Files
@ a444c46a0649
Branch filter:
Location: kallithea/scripts/make-release - annotation
a444c46a0649
2.4 KiB
text/plain
middleware: fix handling of Git 'info/refs' command to give correct access control
For a pull, the Git client first sends an 'info/refs' command with a
'service=git-upload-pack' query, then it sends the actual 'git-upload-pack'
command.
For a push, the Git client first sends an 'info/refs' command with a
'service=git-receive-pack' query, then it sends the actual 'git-receive-pack'
command.
Before, the 'info/refs' commands would fall back to the default of trying to
use the action of the previous request. That seems wrong.
Instead, authorize the 'info/refs' command just like the actual command it
references.
path_info will now be checked more than before. Mainly because that is more
correct and more explicit and "better" to do it that way. It might also give
some safety.
For a pull, the Git client first sends an 'info/refs' command with a
'service=git-upload-pack' query, then it sends the actual 'git-upload-pack'
command.
For a push, the Git client first sends an 'info/refs' command with a
'service=git-receive-pack' query, then it sends the actual 'git-receive-pack'
command.
Before, the 'info/refs' commands would fall back to the default of trying to
use the action of the previous request. That seems wrong.
Instead, authorize the 'info/refs' command just like the actual command it
references.
path_info will now be checked more than before. Mainly because that is more
correct and more explicit and "better" to do it that way. It might also give
some safety.
d4f66ca15110 d4f66ca15110 d4f66ca15110 d4f66ca15110 f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa f5b5749113aa d06c0566cb23 d06c0566cb23 e4452268c09f d06c0566cb23 d06c0566cb23 dba4e770d4b6 d06c0566cb23 d06c0566cb23 d4f66ca15110 d06c0566cb23 d06c0566cb23 d06c0566cb23 d06c0566cb23 d06c0566cb23 b70ad5c7e706 b70ad5c7e706 d06c0566cb23 d06c0566cb23 d06c0566cb23 d4f66ca15110 d4f66ca15110 d06c0566cb23 d4f66ca15110 d4f66ca15110 d4f66ca15110 d06c0566cb23 d4f66ca15110 d4f66ca15110 d06c0566cb23 dba4e770d4b6 d06c0566cb23 d06c0566cb23 cf81d586cf07 d06c0566cb23 08de75df7775 08de75df7775 08de75df7775 d06c0566cb23 d4f66ca15110 d06c0566cb23 d06c0566cb23 d06c0566cb23 d06c0566cb23 d06c0566cb23 d4f66ca15110 d06c0566cb23 d4f66ca15110 d06c0566cb23 d06c0566cb23 d4f66ca15110 d4f66ca15110 d4f66ca15110 d4f66ca15110 d4f66ca15110 d06c0566cb23 d4f66ca15110 d4f66ca15110 d4f66ca15110 d4f66ca15110 d06c0566cb23 e4452268c09f d06c0566cb23 | #!/bin/bash
set -e
set -x
cleanup()
{
echo "Removing venv $venv"
rm -rf "$venv"
}
echo "Checking that you are NOT inside a virtualenv"
[ -z "$VIRTUAL_ENV" ]
venv=$(mktemp -d --tmpdir kallithea-release-XXXXX)
trap cleanup EXIT
echo "Setting up a fresh virtualenv in $venv"
virtualenv -p python2 "$venv"
. "$venv/bin/activate"
echo "Install/verify tools needed for building and uploading stuff"
pip install --upgrade -e .
pip install --upgrade -r dev_requirements.txt twine
echo "Cleanup and update copyrights ... and clean checkout"
scripts/run-all-cleanup
scripts/update-copyrights.py
hg up -cr .
echo "Make release build from clean checkout in build/"
rm -rf build dist
hg archive build
cd build
echo "Check that each entry in MANIFEST.in match something"
sed -e 's/[^ ]*[ ]*\([^ ]*\).*/\1/g' MANIFEST.in | xargs ls -lad
echo "Build dist"
python2 setup.py compile_catalog
python2 setup.py sdist
echo "Verify VERSION from kallithea/__init__.py"
namerel=$(cd dist && echo Kallithea-*.tar.gz)
namerel=${namerel%.tar.gz}
version=${namerel#Kallithea-}
ls -l $(pwd)/dist/$namerel.tar.gz
echo "Releasing Kallithea $version in directory $namerel"
echo "Verify dist file content"
diff -u <((hg mani | grep -v '^\.hg') | LANG=C sort) <(tar tf dist/Kallithea-$version.tar.gz | sed "s|^$namerel/||" | grep . | grep -v '^kallithea/i18n/.*/LC_MESSAGES/kallithea.mo$\|^Kallithea.egg-info/\|^PKG-INFO$\|/$' | LANG=C sort)
echo "Verify docs build"
python2 setup.py build_sphinx # the results are not actually used, but we want to make sure it builds
echo "Shortlog for inclusion in the release announcement"
scripts/shortlog.py "only('.', branch('stable') & tagged() & public() & not '.')"
cat - << EOT
Now, make sure
* all tests are passing
* release note is ready
* announcement is ready
* source has been pushed to https://kallithea-scm.org/repos/kallithea
EOT
echo "Verify current revision is tagged for $version"
hg log -r "'$version'&." | grep .
echo -n "Enter \"pypi\" to upload Kallithea $version to pypi: "
read answer
[ "$answer" = "pypi" ]
echo "Rebuild readthedocs for docs.kallithea-scm.org"
xdg-open https://readthedocs.org/projects/kallithea/
curl -X POST http://readthedocs.org/build/kallithea
xdg-open https://readthedocs.org/builds/kallithea/
xdg-open http://docs.kallithea-scm.org/en/latest/ # or whatever the branch is
twine upload dist/*
xdg-open https://pypi.python.org/pypi/Kallithea
|