##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r27878:e7bd55db default
r32050:77eaf953 4.1.3 stable
Show More
buildrpm
161 lines | 4.0 KiB | text/plain | TextLexer
Mathias De Maré
buildrpm: use bash shebang, since we use bash features in the script...
r27878 #!/bin/bash -e
mpm@selenic.com
[PATCH] Add contrib/buildrpm script...
r564 #
Mads Kiilerich
buildrpm: various minor cleanup
r21638 # Build a Mercurial RPM from the current repo
mpm@selenic.com
[PATCH] Add contrib/buildrpm script...
r564 #
Mads Kiilerich
contrib/buildrpm: Support python 2.4 and 2.6
r8867 # Tested on
Mads Kiilerich
buildrpm: various minor cleanup
r21638 # - Fedora 20
# - CentOS 5
# - centOS 6
mpm@selenic.com
[PATCH] Add contrib/buildrpm script...
r564
Augie Fackler
packaging: extract packagelib for common code from builddeb and buildrpm
r24972 . $(dirname $0)/packagelib.sh
Mads Kiilerich
buildrpm: introduce --prepare for preparing without actually building rpms
r22435 BUILD=1
Mads Kiilerich
buildrpm: introduce --rpmdir instead of using hardcoded rpmbuild dir...
r22437 RPMBUILDDIR="$PWD/rpmbuild"
Mads Kiilerich
buildrpm: introduce --prepare for preparing without actually building rpms
r22435 while [ "$1" ]; do
case "$1" in
--prepare )
shift
BUILD=
;;
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 --withpython | --with-python)
shift
Mads Kiilerich
contrib: offer Python 2.7.10
r26735 PYTHONVER=2.7.10
PYTHONMD5=d7547558fd673bd9d38e2108c6b42521
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 ;;
Mads Kiilerich
buildrpm: introduce --rpmdir instead of using hardcoded rpmbuild dir...
r22437 --rpmbuilddir )
shift
RPMBUILDDIR="$1"
shift
;;
Mads Kiilerich
buildrpm: introduce --prepare for preparing without actually building rpms
r22435 * )
echo "Invalid parameter $1!" 1>&2
exit 1
;;
esac
done
Gilles Moris
buildrpm: enable to start the script from anywhere...
r9811 cd "`dirname $0`/.."
Mads Kiilerich
buildrpm: complain when hg command isn't available...
r7431
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 specfile=$PWD/contrib/mercurial.spec
Gilles Moris
buildrpm: cleanup script
r9812 if [ ! -f $specfile ]; then
echo "Cannot find $specfile!" 1>&2
exit 1
fi
mpm@selenic.com
[PATCH] Add contrib/buildrpm script...
r564
Gilles Moris
buildrpm: cleanup script
r9812 if [ ! -d .hg ]; then
mpm@selenic.com
[PATCH] Add contrib/buildrpm script...
r564 echo 'You are not inside a Mercurial repository!' 1>&2
exit 1
fi
Augie Fackler
packaging: extract packagelib for common code from builddeb and buildrpm
r24972 gethgversion
Gilles Moris
buildrpm: build from working dir parent and use hg version for RPM versioning...
r9809
Augie Fackler
packaging: rework version detection and declaration (issue4912)...
r26833 # TODO: handle distance/node set, and type set
if [ -z "$type" ] ; then
release=1
else
release=0.9_$type
fi
if [ -n "$distance" ] ; then
release=$release+$distance_$node
fi
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 if [ "$PYTHONVER" ]; then
release=$release+$PYTHONVER
RPMPYTHONVER=$PYTHONVER
else
RPMPYTHONVER=%{nil}
fi
mpm@selenic.com
[PATCH] Add contrib/buildrpm script...
r564
Mathias De Maré
buildrpm: move creation of RPM directories from dockerrpm...
r27788 mkdir -p $RPMBUILDDIR/{SOURCES,BUILD,SRPMS,RPMS}
Mads Kiilerich
buildrpm: introduce --rpmdir instead of using hardcoded rpmbuild dir...
r22437 $HG archive -t tgz $RPMBUILDDIR/SOURCES/mercurial-$version-$release.tar.gz
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 if [ "$PYTHONVER" ]; then
(
Mads Kiilerich
rpms: create missing builds dir if it doesn't exist
r24730 mkdir -p build
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 cd build
PYTHON_SRCFILE=Python-$PYTHONVER.tgz
[ -f $PYTHON_SRCFILE ] || curl -Lo $PYTHON_SRCFILE http://www.python.org/ftp/python/$PYTHONVER/$PYTHON_SRCFILE
Mads Kiilerich
contrib: buildrpm checking of md5 checksums of downloaded Python and Docutils
r23141 if [ "$PYTHONMD5" ]; then
echo "$PYTHONMD5 $PYTHON_SRCFILE" | md5sum -w -c
fi
Mads Kiilerich
buildrpm: introduce --rpmdir instead of using hardcoded rpmbuild dir...
r22437 ln -f $PYTHON_SRCFILE $RPMBUILDDIR/SOURCES/$PYTHON_SRCFILE
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436
DOCUTILSVER=`sed -ne "s/^%global docutilsname docutils-//p" $specfile`
DOCUTILS_SRCFILE=docutils-$DOCUTILSVER.tar.gz
[ -f $DOCUTILS_SRCFILE ] || curl -Lo $DOCUTILS_SRCFILE http://downloads.sourceforge.net/project/docutils/docutils/$DOCUTILSVER/$DOCUTILS_SRCFILE
Mads Kiilerich
contrib: buildrpm checking of md5 checksums of downloaded Python and Docutils
r23141 DOCUTILSMD5=`sed -ne "s/^%global docutilsmd5 //p" $specfile`
if [ "$DOCUTILSMD5" ]; then
echo "$DOCUTILSMD5 $DOCUTILS_SRCFILE" | md5sum -w -c
fi
Mads Kiilerich
buildrpm: introduce --rpmdir instead of using hardcoded rpmbuild dir...
r22437 ln -f $DOCUTILS_SRCFILE $RPMBUILDDIR/SOURCES/$DOCUTILS_SRCFILE
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 )
fi
Augie Fackler
buildrpm: mkdir -p two needed directories (issue4779)...
r26139 mkdir -p $RPMBUILDDIR/SPECS
Mads Kiilerich
buildrpm: introduce --rpmdir instead of using hardcoded rpmbuild dir...
r22437 rpmspec=$RPMBUILDDIR/SPECS/mercurial.spec
Gilles Moris
buildrpm: build full RPM package including sources
r9813
Gilles Moris
buildrpm: cleanup script
r9812 sed -e "s,^Version:.*,Version: $version," \
mpm@selenic.com
[PATCH] Add contrib/buildrpm script...
r564 -e "s,^Release:.*,Release: $release," \
Gilles Moris
buildrpm: build full RPM package including sources
r9813 $specfile > $rpmspec
mpm@selenic.com
[PATCH] Add contrib/buildrpm script...
r564
Gilles Moris
buildrpm: enhance changelog of the RPM file...
r9814 echo >> $rpmspec
echo "%changelog" >> $rpmspec
if echo $version | grep '+' > /dev/null 2>&1; then
latesttag="`echo $version | sed -e 's/+.*//'`"
$HG log -r .:"$latesttag" -fM \
--template '{date|hgdate}\t{author}\t{desc|firstline}\n' | python -c '
import sys, time
def datestr(date, format):
return time.strftime(format, time.gmtime(float(date[0]) - date[1]))
Adam Spiers
buildrpm: auto-generate %changelog in .spec file...
r4754
Gilles Moris
buildrpm: enhance changelog of the RPM file...
r9814 changelog = []
for l in sys.stdin.readlines():
tok = l.split("\t")
hgdate = tuple(int(v) for v in tok[0].split())
changelog.append((datestr(hgdate, "%F"), tok[1], hgdate, tok[2]))
prevtitle = ""
for l in sorted(changelog, reverse=True):
title = "* %s %s" % (datestr(l[2], "%a %b %d %Y"), l[1])
if prevtitle != title:
prevtitle = title
print
print title
print "- %s" % l[3].strip()
' >> $rpmspec
else
$HG log \
--template '{date|hgdate}\t{author}\t{desc|firstline}\n' \
.hgtags | python -c '
import sys, time
def datestr(date, format):
return time.strftime(format, time.gmtime(float(date[0]) - date[1]))
for l in sys.stdin.readlines():
tok = l.split("\t")
hgdate = tuple(int(v) for v in tok[0].split())
print "* %s %s\n- %s" % (datestr(hgdate, "%a %b %d %Y"), tok[1], tok[2])
' >> $rpmspec
fi
Adam Spiers
buildrpm: auto-generate %changelog in .spec file...
r4754
Mads Kiilerich
buildrpm: introduce --withpython for building rpms that includes Python 2.7
r22436 sed -i \
-e "s/^%define withpython.*$/%define withpython $RPMPYTHONVER/" \
$rpmspec
Mads Kiilerich
buildrpm: introduce --prepare for preparing without actually building rpms
r22435 if [ "$BUILD" ]; then
Mads Kiilerich
buildrpm: introduce --rpmdir instead of using hardcoded rpmbuild dir...
r22437 rpmbuild --define "_topdir $RPMBUILDDIR" -ba $rpmspec --clean
Mads Kiilerich
buildrpm: introduce --prepare for preparing without actually building rpms
r22435 if [ $? = 0 ]; then
echo
echo "Built packages for $version-$release:"
Mads Kiilerich
buildrpm: introduce --rpmdir instead of using hardcoded rpmbuild dir...
r22437 find $RPMBUILDDIR/*RPMS/ -type f -newer $rpmspec
Mads Kiilerich
buildrpm: introduce --prepare for preparing without actually building rpms
r22435 fi
else
Mads Kiilerich
buildrpm: introduce --rpmdir instead of using hardcoded rpmbuild dir...
r22437 echo "Prepared sources for $version-$release $rpmspec are in $RPMBUILDDIR/SOURCES/ - use like:"
echo "rpmbuild --define '_topdir $RPMBUILDDIR' -ba $rpmspec --clean"
mpm@selenic.com
[PATCH] Add contrib/buildrpm script...
r564 fi