diff options
| author | Mike McQuaid | 2015-03-07 14:59:30 +0000 |
|---|---|---|
| committer | Mike McQuaid | 2015-03-08 10:48:58 +0000 |
| commit | 7497e4226b6222724852ee497d41d1f6ad76d6b8 (patch) | |
| tree | b1eb9dfa1b58c45cb2ee43fe4c72d5e898597750 /Library/Homebrew/download_strategy.rb | |
| parent | 7c8144c5c4305bcc57715f1bec0d38ddd37bcd59 (diff) | |
| download | homebrew-7497e4226b6222724852ee497d41d1f6ad76d6b8.tar.bz2 | |
download_strategy: raise on wrong tag revision.
Adds some added security to Git tags so we are able to provide an
effective checksum rather than letting them be changed without our
knowing.
Also:
- Reprioritise ref_types. Tag should take priority over branch and revisions over a single one.
- Add current_revision method. Used to verify the current repository revision matches the specified
revision. Currently only implemented for Git.
Diffstat (limited to 'Library/Homebrew/download_strategy.rb')
| -rw-r--r-- | Library/Homebrew/download_strategy.rb | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/Library/Homebrew/download_strategy.rb b/Library/Homebrew/download_strategy.rb index 42dde8315..08dfdcd78 100644 --- a/Library/Homebrew/download_strategy.rb +++ b/Library/Homebrew/download_strategy.rb @@ -98,11 +98,12 @@ class AbstractDownloadStrategy end class VCSDownloadStrategy < AbstractDownloadStrategy - REF_TYPES = [:branch, :revision, :revisions, :tag].freeze + REF_TYPES = [:tag, :branch, :revisions, :revision].freeze def initialize name, resource super @ref_type, @ref = extract_ref(meta) + @revision = meta[:revision] @clone = HOMEBREW_CACHE.join(cache_filename) end @@ -119,6 +120,15 @@ class VCSDownloadStrategy < AbstractDownloadStrategy else clone_repo end + + if @ref_type == :tag && @revision && current_revision + unless current_revision == @revision + raise <<-EOS.undent + #{@ref} tag should be #{@revision} + but is actually #{current_revision}! + EOS + end + end end def stage @@ -153,6 +163,9 @@ class VCSDownloadStrategy < AbstractDownloadStrategy def update end + def current_revision + end + def extract_ref(specs) key = REF_TYPES.find { |type| specs.key?(type) } return key, specs[key] @@ -570,6 +583,10 @@ class GitDownloadStrategy < VCSDownloadStrategy quiet_system 'git', '--git-dir', git_dir, 'rev-parse', '-q', '--verify', "#{@ref}^{commit}" end + def current_revision + Utils.popen_read('git', '--git-dir', git_dir, 'rev-parse', '-q', '--verify', "HEAD").strip + end + def repo_valid? quiet_system "git", "--git-dir", git_dir, "status", "-s" end |