2
0
Fork 0
mirror of https://github.com/fish-shell/fish-shell synced 2025-01-16 23:14:04 +00:00
fish-shell/build_tools/git_version_gen.sh
Fabian Homborg 15f1b5f368 Skip building version file if git describe fails the new perm check
git had a CVE related to arbitrary code being run when you run git status and similar, and instead of doing something about those arbitrary code bits they decided to lock it down entirely.

So now git will refuse to do basically anything once it detects the .git directory is owned by someone else.

So, what we do is:

If `git describe` failed with a status of 128, we keep an already
built version file.

This is an awful hack, but should help with the normal `cmake; make; sudo
make install` cycle.

(the only *real* way around this seems to be to not attempt to rebuild
the version file at install time entirely, but I have no idea how to
do that)

Fixes .
2022-05-26 09:35:59 +02:00

70 lines
2 KiB
Bash
Executable file

#!/bin/sh
# Originally from the git sources (GIT-VERSION-GEN)
# Presumably (C) Junio C Hamano <junkio@cox.net>
# Reused under GPL v2.0
# Modified for fish by David Adam <zanchey@ucc.gu.uwa.edu.au>
set -e
# Find the fish directory as two levels up from script directory.
FISH_BASE_DIR="$( cd "$( dirname "$( dirname "$0" )" )" && pwd )"
DEF_VER=unknown
git_permission_failed=0
# First see if there is a version file (included in release tarballs),
# then try git-describe, then default.
if test -f version
then
VN=$(cat version) || VN="$DEF_VER"
else
if VN=$(git -C "$FISH_BASE_DIR" describe --always --dirty 2>/dev/null); then
:
else
if test $? = 128; then
# Current git versions return status 128
# when run in a repo owned by another user.
# Even for describe and everything.
# This occurs for `sudo make install`.
git_permission_failed=1
fi
VN="$DEF_VER"
fi
fi
# If the first param is --stdout, then output to stdout and exit.
if test "$1" = '--stdout'
then
echo $VN
exit 0
fi
# Set the output directory as either the first param or cwd.
test -n "$1" && OUTPUT_DIR=$1/ || OUTPUT_DIR=
FBVF="${OUTPUT_DIR}FISH-BUILD-VERSION-FILE"
if test "$VN" = unknown && test -r "$FBVF" && test "$git_permission_failed" = 1
then
# HACK: Git failed, so we keep the current version file.
# This helps in case you built fish as a normal user
# and then try to `sudo make install` it.
date +%s > ${OUTPUT_DIR}fish-build-version-witness.txt
exit 0
fi
if test -r "$FBVF"
then
VC=$(grep -v '^#' "$FBVF" | tr -d '"' | sed -e 's/^FISH_BUILD_VERSION=//')
else
VC="unset"
fi
# Maybe output the FBVF
# It looks like FISH_BUILD_VERSION="2.7.1-621-ga2f065e6"
test "$VN" = "$VC" || {
echo >&2 "FISH_BUILD_VERSION=$VN"
echo "FISH_BUILD_VERSION=\"$VN\"" >"$FBVF"
}
# Output the fish-build-version-witness.txt
# See https://cmake.org/cmake/help/v3.4/policy/CMP0058.html
date +%s > ${OUTPUT_DIR}fish-build-version-witness.txt