source-repositories : use explicit sudo/-C args when in REPO_DEST
The recent git ownership-checking changes (see related bug for full details) mean we can not run git in non-owned directories. We have a couple of cases here where we have done a "pushd" to work in the REPO_DEST context; this is the destination directory that is inside the chroot so needs to be operated on as "root" (via sudo calls). This certainly makes sense -- but given the new way of things it can hide what context each call is working in, which is now very important. Previously this worked because you could read it; now it's doing the UID check too, calls in here without sudo now fail. Remvoe the pushd's and make every call that works in REPO_DEST explicit with -C, and add sudo calls around it. Change-Id: Id1f6bd94c9c77ef6ab2b562a7e0bc48f749c58ac Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
This commit is contained in:
parent
709d18fd42
commit
4cb3346fec
@ -159,30 +159,26 @@ function get_repos_for_element(){
|
|||||||
echo "REPOLOCATIONS don't match ("$CACHE_PATH" != "$DESIRED")" >&2
|
echo "REPOLOCATIONS don't match ("$CACHE_PATH" != "$DESIRED")" >&2
|
||||||
exit 1
|
exit 1
|
||||||
elif [[ "$REPOREF" != "*" ]]; then
|
elif [[ "$REPOREF" != "*" ]]; then
|
||||||
pushd $REPO_DEST > /dev/null
|
|
||||||
# When we first clone we create a branch naming what we fetched
|
# When we first clone we create a branch naming what we fetched
|
||||||
# that must match, or we are asking for two different references from the
|
# that must match, or we are asking for two different references from the
|
||||||
# same repo, which is an error
|
# same repo, which is an error
|
||||||
if ! git rev-parse fetch_$REPOREF; then
|
if ! sudo git -C ${REPO_DEST} rev-parse fetch_$REPOREF; then
|
||||||
echo "REPOREFS don't match - failed to get sha1 of fetch_$REPOREF" >&2
|
echo "REPOREFS don't match - failed to get sha1 of fetch_$REPOREF" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
popd > /dev/null
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
sudo git clone -q $CACHE_PATH $REPO_DEST
|
sudo git clone -q $CACHE_PATH $REPO_DEST
|
||||||
pushd $REPO_DEST > /dev/null
|
|
||||||
if [[ "$REPOREF" == "*" ]]; then
|
if [[ "$REPOREF" == "*" ]]; then
|
||||||
sudo git fetch -q --prune --update-head-ok $CACHE_PATH \
|
sudo git -C ${REPO_DEST} fetch -q --prune --update-head-ok $CACHE_PATH \
|
||||||
+refs/heads/*:refs/heads/* +refs/tags/*:refs/tags/*
|
+refs/heads/*:refs/heads/* +refs/tags/*:refs/tags/*
|
||||||
git_sha=$(git rev-parse HEAD)
|
git_sha=$(sudo git -C ${REPO_DEST} rev-parse HEAD)
|
||||||
else
|
else
|
||||||
sudo git fetch -q $CACHE_PATH $REPOREF:fetch_$REPOREF
|
sudo git -C ${REPO_DEST} fetch -q $CACHE_PATH $REPOREF:fetch_$REPOREF
|
||||||
sudo git reset --hard FETCH_HEAD
|
sudo git -C ${REPO_DEST} reset --hard FETCH_HEAD
|
||||||
# Get the sha in use
|
# Get the sha in use
|
||||||
git_sha=$(git rev-parse FETCH_HEAD)
|
git_sha=$(sudo git -C ${REPO_DEST} rev-parse FETCH_HEAD)
|
||||||
fi
|
fi
|
||||||
popd > /dev/null
|
|
||||||
|
|
||||||
# Write the sha being used into the source-repositories manifest
|
# Write the sha being used into the source-repositories manifest
|
||||||
echo "$REPONAME git $REPOPATH $REPOLOCATION $git_sha" >> $GIT_MANIFEST
|
echo "$REPONAME git $REPOPATH $REPOLOCATION $git_sha" >> $GIT_MANIFEST
|
||||||
|
Loading…
Reference in New Issue
Block a user