From 626190f7c51fbdd2a1766ee448fa6cfb507804d7 Mon Sep 17 00:00:00 2001 From: risk danger olson Date: Tue, 27 Oct 2015 07:03:18 -0600 Subject: [PATCH 1/6] add debugging --- script/integration.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/script/integration.go b/script/integration.go index 968987e7..abfb32ed 100644 --- a/script/integration.go +++ b/script/integration.go @@ -11,12 +11,17 @@ import ( ) var ( + debugging = false erroring = false maxprocs = 4 testPattern = regexp.MustCompile(`test/test-([a-z\-]+)\.sh$`) ) func mainIntegration() { + if len(os.Getenv("DEBUG")) > 0 { + debugging = true + } + if maxprocs < 1 { maxprocs = 1 } @@ -111,9 +116,16 @@ func testFiles() []string { func allTestFiles() []string { files := make([]string, 0, 100) filepath.Walk("test", func(path string, info os.FileInfo, err error) error { + if debugging { + fmt.Println("FOUND:", path) + } if err != nil || info.IsDir() || !testPattern.MatchString(path) { return nil } + + if debugging { + fmt.Println("MATCHING:", path) + } files = append(files, path) return nil }) From 589ab9bd99d7f56a24a8ddce4f63e2a0f9b4d152 Mon Sep 17 00:00:00 2001 From: risk danger olson Date: Tue, 27 Oct 2015 07:04:54 -0600 Subject: [PATCH 2/6] backslashes --- script/integration.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/integration.go b/script/integration.go index abfb32ed..bf320c5b 100644 --- a/script/integration.go +++ b/script/integration.go @@ -14,7 +14,7 @@ var ( debugging = false erroring = false maxprocs = 4 - testPattern = regexp.MustCompile(`test/test-([a-z\-]+)\.sh$`) + testPattern = regexp.MustCompile(`test[/\\]test-([a-z\-]+)\.sh$`) ) func mainIntegration() { From b89d912bcfd057d7d56fb2aa20a59a2048627af7 Mon Sep 17 00:00:00 2001 From: risk danger olson Date: Tue, 27 Oct 2015 07:11:29 -0600 Subject: [PATCH 3/6] update integration script to look for bash --- script/integration.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/script/integration.go b/script/integration.go index bf320c5b..1ebdf4d6 100644 --- a/script/integration.go +++ b/script/integration.go @@ -11,6 +11,7 @@ import ( ) var ( + bashPath string debugging = false erroring = false maxprocs = 4 @@ -22,6 +23,8 @@ func mainIntegration() { debugging = true } + setBash() + if maxprocs < 1 { maxprocs = 1 } @@ -58,7 +61,7 @@ func mainIntegration() { } func runTest(output chan string, test string) { - out, err := exec.Command("/bin/bash", test).CombinedOutput() + out, err := exec.Command(bashPath, test).CombinedOutput() if err != nil { erroring = true } @@ -131,3 +134,16 @@ func allTestFiles() []string { }) return files } + +func setBash() { + out, err := exec.Command("which", "bash").Output() + if err != nil { + fmt.Println("Unable to find bash:", err) + os.Exit(1) + } + + bashPath = strings.TrimSpace(string(out)) + if debugging { + fmt.Println("Using", bashPath) + } +} From 2182d86bf348771ab8f01502f0e717965faeef04 Mon Sep 17 00:00:00 2001 From: risk danger olson Date: Tue, 27 Oct 2015 07:22:23 -0600 Subject: [PATCH 4/6] remove exit and put tests in the right order this was supposed to be a test change while getting the tests to pass --- test/test-happy-path.sh | 68 ++++++++++++++++++++--------------------- 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/test/test-happy-path.sh b/test/test-happy-path.sh index efde9ff4..de6a44b4 100755 --- a/test/test-happy-path.sh +++ b/test/test-happy-path.sh @@ -4,41 +4,6 @@ . "test/testlib.sh" -begin_test "clears local temp objects" -( - set -e - - mkdir repo-temp-objects - cd repo-temp-objects - git init - - # abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01 - mkdir -p .git/lfs/objects/go/od - mkdir -p .git/lfs/tmp/objects - - touch .git/lfs/objects/go/od/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx - touch .git/lfs/tmp/objects/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx-rand123 - touch .git/lfs/tmp/objects/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx-rand456 - touch .git/lfs/tmp/objects/badabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxy-rand123 - touch .git/lfs/tmp/objects/badabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxy-rand456 - - GIT_TRACE=5 git lfs env - - # object file exists - [ -e ".git/lfs/objects/go/od/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx" ] - - # newer tmp files exist - [ -e ".git/lfs/tmp/objects/badabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxy-rand123" ] - [ -e ".git/lfs/tmp/objects/badabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxy-rand456" ] - - # existing tmp files were cleaned up - [ ! -e ".git/lfs/tmp/objects/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx-rand123" ] - [ ! -e ".git/lfs/tmp/objects/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx-rand456" ] -) -end_test - -exit 0 - begin_test "happy path" ( set -e @@ -98,3 +63,36 @@ begin_test "happy path" assert_pointer "master" "a.dat" "$contents_oid" 1 ) end_test + +begin_test "clears local temp objects" +( + set -e + + mkdir repo-temp-objects + cd repo-temp-objects + git init + + # abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01 + mkdir -p .git/lfs/objects/go/od + mkdir -p .git/lfs/tmp/objects + + touch .git/lfs/objects/go/od/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx + touch .git/lfs/tmp/objects/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx-rand123 + touch .git/lfs/tmp/objects/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx-rand456 + touch .git/lfs/tmp/objects/badabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxy-rand123 + touch .git/lfs/tmp/objects/badabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxy-rand456 + + GIT_TRACE=5 git lfs env + + # object file exists + [ -e ".git/lfs/objects/go/od/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx" ] + + # newer tmp files exist + [ -e ".git/lfs/tmp/objects/badabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxy-rand123" ] + [ -e ".git/lfs/tmp/objects/badabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxy-rand456" ] + + # existing tmp files were cleaned up + [ ! -e ".git/lfs/tmp/objects/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx-rand123" ] + [ ! -e ".git/lfs/tmp/objects/goodabcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwx-rand456" ] +) +end_test From 16e362eee662d322ecc133bb56ff2827c8bf497d Mon Sep 17 00:00:00 2001 From: risk danger olson Date: Tue, 27 Oct 2015 09:30:41 -0600 Subject: [PATCH 5/6] fix the packagecloud script --- script/packagecloud.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/script/packagecloud.rb b/script/packagecloud.rb index 323c0468..ac833461 100644 --- a/script/packagecloud.rb +++ b/script/packagecloud.rb @@ -6,6 +6,8 @@ packagecloud_token = ENV["PACKAGECLOUD_TOKEN"] || begin exit 1 end +require "json" + begin require "packagecloud" rescue LoadError From afab33ad1c3e9af88261289ce578b8f203ad8134 Mon Sep 17 00:00:00 2001 From: risk danger olson Date: Tue, 27 Oct 2015 09:34:26 -0600 Subject: [PATCH 6/6] update changelog to match release notes --- CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 050bb79c..0556b2f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,13 +11,18 @@ * Improved default remote behaviour & validation for fetch/pull #713 (@sinbad) * Make fetch return error code when 1+ downloads failed #734 (@sinbad) * Improve lfs.InRepo() detection in `init`/`update` #756 (@technoweenie) -* whitelist the valid keys read from .gitconfig #760 (@technoweenie) * Teach smudge to use the batch api #711 (@rubyist) * Fix not setting global attribute when needed to b/c of local state #765 (@sinbad) * Fix clone fail when fetch is excluded globally #770 (@sinbad) * Fix for partial downloads problem #763 (@technoweenie) * Get integration tests passing on Windows #771 (@sinbad) +### Security + +* Whitelist the valid keys read from .gitconfig #760 (@technoweenie) + +This prevents unsafe git configuration values from being used by Git LFS. + ## v1.0 (1 October, 2015) * Manual reference is integrated into the "help" options #665 @sinbad