Mailinglist Archive: opensuse-buildservice (148 mails)

< Previous Next >
[opensuse-buildservice] Re: [PATCH] run pre_checkin.sh on build and commit

please revert this !

We consider this a security issue, because you can't review always all
possible existing pre_checkin.sh scripts.

We want to solve most of these cases via source services.

thanks
adrian

Am Mittwoch, 5. Januar 2011, 16:10:49 schrieb OBS osc:
From: Michal Vyskocil <mvyskocil@xxxxxxx>

The pre_checkin.sh is script run after each checkin of package into
SUSE. Osc build and commit commands now runs it automatically too,
unless --no-precheckin is specified.
---
NEWS | 1 +
osc/commandline.py | 17 ++++++++++++++++-
osc/core.py | 19 +++++++++++++++++++
3 files changed, 36 insertions(+), 1 deletions(-)

diff --git a/NEWS b/NEWS
index c52df4d..beb64d6 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,5 @@
0.131
+ - call pre_checkin.sh on build and commit (can be suppressed with
--no-precheckin)

0.130
- new "revert" command to restore the original working copy file (without
diff --git a/osc/commandline.py b/osc/commandline.py
index 456e621..5871622 100644
--- a/osc/commandline.py
+++ b/osc/commandline.py
@@ -3084,6 +3084,8 @@ Please submit there instead, or use --nodevelproject
to force direct submission. help='Skip the source validation')
@cmdln.option('--verbose-validation', default=False,
action="store_true", help='Run the source validation with verbose
information') + @cmdln.option('--no-precheckin', action='store_true',
default=False, + help="don't run pre_checkin.sh, if exists")
def do_commit(self, subcmd, opts, *args):
"""${cmd_name}: Upload content to the repository server

@@ -3133,6 +3135,8 @@ Please submit there instead, or use --nodevelproject
to force direct submission. if conf.config['do_package_tracking'] and
is_project_dir(arg): try:
prj = Project(arg)
+ if not opts.no_precheckin:
+ run_precheckin(prj.pacs_have)
prj.validate_pacs(validators, opts.verbose_validation)
if not msg:
msg = edit_message()
@@ -3166,6 +3170,8 @@ Please submit there instead, or use --nodevelproject
to force direct submission. single_paths.append(pac.dir)
for prj_path, packages in prj_paths.iteritems():
prj = Project(prj_path)
+ if not opts.no_precheckin:
+ run_precheckin((os.path.join(prj_path, p) for p in
packages)) prj.validate_pacs(validators, opts.verbose_validation,
*packages) if not msg:
msg = get_commit_msg(prj.absdir, pac_objs[prj_path])
@@ -3173,6 +3179,8 @@ Please submit there instead, or use --nodevelproject
to force direct submission. store_unlink_file(prj.absdir, '_commit_msg')
for pac in single_paths:
p = Package(pac)
+ if not opts.no_precheckin:
+ run_precheckin()
p.validate(validators, opts.verbose_validation)
if not msg:
msg = get_commit_msg(p.absdir, [p])
@@ -3181,6 +3189,8 @@ Please submit there instead, or use --nodevelproject
to force direct submission. else:
for p in pacs:
p = Package(pac)
+ if not opts.no_precheckin:
+ run_precheckin()
p.validate(validators, opts.verbose_validation)
if not msg:
msg = get_commit_msg(p.absdir, [p])
@@ -4092,7 +4102,7 @@ Please submit there instead, or use --nodevelproject
to force direct submission.

repositories = []
# store list of repos for potential offline use
- repolistfile = os.path.join(os.getcwd(), osc.core.store,
"_build_repositories") + repolistfile = os.path.join(os.getcwd(),
store, "_build_repositories") if noinit:
if os.path.exists(repolistfile):
f = open(repolistfile, 'r')
@@ -4234,6 +4244,8 @@ Please submit there instead, or use --nodevelproject
to force direct submission. help='take previous build from DIR (special
values: _self, _link)') @cmdln.option('--shell', action='store_true',
help=SUPPRESS_HELP)
+ @cmdln.option('--no-precheckin', action='store_true', default=False,
+ help="don't run pre_checkin.sh, if exists")
def do_build(self, subcmd, opts, *args):
"""${cmd_name}: Build a package on your local machine

@@ -4316,6 +4328,9 @@ Please submit there instead, or use --nodevelproject
to force direct submission. if opts.offline and opts.preload:
raise oscerr.WrongOptions('--offline and --preload are mutually
exclusive')

+ if not opts.no_precheckin:
+ run_precheckin()
+
print 'Building %s for %s/%s' % (args[2], args[0], args[1])
return osc.build.main(self.get_api_url(), opts, args)

diff --git a/osc/core.py b/osc/core.py
index 98d9a7b..fda1813 100644
--- a/osc/core.py
+++ b/osc/core.py
@@ -5954,4 +5954,23 @@ def filter_role(meta, user, role):
for node in delete:
root.remove(node)

+# run the pre_checkin.sh if exists
+def run_precheckin(packages=('.', )):
+ oldpwd = os.getcwd()
+ for dir in packages:
+ if os.path.isdir(dir):
+ os.chdir(dir)
+ if os.path.isfile('pre_checkin.sh'):
+ ret = subprocess.call(["/bin/sh", "pre_checkin.sh"])
+ if ret != 0:
+ script_name = 'pre_checkin.sh'
+ if dir != '.':
+ script_name = "%s/%s" % (dir, script_name)
+ #XXX: an ugly hack to prevent ../package - to me it
seems, there's a bug in do_commit + if script_name[:3]
== '../':
+ script_name = script_name[3:]
+ raise oscerr.ExtRuntimeError("sh %s has failed with
exit code %d, fix it or ignore using --no-precheckin" % (script_name, ret),
script_name) + os.chdir(oldpwd)
+ return True
+
# vim: sw=4 et

--
Adrian Schroeter
SUSE Linux Products GmbH
email: adrian@xxxxxxx

--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups