aboutsummaryrefslogtreecommitdiffstats
path: root/pkg/git/git.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/git/git.go')
-rw-r--r--pkg/git/git.go69
1 files changed, 42 insertions, 27 deletions
diff --git a/pkg/git/git.go b/pkg/git/git.go
index e4a54f71d..f67db363a 100644
--- a/pkg/git/git.go
+++ b/pkg/git/git.go
@@ -21,8 +21,8 @@ const timeout = time.Hour // timeout for all git invocations
// This involves fetching/resetting/cloning as necessary to recover from all possible problems.
// Returns hash of the HEAD commit in the specified branch.
func Poll(dir, repo, branch string) (string, error) {
- osutil.RunCmd(timeout, dir, "git", "reset", "--hard")
- origin, err := osutil.RunCmd(timeout, dir, "git", "remote", "get-url", "origin")
+ runSandboxed(dir, "git", "reset", "--hard")
+ origin, err := runSandboxed(dir, "git", "remote", "get-url", "origin")
if err != nil || strings.TrimSpace(string(origin)) != repo {
// The repo is here, but it has wrong origin (e.g. repo in config has changed), re-clone.
if err := clone(dir, repo, branch); err != nil {
@@ -32,19 +32,19 @@ func Poll(dir, repo, branch string) (string, error) {
// Use origin/branch for the case the branch was force-pushed,
// in such case branch is not the same is origin/branch and we will
// stuck with the local version forever (git checkout won't fail).
- if _, err := osutil.RunCmd(timeout, dir, "git", "checkout", "origin/"+branch); err != nil {
+ if _, err := runSandboxed(dir, "git", "checkout", "origin/"+branch); err != nil {
// No such branch (e.g. branch in config has changed), re-clone.
if err := clone(dir, repo, branch); err != nil {
return "", err
}
}
- if _, err := osutil.RunCmd(timeout, dir, "git", "fetch", "--no-tags"); err != nil {
+ if _, err := runSandboxed(dir, "git", "fetch", "--no-tags"); err != nil {
// Something else is wrong, re-clone.
if err := clone(dir, repo, branch); err != nil {
return "", err
}
}
- if _, err := osutil.RunCmd(timeout, dir, "git", "checkout", "origin/"+branch); err != nil {
+ if _, err := runSandboxed(dir, "git", "checkout", "origin/"+branch); err != nil {
return "", err
}
return HeadCommit(dir)
@@ -53,37 +53,32 @@ func Poll(dir, repo, branch string) (string, error) {
// Checkout checkouts the specified repository/branch in dir.
// It does not fetch history and efficiently supports checkouts of different repos in the same dir.
func Checkout(dir, repo, branch string) (string, error) {
- if _, err := osutil.RunCmd(timeout, dir, "git", "reset", "--hard"); err != nil {
+ if _, err := runSandboxed(dir, "git", "reset", "--hard"); err != nil {
if err := initRepo(dir); err != nil {
return "", err
}
}
- output, err := osutil.RunCmd(timeout, dir, "git", "fetch", "--no-tags", "--depth=1", repo, branch)
+ _, err := runSandboxed(dir, "git", "fetch", "--no-tags", "--depth=1", repo, branch)
if err != nil {
- return "", fmt.Errorf("git fetch %v %v failed: %v\n%s", repo, branch, err, output)
+ return "", err
}
- if output, err := osutil.RunCmd(timeout, dir, "git", "checkout", "FETCH_HEAD"); err != nil {
- return "", fmt.Errorf("git checkout FETCH_HEAD failed: %v\n%s", err, output)
+ if _, err := runSandboxed(dir, "git", "checkout", "FETCH_HEAD"); err != nil {
+ return "", err
}
return HeadCommit(dir)
}
func clone(dir, repo, branch string) error {
- if err := os.RemoveAll(dir); err != nil {
- return fmt.Errorf("failed to remove repo dir: %v", err)
+ if err := initRepo(dir); err != nil {
+ return err
}
- if err := osutil.MkdirAll(dir); err != nil {
- return fmt.Errorf("failed to create repo dir: %v", err)
+ if _, err := runSandboxed(dir, "git", "remote", "add", "origin", repo); err != nil {
+ return err
}
- args := []string{
- "clone",
- repo,
- "--single-branch",
- "--branch", branch,
- dir,
+ if _, err := runSandboxed(dir, "git", "fetch", "origin", "master"); err != nil {
+ return err
}
- _, err := osutil.RunCmd(timeout, "", "git", args...)
- return err
+ return nil
}
func initRepo(dir string) error {
@@ -93,16 +88,18 @@ func initRepo(dir string) error {
if err := osutil.MkdirAll(dir); err != nil {
return fmt.Errorf("failed to create repo dir: %v", err)
}
- output, err := osutil.RunCmd(timeout, dir, "git", "init")
- if err != nil {
- return fmt.Errorf("failed to init git repo: %v\n%s", err, output)
+ if err := osutil.SandboxChown(dir); err != nil {
+ return err
+ }
+ if _, err := runSandboxed(dir, "git", "init"); err != nil {
+ return err
}
return nil
}
// HeadCommit returns hash of the HEAD commit of the current branch of git repository in dir.
func HeadCommit(dir string) (string, error) {
- output, err := osutil.RunCmd(timeout, dir, "git", "log", "--pretty=format:%H", "-n", "1")
+ output, err := runSandboxed(dir, "git", "log", "--pretty=format:%H", "-n", "1")
if err != nil {
return "", err
}
@@ -120,7 +117,7 @@ func ListRecentCommits(dir, baseCommit string) ([]string, error) {
// On upstream kernel this produces ~11MB of output.
// Somewhat inefficient to collect whole output in a slice
// and then convert to string, but should be bearable.
- output, err := osutil.RunCmd(timeout, dir, "git", "log",
+ output, err := runSandboxed(dir, "git", "log",
"--pretty=format:%s", "--no-merges", "-n", "200000", baseCommit)
if err != nil {
return nil, err
@@ -154,12 +151,18 @@ var commitPrefixes = []string{
func Patch(dir string, patch []byte) error {
// Do --dry-run first to not mess with partially consistent state.
cmd := osutil.Command("patch", "-p1", "--force", "--ignore-whitespace", "--dry-run")
+ if err := osutil.Sandbox(cmd, true, true); err != nil {
+ return err
+ }
cmd.Stdin = bytes.NewReader(patch)
cmd.Dir = dir
if output, err := cmd.CombinedOutput(); err != nil {
// If it reverses clean, then it's already applied
// (seems to be the easiest way to detect it).
cmd = osutil.Command("patch", "-p1", "--force", "--ignore-whitespace", "--reverse", "--dry-run")
+ if err := osutil.Sandbox(cmd, true, true); err != nil {
+ return err
+ }
cmd.Stdin = bytes.NewReader(patch)
cmd.Dir = dir
if _, err := cmd.CombinedOutput(); err == nil {
@@ -169,6 +172,9 @@ func Patch(dir string, patch []byte) error {
}
// Now apply for real.
cmd = osutil.Command("patch", "-p1", "--force", "--ignore-whitespace")
+ if err := osutil.Sandbox(cmd, true, true); err != nil {
+ return err
+ }
cmd.Stdin = bytes.NewReader(patch)
cmd.Dir = dir
if output, err := cmd.CombinedOutput(); err != nil {
@@ -177,6 +183,15 @@ func Patch(dir string, patch []byte) error {
return nil
}
+func runSandboxed(dir, command string, args ...string) ([]byte, error) {
+ cmd := osutil.Command(command, args...)
+ cmd.Dir = dir
+ if err := osutil.Sandbox(cmd, true, false); err != nil {
+ return nil, err
+ }
+ return osutil.Run(timeout, cmd)
+}
+
// CheckRepoAddress does a best-effort approximate check of a git repo address.
func CheckRepoAddress(repo string) bool {
return gitRepoRe.MatchString(repo)
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 03:24:59 +0000