diff options
| author | Klaus Aehlig <klaus.aehlig@huawei.com> | 2024-02-19 13:04:07 +0100 |
|---|---|---|
| committer | Klaus Aehlig <klaus.aehlig@huawei.com> | 2024-02-20 17:18:10 +0100 |
| commit | ca54778751856d77f7da2dba051c473a488f7d1e (patch) | |
| tree | 3ff7820684956c2851e73cbfa49597fe46ec5299 /CHANGELOG.md | |
| parent | 08f3b06e3f6d5d702e754e8809b3c2e3cee73066 (diff) | |
| download | justbuild-ca54778751856d77f7da2dba051c473a488f7d1e.tar.gz | |
Git URL scheme handling: whitelist path instead of non-path protocols
At some point we have to decide if a given git repository URL is
a path. So far, we assumed that anything not starting with ssh://,
http://, or https:// is a path. This ignores the facts that
- the file:// scheme, while referring to a file, does not denote
a relative path starting file://,
- the [user@]host:path scheme is not a path on the local machine,
- there exist the URL schemes git://, ftp://, and ftps://, and
- future extension might add additional schemes.
To also correctly handle new schemes that git might add (which we
indeed can handle, as we simply shell out to the git binary), we
reverse the approach: we give the user the means to unambigiously
specify that they refer to a path on the local machine, by either
- using the file:// scheme,
- providing an absolute path starting with /, or
- providing a relative path starting with ./
All other schemes will not be modified. The file scheme, as well
as the git://, http://, and https:// scheme, are handled interally
using libgit2; all others are passed on to git in an unmodified form.
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index e9b1fb0b..96aba158 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -57,6 +57,13 @@ A feature release on top of `1.2.0`, backwards compatible. the upgrade. - The taintedness of `"configure"` targets is now propagated correctly in analysis. +- It is no longer incorrectly assumed that every `git` URL not + starting with `ssh://`, `http://`, nor `https://` is a file on the + local disk. Now, only URLs starting with `/`, `./`, or `file://` + are considered file URLs. File URLs, as well as URLs starting + with `git://`, `http://`, or `https://`, are handled by `just-mr` + using `libgit2`; for every other URL, `just-mr` shells out to + `git` for fetching and the URL is passed to `git` unchanged. - Improved portability and update of the bundled dependencies. - Various minor improvements and typo fixes in the documentation. - Fixed a race condition in an internal cache of `just execute` |