1
0
mirror of https://github.com/openSUSE/osc.git synced 2025-01-03 21:36:15 +01:00
Commit Graph

2767 Commits

Author SHA1 Message Date
4cc87b2c57 fix DISTURL checkout for package containers using a multibuild flavor 2018-06-27 10:25:45 +02:00
Sean Kelly
b42e6f5e04 Support larger uids and gids 2018-06-25 16:55:47 -04:00
Marcus Huewe
b730f880cf Disable ssl session resumption
The old code could potentially yield to a use-after-free situation,
which results in UB. For this, consider the following scenario, where
osc performs several HTTPS requests (assumption: the server supports
ssl session resumption):

- HTTPS Request 1:
  * a new SSL *s connection is established, which also creates a new
    SSL_SESSION *ss => ss->references == 1
  * once the handshake is done, the ss is put into the session cache
    (see ssl_update_cache) => ss->references == 2
  - osc saves the session ss in a class variable
  - s is SSL_free()d, which calls SSL_SESSION_free => ss->references == 1

- HTTPS Request 2:
  * setup a new SSL *s connection that reuses the saved session ss
    => ss->references == 2
  * once the handshake is done, ssl_update_cache is called, which is a
    NOP, because s->hit == 1 (that is, the session was resumed)
  * osc saves the session ss in a class variable
  * s is SSL_free()d, which calls SSL_SESSION_free => ss->references == 1

...

> 2 hours later (see tls1_default_timeout)

...

- HTTPS Request 256:
  * setup a new SSL *s connection that reuses the saved session ss
    => ss->references == 2
  * once the handshake is done, ssl_update_cache is called, but is
    _no_ NOP anymore
  * ssl_update_cache flushes the session cache (this is done every
    255/256 (depending on the way we count) connections) => ss is
    SSL_SESSION_free()d => ss->references == 1
  * osc saves the session ss in a class variable
  * s is SSL_free()d, which calls SSL_SESSION_free:
    since ss->references == 1, ss is eventually free()d

- HTTPS Request 257:
  * setup a new SSL *s connection that reuses the saved session ss

Since ss does not exist anymore, the remaining program execution is UB.

(Note: SSL_free(...) is _NOT_ called, if M2Crypto 0.29 is used.
M2Crypto 0.30 calls SSL_free(...) again.)

Due to a bug in OpenSSL_1_1_0h (see openssl commit 8e405776858) the
scenario from above can be triggered with exactly 2 HTTPS requests (the
SSL_SESSION is not cached, because we configured SSL_VERIFY_PEER, but
no sid_ctx was set). This is fixed in openssl commit c4fa1f7fc01.

In order to reliably reuse a session, we probably need to listen to the
session cache changes. Such callbacks could be registered via
SSL_CTX_sess_set_new_cb and/or SSL_CTX_sess_set_remove_cb, but both
functions are not provided by M2Crypto. Another idea is to directly utilize
the session cache, but this also has to be implemented in M2Crypto first.
Yet another approach is to retrieve the session via SSL_get1_session, which
increases the session's refcnt, but this also needs to be implemented in
M2Crypto first (if we choose to use this approach, we also have to make
sure that we eventually free the session manually...).

Fixes: #398 ("SIGSEGV on \"osc commit\"")
2018-05-08 14:32:33 +02:00
jonsger
6bd8572cf7
Fix typo in "osc revert" help 2018-05-03 16:16:38 +02:00
Marcus Huewe
d6a04e5327 Merge branch 'master' of https://github.com/adrianschroeter/osc
Always pass the "--statistics" option to the build script (only affects
a vm build). It is not implemented as an option, because we already have
so many of them... (see also https://github.com/openSUSE/osc/pull/412).
2018-05-03 11:02:57 +02:00
Marcus Huewe
88274c92ed Merge branch 'fix_newline_in_verbose' of https://github.com/lethliel/osc
Print each unresolvable on a separate line.
2018-05-03 09:57:02 +02:00
0c3edd3fa0 always run build using --statistics. I could have made this
yet another option, but
* only very old build scripts don't know it, we should just require a recent one
* build script is ignoring it for chroot case

so why bother with another option?
2018-04-27 15:01:09 +02:00
bfcfddb0da fix some commands when used with / syntax between arguments 2018-04-27 14:41:08 +02:00
628f7e2cf5 - support "addcontainers" command 2018-04-27 09:16:13 +02:00
Marcus Huewe
d756f56af2 Show diff when creating a new comment (interactive_review)
Note that the diff is only shown, if it was requested before (that is
the "i" command was issued). The new behavior is consistent with the
other commands like "a", "d" etc.
2018-04-26 17:01:49 +02:00
lethliel
b7ada2cb5b fix missing newline in osc r -v
This adds a newline after unresolvable:. So the
messages are now well printed.
2018-04-26 15:38:25 +02:00
Marcus Huewe
cbd10644a2 Merge branch 'fix_IncompleteRead' of https://github.com/lethliel/osc
Retry 3 times in print_buildlog in case of an incomplete read. (Instead
of 3, the "http_retries" config option might be more appropriate.)
2018-04-25 11:02:52 +02:00
lethliel
1caa825e89 fixed IncompleteRead(0) error on long builds.
catch IncompleteRead() and retry until retry_counter is
reached. Then re-raise IncompleteRead()
2018-04-24 10:44:46 +02:00
lethliel
eb2647fd4f fix order of options valdiation. Now -P and -p is
honored if given by user.
2018-04-18 16:04:06 +02:00
fba9af7eee add new options to diff command:
--unexpand for local diffs only (bsc#1089025)
--meta for diffing meta files
2018-04-11 08:01:45 +02:00
Marcus Huewe
5341f3aae5 Merge branch 'fix_dod_get_binaries' of https://github.com/lethliel/osc
Support dod binaries in core.get_binarylist.
2018-03-14 14:06:13 +01:00
lethliel
9b42897413 fix getbinaries with DOD binaries
getbinaries of dod binaries do not have a size or mtime.
This will break. So just set to None and print unkown instead.
2018-03-14 13:45:38 +01:00
Marcus Huewe
a25209ac31 Merge branch 'improve_created_binaries_msg' of https://github.com/lethliel/osc
Improve message that is printed during "osc getbinaries...".
2018-03-13 15:16:12 +01:00
lethliel
e042c585c0 change output when creating binaries directory
was:
Creating binaries

is now:
Creating directory "binaries"
2018-03-13 15:00:46 +01:00
Marcus Huewe
caaefb0bf5 Fix and simplify util.safewriter.SafeWriter
Storing the error encoding in an "encoding" attribute "breaks" the
python3 "input" function: In essence, builtin_input_impl does a
getattr(sys.stdout, 'encoding'), which returns our error encoding
instead of the "real" stdout encoding. In order to avoid this, we
store the error encoding in an "_encoding" attribute.

Making SafeWriter a new-style class simplifies the code a lot.
2018-03-09 16:55:56 +01:00
305501f92c Revert "handle SSL connection closing ourself as advised in boo#1068470 bye"
This reverts commit 0ddb598743.

was incomplete and seems to be the wrong approach
2018-02-26 15:54:20 +01:00
Marcus Huewe
5fb71aa6d4 Merge branch 'fix_385' of https://github.com/lethliel/osc
Fix for python26, since it does not support an epath/xpath like
.//entry[@hash].

Fixes: #385 ("osc 0.162.x does not work anymore on SLE11")
2018-02-23 13:29:11 +01:00
Marco Strigl
e017a8e237 do not use complex path separator fixes #385
This is a fix for issue #385. osc commit breaks due to
the use of sfilelist.findall('.//entry[@hash]')

I now will iterate through the sfilelist and use

for entry in sfilelist.findall('entry'):
    if entry.get('hash'):
        ... execute hash code ...

This is a little bit slower, but should not break
on SLE11 anymore
2018-02-23 13:24:48 +01:00
0ddb598743 handle SSL connection closing ourself as advised in boo#1068470 bye
M2Crypto upstream maintainer.

Should fix hanging connections
2018-02-23 07:33:27 +01:00
Björn Geuken
030c2a41f8 Fix typo in example for osc search 2018-02-18 21:27:22 +01:00
Marcus Huewe
8948a26ae4 Fix --multibuild-package option handling in do_sendsysrq
Concatenating a str and a list does not work.
2018-02-09 15:35:52 +01:00
7fc251d81e fix sendsysrq command description 2018-02-09 10:08:13 +01:00
80352cbfc7 add sendsysrq command 2018-02-09 08:50:21 +01:00
Marcus Huewe
9c4f0d5d30 Ignore "--alternative-project <prj>" if it is equal to the wc's project
Without this change, using "--alternative-project <prj>" in combination
with "--multibuild-package <flavor>" yields to unexpected results (from
a user's point of view). Note that this may break existing (artificial)
workflows (e.g., using --alternative-project to ignore the package
meta's debuginfo flag), but these workflows should be rare and there
are options to achieve the same.

Fixes: #376 ("osc build -M something does not work with
--alternative-project")
2018-02-07 14:35:35 +01:00
Andreas Schwab
50222810f0 osc chroot: also mount devpts
This is needed for running expect, for example.
2018-01-28 16:53:52 +01:00
5e3fe8ba08 give a hint which package to install to get CA certificates 2018-01-26 09:46:52 +01:00
Marcus Huewe
d0213c63a9 All values in the conf.DEFAULTS dict should be strings
Non-strings cause errors during config value interpolation.

Fixes: #372 ("Commit causes crash: The 'build-jobs' config option
should be an integer")
2018-01-24 14:00:02 +01:00
Marcus Huewe
1a92c8b995 The 'build-jobs' config option should be an integer
This fixes the "config['build-jobs'] > 1" check in the build module.
2018-01-23 12:28:55 +01:00
Marcus Huewe
8cb0246c10 Merge branch 'fix_369_crash_at_req_issues' of https://github.com/lethliel/osc
Only include a tag if it "has" text in get_request_issues. Note
that the code in get_formatted_issues always assumes the presence
of the "label" tag.

Fixes: #369 ("crash trying to view diff of a request")
2018-01-22 14:46:21 +01:00
Marco Strigl
5b3d8633fa only assign issue detail if text for tag exists 2018-01-22 11:00:40 +01:00
Marco Strigl
2405134cbf fixes not working osc maintainer <prj>
The retrun at this point breaks the call, because in most
cases <prj> is not a binary. And the code always checks for the
binary first and then returns if no binary with the name <prj>
is found.
2018-01-11 11:57:22 +01:00
Marcus Huewe
0b241a9586 Consider "recommends" and "supplements" in build.create_deps
Fixes: #363 ("osc build -p ../rpms/tw doesnt send recommends to
the server which makes client side build behave differently to server
side build").
2017-12-26 23:28:14 +01:00
Marcus Huewe
ebb2f2ee0d Add support for querying weak dependencies
The following abstract methods are added to the PackageQueryResult
class: recommends(), suggests(), supplements(), and enhances().
Note that not all package/metadata formats have a notion of these
weak dependencies.

              rpm   rpmmd   deb   arch
recommends     x      x      x
suggests       x      x      x     x
supplements    x      x
enhances       x      x      x

(where "x" represents "supported"). In case of an unsupported weak
dependency, the implementation returns an empty list.

We need the weak dependency support in order to fix #363 ("osc build
-p ../rpms/tw doesnt send recommends to the server which makes client
side build behave differently to server side build").
2017-12-26 23:14:47 +01:00
ChrisWi
26f00c6749 change WARNING message for better understanding 2017-12-14 12:11:25 +01:00
lethliel
43be8f0e9c add meaningful error if no attribute name 2017-12-08 13:20:24 +01:00
Marcus Huewe
b1d6d8347b Fix "osc buildinfo --prefer-pkgs <dir>..." (finally!)
This is a follow-up commit for commit ce9a6d0 ("Fixed
\"osc buildinfo --prefer-pkgs...\"").
2017-12-06 18:04:30 +01:00
lethliel
aa01b1c52a reopen 0.163 development 2017-12-06 10:22:15 +01:00
lethliel
067fd4cd2d release 0.162.1 2017-12-05 14:29:03 +01:00
Marcus Huewe
9116d8ff97 Support expansion/unexpansion of a link when updating to certain rev
There is no good reason why "--revision <rev>" and "--expand-link" or
"--revision <rev>" and "--unexpand-link" should be mutually exclusive
during an "osc up" of a package wc.
Introduce the new "--linkrev <rev>" option to specify a rev of the link
target that is used during link expansion.
2017-12-03 16:45:36 +01:00
Marcus Huewe
f698103977 Send sha256 hashes for tracked files if the wc is pulled/linkrepair
In case of a pulled/linkrepair wc, it is possible that the backend
requests a hash for a tracked file, which is neither added, restored,
nor modified. For instance, this can happen if a new file was added
to the link target. Hence, for a pulled/linkrepair wc always send
the sha256 hashes of the tracked files.
2017-12-03 15:02:22 +01:00
e818989d21 0.163 development open 2017-11-28 15:13:26 +01:00
2b0f015de0 0.162.0 2017-11-28 15:12:29 +01:00
lethliel
f0325eb0b5 added code to get the sha256 hashes of files
This is needed for a new validation of the source server.

The source server will 'ask' for the sha256 sum of files which are new or
modified and osc calculates the sha256 sums for those files and sends them
back to the server.

The server checks the sha256 sums and if dies if something is wrong.
2017-11-27 16:18:19 +01:00
Marcus Huewe
03c25eb8f9 Merge branch 'return_external_2.6_compat' of https://github.com/lethliel/osc
Workaround for python26 due to missing subprocess.check_output.

Fixes: #355 ("subprocess.check_output() not in Python 2.6")
2017-11-21 14:25:55 +01:00
lethliel
7581856d9b added compat code for python 2.6
if subprocess has no method check_output us Popen instead
2017-11-21 14:06:31 +01:00