[bug#59202] python-check-manifest: Relax git security settings in tests.
Commit Message
Hi Guix,
the git security fixes for CVE-2022-39253 break submodule tests in
python-check-manifest. This patch works around the issue by disabling
the security check in the check phase.
Best regards,
Ontje
Comments
Hi,
<Ontje.Luensdorf@dlr.de> skribis:
> From 3de0d326956fa551a3dad6d65f6fabd9ff4282b3 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Ontje=20L=C3=BCnsdorf?= <ontje.luensdorf@dlr.de>
> Date: Fri, 11 Nov 2022 21:09:21 +0100
> Subject: [PATCH] gnu: python-check-manifest: Relax git security settings in
> tests.
>
> * gnu/packages/python-xyz.scm (python-check-manifest)[arguments]:
> Allow git submodule commands via file protocol during testing.
Good catch. Applied, thanks!
Ludo’.
From 3de0d326956fa551a3dad6d65f6fabd9ff4282b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ontje=20L=C3=BCnsdorf?= <ontje.luensdorf@dlr.de>
Date: Fri, 11 Nov 2022 21:09:21 +0100
Subject: [PATCH] gnu: python-check-manifest: Relax git security settings in
tests.
* gnu/packages/python-xyz.scm (python-check-manifest)[arguments]:
Allow git submodule commands via file protocol during testing.
---
gnu/packages/python-xyz.scm | 11 +++++++++++
1 file changed, 11 insertions(+)
@@ -25580,6 +25580,17 @@ (define-public python-check-manifest
(build-system python-build-system)
(native-inputs
(list python-mock git))
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ ;; Tests use git submodule commands over the file transport, which
+ ;; has been disabled in git, see CVE-2022-39253. Enable these
+ ;; commands to allow checks to succeed.
+ (add-before 'check 'allow-git-submodule-add
+ (lambda _
+ (setenv "HOME" "/tmp")
+ (invoke "git" "config" "--global"
+ "protocol.file.allow" "always"))))))
(home-page "https://github.com/mgedmin/check-manifest")
(synopsis "Check MANIFEST.in in a Python source package for completeness")
(description "Python package can include a MANIFEST.in file to help with
--
2.38.1