please revert this ! We consider this a security issue, because you can't review always all possible existing pre_checkin.sh scripts. We want to solve most of these cases via source services. thanks adrian Am Mittwoch, 5. Januar 2011, 16:10:49 schrieb OBS osc:

From: Michal Vyskocil <mvyskocil@suse.cz>

The pre_checkin.sh is script run after each checkin of package into SUSE. Osc build and commit commands now runs it automatically too, unless --no-precheckin is specified. --- NEWS | 1 + osc/commandline.py | 17 ++++++++++++++++- osc/core.py | 19 +++++++++++++++++++ 3 files changed, 36 insertions(+), 1 deletions(-)

diff --git a/NEWS b/NEWS index c52df4d..beb64d6 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,5 @@ 0.131 + - call pre_checkin.sh on build and commit (can be suppressed with --no-precheckin)

0.130 - new "revert" command to restore the original working copy file (without diff --git a/osc/commandline.py b/osc/commandline.py index 456e621..5871622 100644 --- a/osc/commandline.py +++ b/osc/commandline.py @@ -3084,6 +3084,8 @@ Please submit there instead, or use --nodevelproject to force direct submission. help='Skip the source validation') @cmdln.option('--verbose-validation', default=False, action="store_true", help='Run the source validation with verbose information') + @cmdln.option('--no-precheckin', action='store_true', default=False, + help="don't run pre_checkin.sh, if exists") def do_commit(self, subcmd, opts, *args): """${cmd_name}: Upload content to the repository server

@@ -3133,6 +3135,8 @@ Please submit there instead, or use --nodevelproject to force direct submission. if conf.config['do_package_tracking'] and is_project_dir(arg): try: prj = Project(arg) + if not opts.no_precheckin: + run_precheckin(prj.pacs_have) prj.validate_pacs(validators, opts.verbose_validation) if not msg: msg = edit_message() @@ -3166,6 +3170,8 @@ Please submit there instead, or use --nodevelproject to force direct submission. single_paths.append(pac.dir) for prj_path, packages in prj_paths.iteritems(): prj = Project(prj_path) + if not opts.no_precheckin: + run_precheckin((os.path.join(prj_path, p) for p in packages)) prj.validate_pacs(validators, opts.verbose_validation, *packages) if not msg: msg = get_commit_msg(prj.absdir, pac_objs[prj_path]) @@ -3173,6 +3179,8 @@ Please submit there instead, or use --nodevelproject to force direct submission. store_unlink_file(prj.absdir, '_commit_msg') for pac in single_paths: p = Package(pac) + if not opts.no_precheckin: + run_precheckin() p.validate(validators, opts.verbose_validation) if not msg: msg = get_commit_msg(p.absdir, [p]) @@ -3181,6 +3189,8 @@ Please submit there instead, or use --nodevelproject to force direct submission. else: for p in pacs: p = Package(pac) + if not opts.no_precheckin: + run_precheckin() p.validate(validators, opts.verbose_validation) if not msg: msg = get_commit_msg(p.absdir, [p]) @@ -4092,7 +4102,7 @@ Please submit there instead, or use --nodevelproject to force direct submission.

repositories = [] # store list of repos for potential offline use - repolistfile = os.path.join(os.getcwd(), osc.core.store, "_build_repositories") + repolistfile = os.path.join(os.getcwd(), store, "_build_repositories") if noinit: if os.path.exists(repolistfile): f = open(repolistfile, 'r') @@ -4234,6 +4244,8 @@ Please submit there instead, or use --nodevelproject to force direct submission. help='take previous build from DIR (special values: _self, _link)') @cmdln.option('--shell', action='store_true', help=SUPPRESS_HELP) + @cmdln.option('--no-precheckin', action='store_true', default=False, + help="don't run pre_checkin.sh, if exists") def do_build(self, subcmd, opts, *args): """${cmd_name}: Build a package on your local machine

@@ -4316,6 +4328,9 @@ Please submit there instead, or use --nodevelproject to force direct submission. if opts.offline and opts.preload: raise oscerr.WrongOptions('--offline and --preload are mutually exclusive')

+ if not opts.no_precheckin: + run_precheckin() + print 'Building %s for %s/%s' % (args[2], args[0], args[1]) return osc.build.main(self.get_api_url(), opts, args)

diff --git a/osc/core.py b/osc/core.py index 98d9a7b..fda1813 100644 --- a/osc/core.py +++ b/osc/core.py @@ -5954,4 +5954,23 @@ def filter_role(meta, user, role): for node in delete: root.remove(node)

+# run the pre_checkin.sh if exists +def run_precheckin(packages=('.', )): + oldpwd = os.getcwd() + for dir in packages: + if os.path.isdir(dir): + os.chdir(dir) + if os.path.isfile('pre_checkin.sh'): + ret = subprocess.call(["/bin/sh", "pre_checkin.sh"]) + if ret != 0: + script_name = 'pre_checkin.sh' + if dir != '.': + script_name = "%s/%s" % (dir, script_name) + #XXX: an ugly hack to prevent ../package - to me it seems, there's a bug in do_commit + if script_name[:3] == '../': + script_name = script_name[3:] + raise oscerr.ExtRuntimeError("sh %s has failed with exit code %d, fix it or ignore using --no-precheckin" % (script_name, ret), script_name) + os.chdir(oldpwd) + return True + # vim: sw=4 et

-- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org