<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/git-submodule.sh, branch v2.15.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.15.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.15.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2018-05-22T05:10:49Z</updated>
<entry>
<title>Sync with Git 2.13.7</title>
<updated>2018-05-22T05:10:49Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2018-05-22T05:10:49Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=7b01c71b64d25202d80b73cbd46104ebfddbdab3'/>
<id>urn:sha1:7b01c71b64d25202d80b73cbd46104ebfddbdab3</id>
<content type='text'>
* maint-2.13:
  Git 2.13.7
  verify_path: disallow symlinks in .gitmodules
  update-index: stat updated files earlier
  verify_dotfile: mention case-insensitivity in comment
  verify_path: drop clever fallthrough
  skip_prefix: add case-insensitive variant
  is_{hfs,ntfs}_dotgitmodules: add tests
  is_ntfs_dotgit: match other .git files
  is_hfs_dotgit: match other .git files
  is_ntfs_dotgit: use a size_t for traversing string
  submodule-config: verify submodule names as paths
</content>
</entry>
<entry>
<title>submodule-config: verify submodule names as paths</title>
<updated>2018-05-22T03:50:11Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2018-04-30T07:25:25Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=0383bbb9015898cbc79abd7b64316484d7713b44'/>
<id>urn:sha1:0383bbb9015898cbc79abd7b64316484d7713b44</id>
<content type='text'>
Submodule "names" come from the untrusted .gitmodules file,
but we blindly append them to $GIT_DIR/modules to create our
on-disk repo paths. This means you can do bad things by
putting "../" into the name (among other things).

Let's sanity-check these names to avoid building a path that
can be exploited. There are two main decisions:

  1. What should the allowed syntax be?

     It's tempting to reuse verify_path(), since submodule
     names typically come from in-repo paths. But there are
     two reasons not to:

       a. It's technically more strict than what we need, as
          we really care only about breaking out of the
          $GIT_DIR/modules/ hierarchy.  E.g., having a
          submodule named "foo/.git" isn't actually
          dangerous, and it's possible that somebody has
          manually given such a funny name.

       b. Since we'll eventually use this checking logic in
          fsck to prevent downstream repositories, it should
          be consistent across platforms. Because
          verify_path() relies on is_dir_sep(), it wouldn't
          block "foo\..\bar" on a non-Windows machine.

  2. Where should we enforce it? These days most of the
     .gitmodules reads go through submodule-config.c, so
     I've put it there in the reading step. That should
     cover all of the C code.

     We also construct the name for "git submodule add"
     inside the git-submodule.sh script. This is probably
     not a big deal for security since the name is coming
     from the user anyway, but it would be polite to remind
     them if the name they pick is invalid (and we need to
     expose the name-checker to the shell anyway for our
     test scripts).

     This patch issues a warning when reading .gitmodules
     and just ignores the related config entry completely.
     This will generally end up producing a sensible error,
     as it works the same as a .gitmodules file which is
     missing a submodule entry (so "submodule update" will
     barf, but "git clone --recurse-submodules" will print
     an error but not abort the clone.

     There is one minor oddity, which is that we print the
     warning once per malformed config key (since that's how
     the config subsystem gives us the entries). So in the
     new test, for example, the user would see three
     warnings. That's OK, since the intent is that this case
     should never come up outside of malicious repositories
     (and then it might even benefit the user to see the
     message multiple times).

Credit for finding this vulnerability and the proof of
concept from which the test script was adapted goes to
Etienne Stalmans.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
</content>
</entry>
<entry>
<title>Merge branch 'sb/submodule-parallel-update' into maint</title>
<updated>2017-09-10T08:03:06Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2017-09-10T08:03:06Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=95d25c412d140698ac0084bd94dcde8ecdcd332d'/>
<id>urn:sha1:95d25c412d140698ac0084bd94dcde8ecdcd332d</id>
<content type='text'>
Code clean-up.

* sb/submodule-parallel-update:
  submodule.sh: remove unused variable
</content>
</entry>
<entry>
<title>submodule.sh: remove unused variable</title>
<updated>2017-08-17T18:05:49Z</updated>
<author>
<name>Stefan Beller</name>
<email>sbeller@google.com</email>
</author>
<published>2017-08-16T22:50:42Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=c8d0c4fe9b7987e2d68eb2b639d0f4eb5f89599b'/>
<id>urn:sha1:c8d0c4fe9b7987e2d68eb2b639d0f4eb5f89599b</id>
<content type='text'>
This could have been part of 48308681b0 (git submodule update: have a
dedicated helper for cloning, 2016-02-29).

Signed-off-by: Stefan Beller &lt;sbeller@google.com&gt;
Reviewed-by: Jonathan Nieder &lt;jrnieder@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>scripts: use "git foo" not "git-foo"</title>
<updated>2017-08-07T19:04:45Z</updated>
<author>
<name>Michael Forney</name>
<email>mforney@mforney.org</email>
</author>
<published>2017-08-05T06:49:05Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=974ce8078c9a91190d798eaa65c9f173dd50c3f8'/>
<id>urn:sha1:974ce8078c9a91190d798eaa65c9f173dd50c3f8</id>
<content type='text'>
We want to make sure that people who copy &amp; paste code would see
fewer instances of "git-foo".  The use of these dashed forms have
been discouraged since v1.6.0 days.

Signed-off-by: Michael Forney &lt;mforney@mforney.org&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>add: warn when adding an embedded repository</title>
<updated>2017-06-15T16:10:44Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2017-06-14T10:58:22Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=532139940c98a98bce2001bb495d75dec3d88e4d'/>
<id>urn:sha1:532139940c98a98bce2001bb495d75dec3d88e4d</id>
<content type='text'>
It's an easy mistake to add a repository inside another
repository, like:

  git clone $url
  git add .

The resulting entry is a gitlink, but there's no matching
.gitmodules entry. Trying to use "submodule init" (or clone
with --recursive) doesn't do anything useful. Prior to
v2.13, such an entry caused git-submodule to barf entirely.
In v2.13, the entry is considered "inactive" and quietly
ignored. Either way, no clone of your repository can do
anything useful with the gitlink without the user manually
adding the submodule config.

In most cases, the user probably meant to either add a real
submodule, or they forgot to put the embedded repository in
their .gitignore file.

Let's issue a warning when we see this case. There are a few
things to note:

  - the warning will go in the git-add porcelain; anybody
    wanting to do low-level manipulation of the index is
    welcome to create whatever funny states they want.

  - we detect the case by looking for a newly added gitlink;
    updates via "git add submodule" are perfectly reasonable,
    and this avoids us having to investigate .gitmodules
    entirely

  - there's a command-line option to suppress the warning.
    This is needed for git-submodule itself (which adds the
    entry before adding any submodule config), but also
    provides a mechanism for other scripts doing
    submodule-like things.

We could make this a hard error instead of a warning.
However, we do add lots of sub-repos in our test suite. It's
not _wrong_ to do so. It just creates a state where users
may be surprised. Pointing them in the right direction with
a gentle hint is probably the best option.

There is a config knob that can disable the (long) hint. But
I intentionally omitted a config knob to disable the warning
entirely. Whether the warning is sensible or not is
generally about context, not about the user's preferences.
If there's a tool or workflow that adds gitlinks without
matching .gitmodules, it should probably be taught about the
new command-line option, rather than blanket-disabling the
warning.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>submodule: prevent backslash expantion in submodule names</title>
<updated>2017-04-17T03:09:36Z</updated>
<author>
<name>Brandon Williams</name>
<email>bmwill@google.com</email>
</author>
<published>2017-04-07T17:23:06Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=cf9e55f49438d07dd554c5ade92f1c266363af36'/>
<id>urn:sha1:cf9e55f49438d07dd554c5ade92f1c266363af36</id>
<content type='text'>
When attempting to add a submodule with backslashes in its name 'git
submodule' fails in a funny way.  We can see that some of the
backslashes are expanded resulting in a bogus path:

git -C main submodule add ../sub\\with\\backslash
fatal: repository '/tmp/test/sub\witackslash' does not exist
fatal: clone of '/tmp/test/sub\witackslash' into submodule path

To solve this, convert calls to 'read' to 'read -r' in git-submodule.sh
in order to prevent backslash expantion in submodule names.

Reported-by: Joachim Durchholz &lt;jo@durchholz.org&gt;
Signed-off-by: Brandon Williams &lt;bmwill@google.com&gt;
Reviewed-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>submodule add: respect submodule.active and submodule.&lt;name&gt;.active</title>
<updated>2017-03-18T16:51:23Z</updated>
<author>
<name>Brandon Williams</name>
<email>bmwill@google.com</email>
</author>
<published>2017-03-17T22:38:05Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=1b614c07d2428927358cc7317622913d1dbd59c9'/>
<id>urn:sha1:1b614c07d2428927358cc7317622913d1dbd59c9</id>
<content type='text'>
In addition to adding submodule.&lt;name&gt;.url to the config, set
submodule.&lt;name&gt;.active to true unless submodule.active is configured
and the submodule's path matches the configured pathspec.

Signed-off-by: Brandon Williams &lt;bmwill@google.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>submodule sync: use submodule--helper is-active</title>
<updated>2017-03-17T18:06:09Z</updated>
<author>
<name>Brandon Williams</name>
<email>bmwill@google.com</email>
</author>
<published>2017-03-16T22:29:46Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=25b31f1b73331d3d9e90a72c34e514795e98c174'/>
<id>urn:sha1:25b31f1b73331d3d9e90a72c34e514795e98c174</id>
<content type='text'>
Signed-off-by: Brandon Williams &lt;bmwill@google.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>submodule sync: skip work for inactive submodules</title>
<updated>2017-03-17T18:06:09Z</updated>
<author>
<name>Brandon Williams</name>
<email>bmwill@google.com</email>
</author>
<published>2017-03-16T22:29:45Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=e7849a9677e9db6af81f568ae40ad2eddf5d3f0d'/>
<id>urn:sha1:e7849a9677e9db6af81f568ae40ad2eddf5d3f0d</id>
<content type='text'>
Sync does some work determining what URLs should be used for a submodule
but then throws this work away if the submodule isn't active.  Instead
perform the activity check earlier and skip inactive submodule in order
to avoid doing unnecessary work.

Signed-off-by: Brandon Williams &lt;bmwill@google.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
</feed>
