From nobody Tue Nov 05 02:11:57 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XjBfk3NzYz5cryN; Tue, 05 Nov 2024 02:11:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XjBfk0bMrz42pH; Tue, 5 Nov 2024 02:11:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1730772718; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HUG/hJTPUQ6jdMVvEz4wkDdGgim+Pm0ZUsaGHxnmlfg=; b=oT3DYnQVqOc80qVfhuyUhvs8REbHT+/lRs4ndgIsPI4iM2WF+LuaBdblVXWKHitUxDKKnk gr5y3291d+sphNMfmMAsK0jAazVfxdJ/cR4IQFhh1hhfmQu1s0lmZB4s6tUL9nWWHVCPC4 w42psNVHX4I79FseNjNbcBx6vOKkoeocq9g6M0ojgOePnSdTgwzifuKp/nmIDWEIaLUJku 7vjumzlAUvZ8LUr6iRSsp7XwHCF/4OYdd1AdI3EyzJUBJRwJdtun5dPm6jh2c0ixdysIYy 4FppK3tmofylxmAoD8deWrRDL1LnrL5qGjExnpN4SmoDfhjpA0u180FzZZ2pwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1730772718; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HUG/hJTPUQ6jdMVvEz4wkDdGgim+Pm0ZUsaGHxnmlfg=; b=vZiGOMgDV03wO0EXUxom7zKwr2m0hZQQmZPtn+pUi8SaQo/hdudOTfnL6Y3YJO0QCLpC2h HKOtvH0+mxde/LEO8BjnQZUlaamhZ97permdFD4mO09ST0A0CBSX0lCSCnF6wOL4beHXUr dFmDtegdNqdSfufAxPSoUkK4RC/KM0mujOXActEIRSSpbH/83YPyV5VRL2R7NrsvChG4OM h/iJ9V/7jV2gK3XnXzwru9lOLzSovR66yQdYaE2eTUakoCIseq8RNTP/7dsizBWTbULYPs MKe28u0/2gIllf+LiJolN96JGyNFvBLhbSgvi5D59Vs5TyTpXcaEfHjvKktTig== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1730772718; a=rsa-sha256; cv=none; b=C2NzhgqidoVtMK19GttMorZMt4eklMTrYWIpGxWXL24ufumb94nKM/adIjlOIATWSRJjpB hBriqgfW9ez91vd35qbVEFAwL7GmomcAhgYo3GSY7Vgw0qhhMmE9YcPRjmgLEsK9J9la/z sP7jPyFsPN2baF87PUpvKn4ZcxWH1RARpIM+YRsKoeHoqbQtcRlrW8nE8AzXQOoZLM7as9 OpIUbMlBTKQLd2iQC6TwLFucOuOWYj1Z4gABYMO28b5FvEI6N0pbvCJa1DPK4WdX32LNkv pkMGQ9FhkJgZ/QghZU7MdLLvOCa0q7lxZL8g+uy9MdNgDMD9DOPW+O0ZmE1GYQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XjBfj6yL7zyfq; Tue, 5 Nov 2024 02:11:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4A52BvDQ019949; Tue, 5 Nov 2024 02:11:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4A52Bv4n019946; Tue, 5 Nov 2024 02:11:57 GMT (envelope-from git) Date: Tue, 5 Nov 2024 02:11:57 GMT Message-Id: <202411050211.4A52Bv4n019946@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jose Luis Duran Subject: git: 2377c19a8c37 - main - git-arc: Trap on every mktemp List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2377c19a8c37c3494d065c2a9e8b155147c1feb4 Auto-Submitted: auto-generated The branch main has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=2377c19a8c37c3494d065c2a9e8b155147c1feb4 commit 2377c19a8c37c3494d065c2a9e8b155147c1feb4 Author: Jose Luis Duran AuthorDate: 2024-11-05 01:47:52 +0000 Commit: Jose Luis Duran CommitDate: 2024-11-05 02:10:16 +0000 git-arc: Trap on every mktemp Trap: - EXIT (0) - HUP (1) - INT (2) - QUIT (3) - TRAP (5) - USR1 (10) - TERM (15) every time mktemp is called to reduce the chances of leaving stray files or directories with possible sensitive data inside. We avoid using a template with mktemp, as some operating systems may use unpredictable base paths by default (macOS). Suggested by: des Reviewed by: emaste, 0mp, des (earlier), markj Approved by: emaste (mentor) Differential Revision: https://reviews.freebsd.org/D47289 --- tools/tools/git/git-arc.sh | 48 +++++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/tools/tools/git/git-arc.sh b/tools/tools/git/git-arc.sh index 0df4ac4cd5fc..64d1ee2bd63f 100644 --- a/tools/tools/git/git-arc.sh +++ b/tools/tools/git/git-arc.sh @@ -43,6 +43,14 @@ err() exit 1 } +cleanup() +{ + rc=$? + rm -fr "$GITARC_TMPDIR" + trap - EXIT + exit $rc +} + err_usage() { cat >&2 <<__EOF__ @@ -147,6 +155,12 @@ __EOF__ exit 1 } +# Use xmktemp instead of mktemp when creating temporary files. +xmktemp() +{ + mktemp "${GITARC_TMPDIR:?}/tmp.XXXXXXXXXX" || exit 1 +} + # # Fetch the value of a boolean config variable ($1) and return true # (0) if the variable is true. The default value to use if the @@ -200,7 +214,7 @@ diff2status() err "invalid diff ID $diff" fi - tmp=$(mktemp) + tmp=$(xmktemp) echo '{"names":["'"$diff"'"]}' | arc_call_conduit -- phid.lookup > "$tmp" status=$(jq -r "select(.response != []) | .response.${diff}.status" < "$tmp") @@ -279,7 +293,7 @@ create_one_review() return 1 fi - msg=$(mktemp) + msg=$(xmktemp) git show -s --format='%B' "$commit" > "$msg" printf "\nTest Plan:\n" >> "$msg" printf "\nReviewers:\n" >> "$msg" @@ -308,7 +322,6 @@ create_one_review() ]}' | arc_call_conduit -- differential.revision.edit >&3 fi - rm -f "$msg" return 0 } @@ -542,31 +555,30 @@ find_author() patch_commit() { - local diff reviewid review_data authorid user_data user_addr user_name author - local tmp author_addr author_name + local diff reviewid review_data authorid user_data user_addr user_name + local diff_data author_addr author_name author tmp diff=$1 reviewid=$(diff2phid "$diff") # Get the author phid for this patch - review_data=$(mktemp) + review_data=$(xmktemp) echo '{"constraints": {"phids": ["'"$reviewid"'"]}}' | \ arc_call_conduit -- differential.revision.search > "$review_data" authorid=$(jq -r '.response.data[].fields.authorPHID' "$review_data") # Get metadata about the user that submitted this patch - user_data=$(mktemp) + user_data=$(xmktemp) echo '{"constraints": {"phids": ["'"$authorid"'"]}}' | \ arc_call_conduit -- user.search | \ jq -r '.response.data[].fields' > "$user_data" user_addr=$(jq -r '.username' "$user_data") user_name=$(jq -r '.realName' "$user_data") - rm "$user_data" # Dig the data out of querydiffs api endpoint, although it's deprecated, # since it's one of the few places we can get email addresses. It's unclear # if we can expect multiple difference ones of these. Some records don't # have this data, so we remove all the 'null's. We sort the results and # remove duplicates 'just to be sure' since we've not seen multiple # records that match. - diff_data=$(mktemp) + diff_data=$(xmktemp) echo '{"revisionIDs": [ '"${diff#D}"' ]}' | \ arc_call_conduit -- differential.querydiffs | jq -r '.response | flatten | .[]' > "$diff_data" @@ -583,7 +595,6 @@ patch_commit() fi author=$(find_author "$user_addr" "$user_name" "$author_addr" "$author_name") - rm "$diff_data" # If we had to guess, and the user didn't want to guess, abort if [ "${author}" = "ABORT" ]; then @@ -591,12 +602,11 @@ patch_commit() exit 1 fi - tmp=$(mktemp) - jq -r '.response.data[].fields.title' "$review_data" > $tmp - echo >> $tmp - jq -r '.response.data[].fields.summary' "$review_data" >> $tmp - echo >> $tmp - rm "$review_data" + tmp=$(xmktemp) + jq -r '.response.data[].fields.title' "$review_data" > "$tmp" + echo >> "$tmp" + jq -r '.response.data[].fields.summary' "$review_data" >> "$tmp" + echo >> "$tmp" # XXX this leaves an extra newline in some cases. reviewers=$(diff2reviewers "$diff" | sed '/^$/d' | paste -sd ',' - | sed 's/,/, /g') if [ -n "$reviewers" ]; then @@ -605,7 +615,6 @@ patch_commit() # XXX TODO refactor with gitarc__stage maybe? printf "Differential Revision:\thttps://reviews.freebsd.org/%s\n" "${diff}" >> "$tmp" git commit --author "${author}" --file "$tmp" - rm "$tmp" } gitarc__patch() @@ -665,7 +674,7 @@ gitarc__stage() git checkout -q -b "${branch}" main fi - tmp=$(mktemp) + tmp=$(xmktemp) for commit in $commits; do git show -s --format=%B "$commit" > "$tmp" title=$(git show -s --format=%s "$commit") @@ -826,4 +835,7 @@ if get_bool_config arc.browse false; then BROWSE=--browse fi +GITARC_TMPDIR=$(mktemp -d) || exit 1 +trap cleanup EXIT HUP INT QUIT TRAP USR1 TERM + gitarc__"${verb}" "$@"