mirror of
https://github.com/f-droid/fdroidserver.git
synced 2025-11-04 14:30:30 +03:00
deploy: do not leak username/hostname from machine pushing repo
Git will use the username/hostname to set the Author and Committer fields if the config items user.name and user.email are not set. This might inadvertently leak info about the machine that is hosting the deploy process. So this changes it to be a hardcoded value, unless the repo environment has explicitly set these values either in the Git config or in environment variables.
This commit is contained in:
Hans-Christoph Steiner
parent
9e32913027
commit
9a6148c5b4
2 changed files with 68 additions and 2 deletions
|
|
@ -532,6 +532,20 @@ def update_servergitmirrors(servergitmirrors, repo_section):
|
||||||
progressbar.done()
|
progressbar.done()
|
||||||
|
|
||||||
|
|
||||||
|
def _get_commit_author(git_repo):
|
||||||
|
"""If the author is set locally, use it, otherwise use static info."""
|
||||||
|
ret = {'name': 'servergitmirrors', 'email': 'fdroid@deploy'}
|
||||||
|
with git_repo.config_reader() as cr:
|
||||||
|
for option in ('name', 'email'):
|
||||||
|
try:
|
||||||
|
value = cr.get_value('user', option)
|
||||||
|
except (configparser.NoSectionError, configparser.NoOptionError):
|
||||||
|
value = os.getenv(f'GITLAB_USER_{option.upper()}')
|
||||||
|
if value:
|
||||||
|
ret[option] = value
|
||||||
|
return git.Actor(ret['name'], ret['email'])
|
||||||
|
|
||||||
|
|
||||||
def upload_to_servergitmirror(
|
def upload_to_servergitmirror(
|
||||||
mirror_config: Dict[str, str],
|
mirror_config: Dict[str, str],
|
||||||
local_repo: Repo,
|
local_repo: Repo,
|
||||||
|
|
@ -565,12 +579,17 @@ def upload_to_servergitmirror(
|
||||||
)
|
)
|
||||||
files_to_upload = _remove_missing_files(files_to_upload)
|
files_to_upload = _remove_missing_files(files_to_upload)
|
||||||
local_repo.index.add(files_to_upload)
|
local_repo.index.add(files_to_upload)
|
||||||
local_repo.index.commit("servergitmirrors: index-only in git-mirror")
|
local_repo.index.commit(
|
||||||
|
"servergitmirrors: index-only in git-mirror",
|
||||||
|
author=_get_commit_author(local_repo),
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
# sadly index.add don't allow the --all parameter
|
# sadly index.add don't allow the --all parameter
|
||||||
logging.debug(_('Adding all files to git mirror'))
|
logging.debug(_('Adding all files to git mirror'))
|
||||||
local_repo.git.add(all=True)
|
local_repo.git.add(all=True)
|
||||||
local_repo.index.commit("servergitmirrors: in git-mirror")
|
local_repo.index.commit(
|
||||||
|
"servergitmirrors: in git-mirror", author=_get_commit_author(local_repo)
|
||||||
|
)
|
||||||
|
|
||||||
# only deploy to GitLab Artifacts if too big for GitLab Pages
|
# only deploy to GitLab Artifacts if too big for GitLab Pages
|
||||||
if (
|
if (
|
||||||
|
|
|
||||||
|
|
@ -786,6 +786,53 @@ class DeployTest(unittest.TestCase):
|
||||||
name, fdroidserver.deploy.REMOTE_HOSTNAME_REGEX.sub(r'\1', remote_url)
|
name, fdroidserver.deploy.REMOTE_HOSTNAME_REGEX.sub(r'\1', remote_url)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@mock.patch.dict(os.environ, clear=True)
|
||||||
|
def test_get_commit_author_no_config(self):
|
||||||
|
os.environ['HOME'] = self.testdir
|
||||||
|
git_repo = git.Repo.init(self.testdir)
|
||||||
|
self.assertEqual(
|
||||||
|
git.Actor('servergitmirrors', 'fdroid@deploy'),
|
||||||
|
fdroidserver.deploy._get_commit_author(git_repo),
|
||||||
|
)
|
||||||
|
|
||||||
|
@mock.patch.dict(os.environ, clear=True)
|
||||||
|
def test_get_commit_author_repo_config(self):
|
||||||
|
os.environ['HOME'] = self.testdir
|
||||||
|
git_repo = git.Repo.init(self.testdir)
|
||||||
|
user_name = 'Foo Bar'
|
||||||
|
user_email = 'foo@bar.com'
|
||||||
|
with git_repo.config_writer() as cw:
|
||||||
|
cw.set_value('user', 'name', user_name)
|
||||||
|
cw.set_value('user', 'email', user_email)
|
||||||
|
self.assertEqual(
|
||||||
|
git.Actor(user_name, user_email),
|
||||||
|
fdroidserver.deploy._get_commit_author(git_repo),
|
||||||
|
)
|
||||||
|
|
||||||
|
@mock.patch.dict(os.environ, clear=True)
|
||||||
|
def test_get_commit_author_repo_config_name_only(self):
|
||||||
|
os.environ['HOME'] = self.testdir
|
||||||
|
git_repo = git.Repo.init(self.testdir)
|
||||||
|
user_name = 'Foo Bar'
|
||||||
|
with git_repo.config_writer() as cw:
|
||||||
|
cw.set_value('user', 'name', user_name)
|
||||||
|
self.assertEqual(
|
||||||
|
git.Actor(user_name, 'fdroid@deploy'),
|
||||||
|
fdroidserver.deploy._get_commit_author(git_repo),
|
||||||
|
)
|
||||||
|
|
||||||
|
@mock.patch.dict(os.environ, clear=True)
|
||||||
|
def test_get_commit_author_repo_config_email_only(self):
|
||||||
|
os.environ['HOME'] = self.testdir
|
||||||
|
git_repo = git.Repo.init(self.testdir)
|
||||||
|
user_email = 'foo@bar.com'
|
||||||
|
with git_repo.config_writer() as cw:
|
||||||
|
cw.set_value('user', 'email', user_email)
|
||||||
|
self.assertEqual(
|
||||||
|
git.Actor('servergitmirrors', user_email),
|
||||||
|
fdroidserver.deploy._get_commit_author(git_repo),
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class TestServerGitMirrors(unittest.TestCase):
|
class TestServerGitMirrors(unittest.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue