mirror of
https://github.com/f-droid/fdroidserver.git
synced 2025-11-05 06:50:29 +03:00
use posixpath.join() for paths on the buildserver
This fixes bandit misdetection of hardcoded /tmp dir. posixpath.join() is good to use anyway, it highlights what is on the remote server, vs what is local. Local paths should use os.path.join() to support Windows, etc. posixpath is built in since Python 3.4, maybe earlier
This commit is contained in:
Hans-Christoph Steiner
parent
4503e7a92a
commit
5d77fd97ee
1 changed files with 10 additions and 9 deletions
|
|
@ -21,6 +21,7 @@ import os
|
||||||
import shutil
|
import shutil
|
||||||
import glob
|
import glob
|
||||||
import subprocess
|
import subprocess
|
||||||
|
import posixpath
|
||||||
import re
|
import re
|
||||||
import resource
|
import resource
|
||||||
import sys
|
import sys
|
||||||
|
|
@ -92,7 +93,7 @@ def build_server(app, build, vcs, build_dir, output_dir, log_dir, force):
|
||||||
port=sshinfo['port'], timeout=300,
|
port=sshinfo['port'], timeout=300,
|
||||||
look_for_keys=False, key_filename=sshinfo['idfile'])
|
look_for_keys=False, key_filename=sshinfo['idfile'])
|
||||||
|
|
||||||
homedir = '/home/' + sshinfo['user']
|
homedir = posixpath.join('/home', sshinfo['user'])
|
||||||
|
|
||||||
# Get an SFTP connection...
|
# Get an SFTP connection...
|
||||||
ftp = sshs.open_sftp()
|
ftp = sshs.open_sftp()
|
||||||
|
|
@ -159,7 +160,7 @@ def build_server(app, build, vcs, build_dir, output_dir, log_dir, force):
|
||||||
ftp.mkdir('srclib')
|
ftp.mkdir('srclib')
|
||||||
# Copy any extlibs that are required...
|
# Copy any extlibs that are required...
|
||||||
if build.extlibs:
|
if build.extlibs:
|
||||||
ftp.chdir(homedir + '/build/extlib')
|
ftp.chdir(posixpath.join(homedir, 'build', 'extlib'))
|
||||||
for lib in build.extlibs:
|
for lib in build.extlibs:
|
||||||
lib = lib.strip()
|
lib = lib.strip()
|
||||||
libsrc = os.path.join('build/extlib', lib)
|
libsrc = os.path.join('build/extlib', lib)
|
||||||
|
|
@ -186,20 +187,20 @@ def build_server(app, build, vcs, build_dir, output_dir, log_dir, force):
|
||||||
srclibpaths.append(basesrclib)
|
srclibpaths.append(basesrclib)
|
||||||
for name, number, lib in srclibpaths:
|
for name, number, lib in srclibpaths:
|
||||||
logging.info("Sending srclib '%s'" % lib)
|
logging.info("Sending srclib '%s'" % lib)
|
||||||
ftp.chdir(homedir + '/build/srclib')
|
ftp.chdir(posixpath.join(homedir, 'build', 'srclib'))
|
||||||
if not os.path.exists(lib):
|
if not os.path.exists(lib):
|
||||||
raise BuildException("Missing srclib directory '" + lib + "'")
|
raise BuildException("Missing srclib directory '" + lib + "'")
|
||||||
fv = '.fdroidvcs-' + name
|
fv = '.fdroidvcs-' + name
|
||||||
ftp.put(os.path.join('build/srclib', fv), fv)
|
ftp.put(os.path.join('build/srclib', fv), fv)
|
||||||
send_dir(lib)
|
send_dir(lib)
|
||||||
# Copy the metadata file too...
|
# Copy the metadata file too...
|
||||||
ftp.chdir(homedir + '/srclibs')
|
ftp.chdir(posixpath.join(homedir, 'srclibs'))
|
||||||
ftp.put(os.path.join('srclibs', name + '.txt'),
|
ftp.put(os.path.join('srclibs', name + '.txt'),
|
||||||
name + '.txt')
|
name + '.txt')
|
||||||
# Copy the main app source code
|
# Copy the main app source code
|
||||||
# (no need if it's a srclib)
|
# (no need if it's a srclib)
|
||||||
if (not basesrclib) and os.path.exists(build_dir):
|
if (not basesrclib) and os.path.exists(build_dir):
|
||||||
ftp.chdir(homedir + '/build')
|
ftp.chdir(posixpath.join(homedir, 'build'))
|
||||||
fv = '.fdroidvcs-' + app.id
|
fv = '.fdroidvcs-' + app.id
|
||||||
ftp.put(os.path.join('build', fv), fv)
|
ftp.put(os.path.join('build', fv), fv)
|
||||||
send_dir(build_dir)
|
send_dir(build_dir)
|
||||||
|
|
@ -208,7 +209,7 @@ def build_server(app, build, vcs, build_dir, output_dir, log_dir, force):
|
||||||
logging.info("Starting build...")
|
logging.info("Starting build...")
|
||||||
chan = sshs.get_transport().open_session()
|
chan = sshs.get_transport().open_session()
|
||||||
chan.get_pty()
|
chan.get_pty()
|
||||||
cmdline = os.path.join(homedir, 'fdroidserver', 'fdroid')
|
cmdline = posixpath.join(homedir, 'fdroidserver', 'fdroid')
|
||||||
cmdline += ' build --on-server'
|
cmdline += ' build --on-server'
|
||||||
if force:
|
if force:
|
||||||
cmdline += ' --force --test'
|
cmdline += ' --force --test'
|
||||||
|
|
@ -255,7 +256,7 @@ def build_server(app, build, vcs, build_dir, output_dir, log_dir, force):
|
||||||
# Retreive logs...
|
# Retreive logs...
|
||||||
toolsversion_log = common.get_toolsversion_logname(app, build)
|
toolsversion_log = common.get_toolsversion_logname(app, build)
|
||||||
try:
|
try:
|
||||||
ftp.chdir(os.path.join(homedir, log_dir))
|
ftp.chdir(posixpath.join(homedir, log_dir))
|
||||||
ftp.get(toolsversion_log, os.path.join(log_dir, toolsversion_log))
|
ftp.get(toolsversion_log, os.path.join(log_dir, toolsversion_log))
|
||||||
logging.debug('retrieved %s', toolsversion_log)
|
logging.debug('retrieved %s', toolsversion_log)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
|
@ -264,9 +265,9 @@ def build_server(app, build, vcs, build_dir, output_dir, log_dir, force):
|
||||||
# Retrieve the built files...
|
# Retrieve the built files...
|
||||||
logging.info("Retrieving build output...")
|
logging.info("Retrieving build output...")
|
||||||
if force:
|
if force:
|
||||||
ftp.chdir(homedir + '/tmp')
|
ftp.chdir(posixpath.join(homedir, 'tmp'))
|
||||||
else:
|
else:
|
||||||
ftp.chdir(homedir + '/unsigned')
|
ftp.chdir(posixpath.join(homedir, 'unsigned'))
|
||||||
apkfile = common.get_release_filename(app, build)
|
apkfile = common.get_release_filename(app, build)
|
||||||
tarball = common.getsrcname(app, build)
|
tarball = common.getsrcname(app, build)
|
||||||
try:
|
try:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue