picnoir/nix-gh
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

fetchgit: Remove incomplete/unneeded isURI check.

Browse source 
This check spuriously fails for e.g. git@github.com:NixOS/nixpkgs.git,
and even for ssh://git@github.com/NixOS/nixpkgs.git, and is made
redundant by the checks git itself will do when fetching the repo. We
instead pass a -- before passing the URI to git to avoid injection.
This commit is contained in:
Shea Levy 2017-10-16 12:56:58 -04:00
parent 1dd29d7aeb
commit 4e58294ae6
No known key found for this signature in database
GPG key ID: 5C0BD6957D86FE27
1 changed files with 1 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/libexpr/primops/fetchgit.cc
View file

@ -13,9 +13,6 @@ namespace nix {
Path exportGit(ref<Store> store, const std::string & uri,
const std::string & ref, const std::string & rev)
{
if (!isUri(uri))
throw EvalError(format("'%s' is not a valid URI") % uri);
if (rev != "") {
std::regex revRegex("^[0-9a-fA-F]{40}$");
if (!std::regex_match(rev, revRegex))
@ -47,7 +44,7 @@ Path exportGit(ref<Store> store, const std::string & uri,
if (stat(localRefFile.c_str(), &st) != 0 ||
st.st_mtime < now - settings.tarballTtl)
{
runProgram("git", true, { "-C", cacheDir, "fetch", "--force", uri, ref + ":" + localRef });
runProgram("git", true, { "-C", cacheDir, "fetch", "--force", "--", uri, ref + ":" + localRef });
struct timeval times[2];
times[0].tv_sec = now;