user/dev discussion of public-inbox itself
 help / color / mirror / code / Atom feed
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Cc: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Subject: [PATCH 1/3] fetch: support running as root
Date: Mon, 27 Sep 2021 16:05:43 -0500	[thread overview]
Message-ID: <20210927210545.23941-2-e@80x24.org> (raw)
In-Reply-To: <20210927210545.23941-1-e@80x24.org>

The "-w" perlop always succeeds as root, so we need to check
st_mode for writability bits to detect directories we shouldn't
write to.

Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Link: https://public-inbox.org/meta/20210927124056.kj5okiefvs4ztk27@meerkat.local/
---
 lib/PublicInbox/Fetch.pm | 15 +++++++++++++--
 t/v2mirror.t             | 13 ++++++++++---
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/lib/PublicInbox/Fetch.pm b/lib/PublicInbox/Fetch.pm
index 7881b402e3f6..5ada1f49e4dc 100644
--- a/lib/PublicInbox/Fetch.pm
+++ b/lib/PublicInbox/Fetch.pm
@@ -6,7 +6,7 @@ use strict;
 use v5.10.1;
 use parent qw(PublicInbox::IPC);
 use URI ();
-use PublicInbox::Spawn qw(popen_rd run_die);
+use PublicInbox::Spawn qw(popen_rd run_die spawn);
 use PublicInbox::Admin;
 use PublicInbox::LEI;
 use PublicInbox::LeiCurl;
@@ -95,6 +95,13 @@ sub get_fingerprint2 {
 	Digest::SHA::sha256(do { local $/; <$rd> });
 }
 
+sub writable_dir ($) {
+	my ($dir) = @_;
+	return unless -d $dir && -w _;
+	my @st = stat($dir);
+	$st[2] & 0222; # any writable bits set? (in case of root)
+}
+
 sub do_fetch { # main entry point
 	my ($cls, $lei, $cd) = @_;
 	my $ibx_ver;
@@ -112,7 +119,7 @@ sub do_fetch { # main entry point
 		my ($git_url, $epoch);
 		for my $nr (@epochs) { # try newest epoch, first
 			my $edir = "$dir/git/$nr.git";
-			unless (-d $edir && -w _) { # must be writable dir
+			if (!writable_dir($edir)) {
 				$skip->{$nr} = 1;
 				next;
 			}
@@ -122,6 +129,10 @@ sub do_fetch { # main entry point
 				$epoch = $nr;
 			} else {
 				warn "W: $edir missing remote.origin.url\n";
+				my $pid = spawn([qw(git config -l)], undef,
+					{ 1 => $lei->{2}, 2 => $lei->{2} });
+				waitpid($pid, 0);
+				$lei->child_error($?) if $?;
 			}
 		}
 		@epochs = grep { !$skip->{$_} } @epochs if $skip;
diff --git a/t/v2mirror.t b/t/v2mirror.t
index 63d17ebfebba..37d64e83e53b 100644
--- a/t/v2mirror.t
+++ b/t/v2mirror.t
@@ -5,6 +5,7 @@ use v5.10.1;
 use PublicInbox::TestCommon;
 use File::Path qw(remove_tree make_path);
 use Cwd qw(abs_path);
+use Carp ();
 use PublicInbox::Spawn qw(which);
 require_git(2.6);
 require_cmd('curl');
@@ -102,7 +103,9 @@ my @new_epochs;
 my $fetch_each_epoch = sub {
 	my %before = map { $_ => 1 } glob("$tmpdir/m/git/*");
 	run_script([qw(-fetch --exit-code -q)], undef, {-C => "$tmpdir/m"}) or
-		xbail '-fetch fail';
+		xbail('-fetch fail ',
+			[ xqx([which('find'), "$tmpdir/m", qw(-type f -ls) ]) ],
+			Carp::longmess());
 	is($?, 0, '--exit-code 0 after fetch updated');
 	my @after = grep { !$before{$_} } glob("$tmpdir/m/git/*");
 	push @new_epochs, @after;
@@ -273,6 +276,10 @@ if ('test read-only epoch dirs') {
 	my @g = glob("$dst/git/*.git");
 	my @w = grep { -w $_ } @g;
 	my @r = grep { ! -w $_ } @g;
+	if ($> == 0) {
+		@w = grep { (stat($_))[2] & 0200 } @g;
+		@r = grep { !((stat($_))[2] & 0200) } @g;
+	}
 	is(scalar(@w), 1, 'one writable directory');
 	my ($w) = ($w[0] =~ m!/([0-9]+)\.git\z!);
 	is((grep {
@@ -287,7 +294,7 @@ if ('test read-only epoch dirs') {
 			"http://$host:$port/v2/", $dst]);
 	my @g2 = glob("$dst/git/*.git") ;
 	is_deeply(\@g2, \@g, 'cloned again');
-	is(scalar(grep { -w $_ } @g2), scalar(@w) + 1,
+	is(scalar(grep { (stat($_))[2] & 0200 } @g2), scalar(@w) + 1,
 		'got one more cloned epoch');
 
 	# make 0.git writable and fetch into it, relies on culled manifest
@@ -377,7 +384,7 @@ EOM
 	@cmd = (qw(-clone -q --epoch=~0), "http://$host:$port/v2", $dst);
 	run_script(\@cmd, undef, { 2 => \($err = '') });
 	is($?, 0, 'partial scraping clone on old PublicInbox::WWW');
-	my @g_last = grep { -w $_ } glob("$dst/git/*.git");
+	my @g_last = grep { (stat($_))[2] & 0200 } glob("$dst/git/*.git");
 	is_deeply(\@g_last, [ $g_all[-1] ], 'partial clone of ~0 worked');
 
 	chmod(0755, $g_all[0]) or xbail "chmod $!";

  reply	other threads:[~2021-09-27 21:05 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-27 12:40 latest make test failures on CentOS-7 Konstantin Ryabitsev
2021-09-27 18:35 ` [PATCH] t/cmd_ipc: allow extra errors and add diagnostics Eric Wong
2021-09-27 18:51   ` Konstantin Ryabitsev
2021-09-27 19:33 ` -fetch failures [was: latest make test failures on CentOS-7] Eric Wong
2021-09-27 19:45   ` Konstantin Ryabitsev
2021-09-27 21:05     ` [PATCH 0/3] fixes for odd/old/missing dependencies Eric Wong
2021-09-27 21:05       ` Eric Wong [this message]
2021-09-27 21:05       ` [PATCH 2/3] t/lei-index: IMAP and NNTP dependencies are optional Eric Wong
2021-09-27 21:05       ` [PATCH 3/3] lei completion: workaround old Perl bug Eric Wong
2021-09-27 21:27       ` [PATCH 0/3] fixes for odd/old/missing dependencies Konstantin Ryabitsev
2021-09-27 21:40         ` Eric Wong

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://public-inbox.org/README

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210927210545.23941-2-e@80x24.org \
    --to=e@80x24.org \
    --cc=konstantin@linuxfoundation.org \
    --cc=meta@public-inbox.org \
    --subject='Re: [PATCH 1/3] fetch: support running as root' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Code repositories for project(s) associated with this inbox:

	https://80x24.org/public-inbox.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).