From 3de0d326956fa551a3dad6d65f6fabd9ff4282b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ontje=20L=C3=BCnsdorf?= <ontje.luensdorf@dlr.de>
Date: Fri, 11 Nov 2022 21:09:21 +0100
Subject: [PATCH] gnu: python-check-manifest: Relax git security settings in
 tests.

* gnu/packages/python-xyz.scm (python-check-manifest)[arguments]:
  Allow git submodule commands via file protocol during testing.
---
 gnu/packages/python-xyz.scm | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index e26656fa32..857e4fc207 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -25580,6 +25580,17 @@ (define-public python-check-manifest
     (build-system python-build-system)
     (native-inputs
      (list python-mock git))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; Tests use git submodule commands over the file transport, which
+         ;; has been disabled in git, see CVE-2022-39253. Enable these
+         ;; commands to allow checks to succeed.
+         (add-before 'check 'allow-git-submodule-add
+           (lambda _
+             (setenv "HOME" "/tmp")
+             (invoke "git" "config" "--global"
+                     "protocol.file.allow" "always"))))))
     (home-page "https://github.com/mgedmin/check-manifest")
     (synopsis "Check MANIFEST.in in a Python source package for completeness")
     (description "Python package can include a MANIFEST.in file to help with
-- 
2.38.1