dst]);
my @g2 = glob("$dst/git/*.git") ;
is_deeply(\@g2, \@g, 'cloned again');
- is(scalar(grep { -w $_ } @g2), scalar(@w) + 1,
+ is(scalar(grep { (stat($_))[2] & 0200 } @g2), scalar(@w) + 1,
'got one more cloned epoch');
# make 0.git writable and fetch into it, relies on culled manifest
@@ -377,7 +384,7 @@ EOM
@cmd = (qw(-clone -q --epoch=~0), "http://$host:$port/v2", $dst);
run_script(\@cmd, undef, { 2 => \($err = '') });
is($?, 0, 'partial scraping clone on old PublicInbox::WWW');
- my @g_last = grep { -w $_ } glob("$dst/git/*.git");
+ my @g_last = grep { (stat($_))[2] & 0200 } glob("$dst/git/*.git");
is_deeply(\@g_last, [ $g_all[-1] ], 'partial clone of ~0 worked');
chmod(0755, $g_all[0]) or xbail "chmod $!";
next prev parent reply other threads:[~2021-09-27 21:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-27 12:40 latest make test failures on CentOS-7 Konstantin Ryabitsev
2021-09-27 18:35 ` [PATCH] t/cmd_ipc: allow extra errors and add diagnostics Eric Wong
2021-09-27 18:51 ` Konstantin Ryabitsev
2021-09-27 19:33 ` -fetch failures [was: latest make test failures on CentOS-7] Eric Wong
2021-09-27 19:45 ` Konstantin Ryabitsev
2021-09-27 21:05 ` [PATCH 0/3] fixes for odd/old/missing dependencies Eric Wong
2021-09-27 21:05 ` Eric Wong [this message]
2021-09-27 21:05 ` [PATCH 2/3] t/lei-index: IMAP and NNTP dependencies are optional Eric Wong
2021-09-27 21:05 ` [PATCH 3/3] lei completion: workaround old Perl bug Eric Wong
2021-09-27 21:27 ` [PATCH 0/3] fixes for odd/old/missing dependencies Konstantin Ryabitsev
2021-09-27 21:40 ` Eric Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210927210545.23941-2-e@80x24.org \
--to=e@80x24.org \
--cc=konstantin@linuxfoundation.org \
--cc=meta@public-inbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).