public
/
airgap
5
0
Fork 1
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity

guard against ambiguious ref attacks in fetch

This commit is contained in:
Lance Vick 2020-10-21 22:59:29 -07:00
parent d408ead328
commit c1297ffcc2
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/fetch
View File

@ -26,6 +26,11 @@ mkdir -p "$build_dir"
cd $buildroot_dir; cd $buildroot_dir;
git checkout "$buildroot_ref"; git checkout "$buildroot_ref";
git reset --hard; git reset --hard;
git tag airgap || :
current_ref="$(git rev-parse --verify HEAD)"
[ "$current_ref" == "$buildroot_ref" ] || {
echo "Error: $buildroot_ref was not successfully checked out"; exit 1;
}
if [ "$(ls -A "${buildroot_external}/patches")" ]; then if [ "$(ls -A "${buildroot_external}/patches")" ]; then
for patch in "${buildroot_external}"/patches/*; do for patch in "${buildroot_external}"/patches/*; do
echo "Applying patch: ${patch}"; echo "Applying patch: ${patch}";
@ -42,6 +47,11 @@ mkdir -p "$build_dir"
cd "$heads_dir"; cd "$heads_dir";
git checkout "$heads_ref"; git checkout "$heads_ref";
git reset --hard; git reset --hard;
git tag airgap || :
current_ref="$(git rev-parse --verify HEAD)"
[ "$current_ref" == "$heads_ref" ] || {
echo "Error: $heads_ref was not successfully checked out"; exit 1;
}
if [ "$(ls -A "${heads_external}/patches")" ]; then if [ "$(ls -A "${heads_external}/patches")" ]; then
for patch in "${heads_external}"/patches/*; do for patch in "${heads_external}"/patches/*; do
echo "Applying patch: ${patch}"; echo "Applying patch: ${patch}";