From: <Ontje.Luensdorf@dlr.de>
To: 59202@debbugs.gnu.org
Subject: [bug#59202] [PATCH] python-check-manifest: Relax git security settings in tests.
Date: Fri, 11 Nov 2022 20:15:02 +0000 [thread overview]
Message-ID: <87cz9txn7e.fsf@dlr.de> (raw)
[-- Attachment #1: Type: text/plain, Size: 215 bytes --]
Hi Guix,
the git security fixes for CVE-2022-39253 break submodule tests in
python-check-manifest. This patch works around the issue by disabling
the security check in the check phase.
Best regards,
Ontje
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-python-check-manifest-Relax-git-security-setting.patch --]
[-- Type: text/x-patch; name="0001-gnu-python-check-manifest-Relax-git-security-setting.patch", Size: 1562 bytes --]
From 3de0d326956fa551a3dad6d65f6fabd9ff4282b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ontje=20L=C3=BCnsdorf?= <ontje.luensdorf@dlr.de>
Date: Fri, 11 Nov 2022 21:09:21 +0100
Subject: [PATCH] gnu: python-check-manifest: Relax git security settings in
tests.
* gnu/packages/python-xyz.scm (python-check-manifest)[arguments]:
Allow git submodule commands via file protocol during testing.
---
gnu/packages/python-xyz.scm | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index e26656fa32..857e4fc207 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -25580,6 +25580,17 @@ (define-public python-check-manifest
(build-system python-build-system)
(native-inputs
(list python-mock git))
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ ;; Tests use git submodule commands over the file transport, which
+ ;; has been disabled in git, see CVE-2022-39253. Enable these
+ ;; commands to allow checks to succeed.
+ (add-before 'check 'allow-git-submodule-add
+ (lambda _
+ (setenv "HOME" "/tmp")
+ (invoke "git" "config" "--global"
+ "protocol.file.allow" "always"))))))
(home-page "https://github.com/mgedmin/check-manifest")
(synopsis "Check MANIFEST.in in a Python source package for completeness")
(description "Python package can include a MANIFEST.in file to help with
--
2.38.1
next reply other threads:[~2022-11-11 20:51 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-11 20:15 Ontje.Luensdorf [this message]
2022-11-19 18:36 ` bug#59202: [PATCH] python-check-manifest: Relax git security settings in tests Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87cz9txn7e.fsf@dlr.de \
--to=ontje.luensdorf@dlr.de \
--cc=59202@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).