diff options
Diffstat (limited to 'eclass')
| -rw-r--r-- | eclass/git-r3.eclass | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass index bc7d4d92..c9d2731a 100644 --- a/eclass/git-r3.eclass +++ b/eclass/git-r3.eclass @@ -105,18 +105,22 @@ fi # @ECLASS-VARIABLE: EGIT_REPO_URI # @REQUIRED # @DESCRIPTION: -# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs -# are provided, the eclass will consider them as fallback URIs to try -# if the first URI does not work. For supported URI syntaxes, read up -# the manpage for git-clone(1). +# URIs to the repository, e.g. https://foo. If multiple URIs are +# provided, the eclass will consider the remaining URIs as fallbacks +# to try if the first URI does not work. For supported URI syntaxes, +# read the manpage for git-clone(1). # -# It can be overriden via env using ${PN}_LIVE_REPO variable. +# URIs should be using https:// whenever possible. http:// and git:// +# URIs are completely unsecured and their use (even if only as +# a fallback) renders the ebuild completely vulnerable to MITM attacks. +# +# It can be overridden via env using ${PN}_LIVE_REPO variable. # # Can be a whitespace-separated list or an array. # # Example: # @CODE -# EGIT_REPO_URI="git://a/b.git https://c/d.git" +# EGIT_REPO_URI="https://a/b.git https://c/d.git" # @CODE # @ECLASS-VARIABLE: EVCS_OFFLINE @@ -566,6 +570,16 @@ git-r3_fetch() { [[ ${repos[@]} ]] || die "No URI provided and EGIT_REPO_URI unset" + local r + for r in "${repos[@]}"; do + if [[ ${r} == git:* || ${r} == http:* ]]; then + ewarn "git-r3: ${r%%:*} protocol is completely unsecure and may render the ebuild" + ewarn "easily susceptible to MITM attacks (even if used only as fallback). Please" + ewarn "use https instead." + ewarn "[URI: ${r}]" + fi + done + local -x GIT_DIR _git-r3_set_gitdir "${repos[0]}" @@ -578,7 +592,7 @@ git-r3_fetch() { fi # try to fetch from the remote - local r success saved_umask + local success saved_umask if [[ ${EVCS_UMASK} ]]; then saved_umask=$(umask) umask "${EVCS_UMASK}" || die "Bad options to umask: ${EVCS_UMASK}" @@ -853,6 +867,9 @@ git-r3_checkout() { echo "${orig_repo}/objects" > "${GIT_DIR}"/objects/info/alternates || die # now copy the refs cp -R "${orig_repo}"/refs/* "${GIT_DIR}"/refs/ || die + if [[ -f ${orig_repo}/packed-refs ]]; then + cp "${orig_repo}"/packed-refs "${GIT_DIR}"/packed-refs || die + fi # (no need to copy HEAD, we will set it via checkout) |