From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id DAA611F934; Mon, 27 Sep 2021 21:05:45 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Cc: Konstantin Ryabitsev Subject: [PATCH 1/3] fetch: support running as root Date: Mon, 27 Sep 2021 16:05:43 -0500 Message-Id: <20210927210545.23941-2-e@80x24.org> In-Reply-To: <20210927210545.23941-1-e@80x24.org> References: <20210927210545.23941-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: The "-w" perlop always succeeds as root, so we need to check st_mode for writability bits to detect directories we shouldn't write to. Reported-by: Konstantin Ryabitsev Link: https://public-inbox.org/meta/20210927124056.kj5okiefvs4ztk27@meerkat.local/ --- lib/PublicInbox/Fetch.pm | 15 +++++++++++++-- t/v2mirror.t | 13 ++++++++++--- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/lib/PublicInbox/Fetch.pm b/lib/PublicInbox/Fetch.pm index 7881b402e3f6..5ada1f49e4dc 100644 --- a/lib/PublicInbox/Fetch.pm +++ b/lib/PublicInbox/Fetch.pm @@ -6,7 +6,7 @@ use strict; use v5.10.1; use parent qw(PublicInbox::IPC); use URI (); -use PublicInbox::Spawn qw(popen_rd run_die); +use PublicInbox::Spawn qw(popen_rd run_die spawn); use PublicInbox::Admin; use PublicInbox::LEI; use PublicInbox::LeiCurl; @@ -95,6 +95,13 @@ sub get_fingerprint2 { Digest::SHA::sha256(do { local $/; <$rd> }); } +sub writable_dir ($) { + my ($dir) = @_; + return unless -d $dir && -w _; + my @st = stat($dir); + $st[2] & 0222; # any writable bits set? (in case of root) +} + sub do_fetch { # main entry point my ($cls, $lei, $cd) = @_; my $ibx_ver; @@ -112,7 +119,7 @@ sub do_fetch { # main entry point my ($git_url, $epoch); for my $nr (@epochs) { # try newest epoch, first my $edir = "$dir/git/$nr.git"; - unless (-d $edir && -w _) { # must be writable dir + if (!writable_dir($edir)) { $skip->{$nr} = 1; next; } @@ -122,6 +129,10 @@ sub do_fetch { # main entry point $epoch = $nr; } else { warn "W: $edir missing remote.origin.url\n"; + my $pid = spawn([qw(git config -l)], undef, + { 1 => $lei->{2}, 2 => $lei->{2} }); + waitpid($pid, 0); + $lei->child_error($?) if $?; } } @epochs = grep { !$skip->{$_} } @epochs if $skip; diff --git a/t/v2mirror.t b/t/v2mirror.t index 63d17ebfebba..37d64e83e53b 100644 --- a/t/v2mirror.t +++ b/t/v2mirror.t @@ -5,6 +5,7 @@ use v5.10.1; use PublicInbox::TestCommon; use File::Path qw(remove_tree make_path); use Cwd qw(abs_path); +use Carp (); use PublicInbox::Spawn qw(which); require_git(2.6); require_cmd('curl'); @@ -102,7 +103,9 @@ my @new_epochs; my $fetch_each_epoch = sub { my %before = map { $_ => 1 } glob("$tmpdir/m/git/*"); run_script([qw(-fetch --exit-code -q)], undef, {-C => "$tmpdir/m"}) or - xbail '-fetch fail'; + xbail('-fetch fail ', + [ xqx([which('find'), "$tmpdir/m", qw(-type f -ls) ]) ], + Carp::longmess()); is($?, 0, '--exit-code 0 after fetch updated'); my @after = grep { !$before{$_} } glob("$tmpdir/m/git/*"); push @new_epochs, @after; @@ -273,6 +276,10 @@ if ('test read-only epoch dirs') { my @g = glob("$dst/git/*.git"); my @w = grep { -w $_ } @g; my @r = grep { ! -w $_ } @g; + if ($> == 0) { + @w = grep { (stat($_))[2] & 0200 } @g; + @r = grep { !((stat($_))[2] & 0200) } @g; + } is(scalar(@w), 1, 'one writable directory'); my ($w) = ($w[0] =~ m!/([0-9]+)\.git\z!); is((grep { @@ -287,7 +294,7 @@ if ('test read-only epoch dirs') { "http://$host:$port/v2/", $dst]); my @g2 = glob("$dst/git/*.git") ; is_deeply(\@g2, \@g, 'cloned again'); - is(scalar(grep { -w $_ } @g2), scalar(@w) + 1, + is(scalar(grep { (stat($_))[2] & 0200 } @g2), scalar(@w) + 1, 'got one more cloned epoch'); # make 0.git writable and fetch into it, relies on culled manifest @@ -377,7 +384,7 @@ EOM @cmd = (qw(-clone -q --epoch=~0), "http://$host:$port/v2", $dst); run_script(\@cmd, undef, { 2 => \($err = '') }); is($?, 0, 'partial scraping clone on old PublicInbox::WWW'); - my @g_last = grep { -w $_ } glob("$dst/git/*.git"); + my @g_last = grep { (stat($_))[2] & 0200 } glob("$dst/git/*.git"); is_deeply(\@g_last, [ $g_all[-1] ], 'partial clone of ~0 worked'); chmod(0755, $g_all[0]) or xbail "chmod $!";