savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] bzr commit notifications


From: Glenn Morris
Subject: [Savannah-hackers-public] bzr commit notifications
Date: Fri, 17 May 2013 16:21:07 -0400

Hello,

Recently Savannah bzr was updated to bzr 2.6.
This breaks the bzr-hookless-email script that was being used for
commit notifications. [1]

To try and fix this, I suggest installing the bzr-email plugin.
`apt-get install bzr-email' (the version from Debian testing is the
latest version).

IIUC, historically Savannah had some theoretical security concerns
about bzr-email. I've looked at it and IMO the one issue that there
might be can be trivially patched away. [2]
But I don't really know why you went with bzr-hookless-email.

If you are willing to install it, I can test it.

If you want more details before making a decision, please ask.


[1] If you want the details,
https://lists.ubuntu.com/archives/bazaar/2013q2/075520.html

[2] The only issue I can see is this:
Anyone with write access to a bzr branch can set plugin options in
.bzr/branch/branch.conf (this is actually good, because it means we
will be able to control our own commit notifications without needing
to bug Savannah admins).

One option is "post_commit_mailer".
This is either 'smtplib' (an internal Python library), or an external
command like "/bin/mail".
(I am assuming smtplib will be the correct option for Savannah.)
Someone could try and set this to something nasty like "rm -rf /".
So all we need to do is hard-code that option to "smtplib".
Patching emailer.py is one trivial way to do that (see end).

Alternatively, I am told that options set in ~/.bzr/locations.conf
will take precedence over branch options. If bzr on Savannah runs
under a single user, that could be a better way to do it.

If you want to review it, the code is at
https://launchpad.net/bzr-email

I suggest a patch something like:


***************
*** 206,212 ****
              if mailer == 'smtplib':
                  self._send_using_smtplib()
              else:
!                 self._send_using_process()
          finally:
              self.repository.unlock()
              self.branch.unlock()
--- 206,213 ----
              if mailer == 'smtplib':
                  self._send_using_smtplib()
              else:
!                 raise errors.BzrError("Bad value for post_commit_mailer")
!                 # self._send_using_process()
          finally:
              self.repository.unlock()
              self.branch.unlock()
***************
*** 303,309 ****
  opt_post_commit_to = ListOption('post_commit_to',
      help='Address to send commit emails to.')
  opt_post_commit_mailer = Option('post_commit_mailer',
!     help='Mail client to use.', default='mail')
  opt_post_commit_url = Option('post_commit_url',
      help='URL to mention for branch in post commit messages.')
  opt_revision_mail_headers = ListOption('revision_mail_headers',
--- 304,310 ----
  opt_post_commit_to = ListOption('post_commit_to',
      help='Address to send commit emails to.')
  opt_post_commit_mailer = Option('post_commit_mailer',
!     help='Mail client to use.', default='smtplib')
  opt_post_commit_url = Option('post_commit_url',
      help='URL to mention for branch in post commit messages.')
  opt_revision_mail_headers = ListOption('revision_mail_headers',





reply via email to

[Prev in Thread] Current Thread [Next in Thread]