mirror of
https://github.com/openSUSE/osc.git
synced 2024-12-27 10:16:14 +01:00
Merge pull request #1313 from dmach/trusted_prj-globs
Add glob support to the 'trusted_prj' config option
This commit is contained in:
commit
3f9b9a2fb8
15
osc/build.py
15
osc/build.py
@ -3,6 +3,7 @@
|
|||||||
# and distributed under the terms of the GNU General Public Licence,
|
# and distributed under the terms of the GNU General Public Licence,
|
||||||
# either version 2, or (at your option) any later version.
|
# either version 2, or (at your option) any later version.
|
||||||
|
|
||||||
|
import fnmatch
|
||||||
import glob
|
import glob
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
@ -548,14 +549,24 @@ trustprompt = """Would you like to ...
|
|||||||
? """
|
? """
|
||||||
|
|
||||||
|
|
||||||
def check_trusted_projects(apiurl, projects):
|
def check_trusted_projects(apiurl, projects, interactive=True):
|
||||||
trusted = conf.config['api_host_options'][apiurl]['trusted_prj']
|
trusted = conf.config['api_host_options'][apiurl]['trusted_prj']
|
||||||
tlen = len(trusted)
|
tlen = len(trusted)
|
||||||
for prj in projects:
|
for prj in projects:
|
||||||
if prj not in trusted:
|
is_trusted = False
|
||||||
|
for pattern in trusted:
|
||||||
|
if fnmatch.fnmatch(prj, pattern):
|
||||||
|
is_trusted = True
|
||||||
|
break
|
||||||
|
if not is_trusted:
|
||||||
print("\nThe build root needs packages from project '%s'." % prj)
|
print("\nThe build root needs packages from project '%s'." % prj)
|
||||||
print("Note that malicious packages can compromise the build result or even your system.")
|
print("Note that malicious packages can compromise the build result or even your system.")
|
||||||
|
|
||||||
|
if interactive:
|
||||||
r = raw_input(trustprompt % {'project': prj})
|
r = raw_input(trustprompt % {'project': prj})
|
||||||
|
else:
|
||||||
|
r = "0"
|
||||||
|
|
||||||
if r == '1':
|
if r == '1':
|
||||||
print("adding '%s' to oscrc: ['%s']['trusted_prj']" % (prj, apiurl))
|
print("adding '%s' to oscrc: ['%s']['trusted_prj']" % (prj, apiurl))
|
||||||
trusted.append(prj)
|
trusted.append(prj)
|
||||||
|
39
tests/test_build.py
Normal file
39
tests/test_build.py
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
import importlib
|
||||||
|
import unittest
|
||||||
|
|
||||||
|
import osc.conf
|
||||||
|
from osc.build import check_trusted_projects
|
||||||
|
from osc.oscerr import UserAbort
|
||||||
|
|
||||||
|
|
||||||
|
class TestTrustedProjects(unittest.TestCase):
|
||||||
|
def setUp(self):
|
||||||
|
# reset the global `config` in preparation for running the tests
|
||||||
|
importlib.reload(osc.conf)
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
# reset the global `config` to avoid impacting tests from other classes
|
||||||
|
importlib.reload(osc.conf)
|
||||||
|
|
||||||
|
def test_name(self):
|
||||||
|
apiurl = "https://example.com"
|
||||||
|
osc.conf.config["apiurl"] = apiurl
|
||||||
|
osc.conf.config.setdefault("api_host_options", {}).setdefault(apiurl, {}).setdefault("trusted_prj", None)
|
||||||
|
|
||||||
|
osc.conf.config["api_host_options"][apiurl]["trusted_prj"] = []
|
||||||
|
self.assertRaises(UserAbort, check_trusted_projects, apiurl, ["foo"], interactive=False)
|
||||||
|
|
||||||
|
osc.conf.config["api_host_options"][apiurl]["trusted_prj"] = ["qwerty", "foo", "asdfg"]
|
||||||
|
check_trusted_projects(apiurl, ["foo"], interactive=False)
|
||||||
|
|
||||||
|
def test_glob(self):
|
||||||
|
apiurl = "https://example.com"
|
||||||
|
osc.conf.config["apiurl"] = apiurl
|
||||||
|
osc.conf.config.setdefault("api_host_options", {}).setdefault(apiurl, {}).setdefault("trusted_prj", None)
|
||||||
|
|
||||||
|
osc.conf.config["api_host_options"][apiurl]["trusted_prj"] = ["f*"]
|
||||||
|
check_trusted_projects(apiurl, ["foo"], interactive=False)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
unittest.main()
|
Loading…
Reference in New Issue
Block a user