lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181115021116.GA195691@google.com>
Date:   Wed, 14 Nov 2018 18:11:18 -0800
From:   Brian Norris <briannorris@...omium.org>
To:     yamada.masahiro@...ionext.com
Cc:     Alexander Kapshuk <alexander.kapshuk@...il.com>, sky@...ki.is,
        yamada.masahiro@...ionext.com,
        Doug Anderson <dianders@...omium.org>,
        Guenter Roeck <linux@...ck-us.net>, lists@...dbynature.de,
        Linux Kernel <linux-kernel@...r.kernel.org>,
        schwab@...ux-m68k.org
Subject: [PATCH v3] scripts/setlocalversion: Improve -dirty check with
 git-status --no-optional-locks

git-diff-index does not refresh the index for you, so using it for a
"-dirty" check can give misleading results. Commit 6147b1cf19651
("scripts/setlocalversion: git: Make -dirty check more robust") tried to
fix this by switching to git-status, but it overlooked the fact that
git-status also writes to the .git directory of the source tree, which
is definitely not kosher for an out-of-tree (O=) build. That is getting
reverted.

Fortunately, git-status now supports avoiding writing to the index via
the --no-optional-locks flag, as of git 2.14. It still calculates an
up-to-date index, but it avoids writing it out to the .git directory.

So, let's retry the solution from commit 6147b1cf19651 using this new
flag first, and if it fails, we assume this is an older version of git
and just use the old git-diff-index method.

It's hairy to get the 'grep -vq' (inverted matching) correct by stashing
the output of git-status (you have to be careful about the difference
betwen "empty stdin" and "blank line on stdin"), so just pipe the output
directly to grep and use a regex that's good enough for both the
git-status and git-diff-index version.

Cc: Genki Sky <sky@...ki.is>
Cc: Christian Kujau <lists@...dbynature.de>
Cc: Guenter Roeck <linux@...ck-us.net>
Suggested-by: Alexander Kapshuk <alexander.kapshuk@...il.com>
Signed-off-by: Brian Norris <briannorris@...omium.org>
---
v1 -> v2:
 * handle empty (non-dirty) results properly, where
     echo "${empty_variable}" | grep -qv "${something_else}"
   always has a 0 exit status (a blank line is an inverted match for any
   non-blank expression). Just pipe directly to grep instead, with a
   hopefully-not-too-permissive regex to handle both versions.
 * actually tested with dirty and non-dirty trees this time

v2 -> v3:
 * switch to extended regex (-E), instead of relying on GNU extension
   (\?)
---
 scripts/setlocalversion | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/scripts/setlocalversion b/scripts/setlocalversion
index 71f39410691b..365b3c2b8f43 100755
--- a/scripts/setlocalversion
+++ b/scripts/setlocalversion
@@ -73,8 +73,16 @@ scm_version()
 			printf -- '-svn%s' "`git svn find-rev $head`"
 		fi
 
-		# Check for uncommitted changes
-		if git diff-index --name-only HEAD | grep -qv "^scripts/package"; then
+		# Check for uncommitted changes.
+		# First, with git-status, but --no-optional-locks is only
+		# supported in git >= 2.14, so fall back to git-diff-index if
+		# it fails. Note that git-diff-index does not refresh the
+		# index, so it may give misleading results. See
+		# git-update-index(1), git-diff-index(1), and git-status(1).
+		if {
+			git --no-optional-locks status -uno --porcelain 2>/dev/null ||
+			git diff-index --name-only HEAD
+		} | grep -qvE '^(.. )?scripts/package'; then
 			printf '%s' -dirty
 		fi
 
-- 
2.19.1.930.g4563a0d9d0-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ