[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers-public] bzr commit notifications
From: |
Glenn Morris |
Subject: |
[Savannah-hackers-public] bzr commit notifications |
Date: |
Fri, 17 May 2013 16:21:07 -0400 |
Hello,
Recently Savannah bzr was updated to bzr 2.6.
This breaks the bzr-hookless-email script that was being used for
commit notifications. [1]
To try and fix this, I suggest installing the bzr-email plugin.
`apt-get install bzr-email' (the version from Debian testing is the
latest version).
IIUC, historically Savannah had some theoretical security concerns
about bzr-email. I've looked at it and IMO the one issue that there
might be can be trivially patched away. [2]
But I don't really know why you went with bzr-hookless-email.
If you are willing to install it, I can test it.
If you want more details before making a decision, please ask.
[1] If you want the details,
https://lists.ubuntu.com/archives/bazaar/2013q2/075520.html
[2] The only issue I can see is this:
Anyone with write access to a bzr branch can set plugin options in
.bzr/branch/branch.conf (this is actually good, because it means we
will be able to control our own commit notifications without needing
to bug Savannah admins).
One option is "post_commit_mailer".
This is either 'smtplib' (an internal Python library), or an external
command like "/bin/mail".
(I am assuming smtplib will be the correct option for Savannah.)
Someone could try and set this to something nasty like "rm -rf /".
So all we need to do is hard-code that option to "smtplib".
Patching emailer.py is one trivial way to do that (see end).
Alternatively, I am told that options set in ~/.bzr/locations.conf
will take precedence over branch options. If bzr on Savannah runs
under a single user, that could be a better way to do it.
If you want to review it, the code is at
https://launchpad.net/bzr-email
I suggest a patch something like:
***************
*** 206,212 ****
if mailer == 'smtplib':
self._send_using_smtplib()
else:
! self._send_using_process()
finally:
self.repository.unlock()
self.branch.unlock()
--- 206,213 ----
if mailer == 'smtplib':
self._send_using_smtplib()
else:
! raise errors.BzrError("Bad value for post_commit_mailer")
! # self._send_using_process()
finally:
self.repository.unlock()
self.branch.unlock()
***************
*** 303,309 ****
opt_post_commit_to = ListOption('post_commit_to',
help='Address to send commit emails to.')
opt_post_commit_mailer = Option('post_commit_mailer',
! help='Mail client to use.', default='mail')
opt_post_commit_url = Option('post_commit_url',
help='URL to mention for branch in post commit messages.')
opt_revision_mail_headers = ListOption('revision_mail_headers',
--- 304,310 ----
opt_post_commit_to = ListOption('post_commit_to',
help='Address to send commit emails to.')
opt_post_commit_mailer = Option('post_commit_mailer',
! help='Mail client to use.', default='smtplib')
opt_post_commit_url = Option('post_commit_url',
help='URL to mention for branch in post commit messages.')
opt_revision_mail_headers = ListOption('revision_mail_headers',
- [Savannah-hackers-public] bzr commit notifications,
Glenn Morris <=