Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
Apq
/
CMake
spogulis no https://github.com/Kitware/CMake.git
1
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

ExternalProject: Respect TLS_VERIFY for git update step

Git config options can be passed to git clone before or after the
"clone" keyword. If specified before, the config setting is only
applied to that command invocation. It acts to override the value
in the global or project defaults (the latter doesn't exist for clone).
When the config setting is passed after the "clone" keyword, it is
saved into the cloned repository's config and will persist for later
git operations. The existing implementation expected the latter
behavior, but put the config setting before the "clone" keyword
and therefore the setting was not persisting to the git update
step. Move it to after the "clone" keyword so that it will persist.

The submodule handling is different. There is no support for
doing a "git submodule update" with a "sticky" config setting.
Instead, you have to pass the setting with all such calls. The
existing implementation was doing this for the clone step, but
not the git update step. Add the config setting there as well
so that submodules also effectively have the sslVerify setting
persist to the update step too.

Fixes: #18948
Craig Scott 2 gadi atpakaļ
vecāks
8fdce89f70
revīzija
dcbc36572f
3 mainītis faili ar 48 papildinājumiem un 13 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 42 9
      Modules/ExternalProject.cmake
  2. 3 3
      Modules/ExternalProject/gitclone.cmake.in
  3. 3 1
      Modules/ExternalProject/gitupdate.cmake.in

+ 42 - 9
Modules/ExternalProject.cmake
Parādīt failu 

@@ -1333,6 +1333,8 @@ function(_ep_write_gitclone_script
 
     message(FATAL_ERROR "Tag for git checkout should not be empty.")
 
   endif()
 
 
+  set(git_submodules_config_options "")
 
+
 
   if(GIT_VERSION_STRING VERSION_LESS 2.20 OR
 
      2.21 VERSION_LESS_EQUAL GIT_VERSION_STRING)
 
     set(git_clone_options "--no-checkout")
 
@@ -1355,18 +1357,26 @@ function(_ep_write_gitclone_script
 
   if(NOT ${git_remote_name} STREQUAL "origin")
 
     list(APPEND git_clone_options --origin \"${git_remote_name}\")
 
   endif()
 
+  if(NOT "x${tls_verify}" STREQUAL "x")
 
+    # The clone config option is sticky, it will apply to all subsequent git
 
+    # update operations. The submodules config option is not sticky, because
 
+    # git doesn't provide any way to do that. Thus, we will have to pass the
 
+    # same config option in the update step too for submodules, but not for
 
+    # the main git repo.
 
+    if(tls_verify)
 
+      # Default git behavior is "true", but the user might have changed the
 
+      # global default to "false". Since TLS_VERIFY was given, ensure we honor
 
+      # the specified setting regardless of what the global default might be.
 
+      list(APPEND git_clone_options -c http.sslVerify=true)
 
+      set(git_submodules_config_options -c http.sslVerify=true)
 
+    else()
 
+      list(APPEND git_clone_options -c http.sslVerify=false)
 
+      set(git_submodules_config_options -c http.sslVerify=false)
 
+    endif()
 
+  endif()
 
 
   string (REPLACE ";" " " git_clone_options "${git_clone_options}")
 
 
-  set(git_options)
 
-  # disable cert checking if explicitly told not to do it
 
-  if(NOT "x${tls_verify}" STREQUAL "x" AND NOT tls_verify)
 
-    set(git_options
 
-      -c http.sslVerify=false
 
-    )
 
-  endif()
 
-  string (REPLACE ";" " " git_options "${git_options}")
 
-
 
   configure_file(
 
     ${CMAKE_CURRENT_FUNCTION_LIST_DIR}/ExternalProject/gitclone.cmake.in
 
     ${script_filename}
 
@@ -1409,6 +1419,7 @@ function(_ep_write_gitupdate_script
 
   git_repository
 
   work_dir
 
   git_update_strategy
 
+  tls_verify
 
 )
 
 
   if("${git_tag}" STREQUAL "")
 
@@ -1423,6 +1434,22 @@ function(_ep_write_gitupdate_script
 
     list(APPEND git_stash_save_options --all)
 
   endif()
 
 
+  set(git_submodules_config_options "")
 
+  if(NOT "x${tls_verify}" STREQUAL "x")
 
+    # The submodules config option is not sticky, git doesn't provide any way
 
+    # to do that. We have to pass this config option for the update step too.
 
+    # We don't need to set it for the non-submodule update because it gets
 
+    # recorded as part of the clone operation in a sticky manner.
 
+    if(tls_verify)
 
+      # Default git behavior is "true", but the user might have changed the
 
+      # global default to "false". Since TLS_VERIFY was given, ensure we honor
 
+      # the specified setting regardless of what the global default might be.
 
+      set(git_submodules_config_options -c http.sslVerify=true)
 
+    else()
 
+      set(git_submodules_config_options -c http.sslVerify=false)
 
+    endif()
 
+  endif()
 
+
 
   configure_file(
 
       "${CMAKE_CURRENT_FUNCTION_LIST_DIR}/ExternalProject/gitupdate.cmake.in"
 
       "${script_filename}"
 
@@ -3361,6 +3388,11 @@ function(_ep_add_update_command name)
 
 
     _ep_get_git_submodules_recurse(git_submodules_recurse)
 
 
+    get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY)
 
+    if("x${tls_verify}" STREQUAL "x" AND DEFINED CMAKE_TLS_VERIFY)
 
+      set(tls_verify "${CMAKE_TLS_VERIFY}")
 
+    endif()
 
+
 
     set(update_script "${tmp_dir}/${name}-gitupdate.cmake")
 
     list(APPEND file_deps ${update_script})
 
     _ep_write_gitupdate_script(
 
@@ -3374,6 +3406,7 @@ function(_ep_add_update_command name)
 
       "${git_repository}"
 
       "${work_dir}"
 
       "${git_update_strategy}"
 
+      "${tls_verify}"
 
     )
 
     set(cmd              ${CMAKE_COMMAND} -Dcan_fetch=YES -P ${update_script})
 
     set(cmd_disconnected ${CMAKE_COMMAND} -Dcan_fetch=NO  -P ${update_script})

+ 3 - 3
Modules/ExternalProject/gitclone.cmake.in
Parādīt failu 

@@ -25,7 +25,7 @@ set(error_code 1)
 
 set(number_of_tries 0)
 
 while(error_code AND number_of_tries LESS 3)
 
   execute_process(
 
-    COMMAND "@git_EXECUTABLE@" @git_options@
 
+    COMMAND "@git_EXECUTABLE@"
 
             clone @git_clone_options@ "@git_repository@" "@src_name@"
 
     WORKING_DIRECTORY "@work_dir@"
 
     RESULT_VARIABLE error_code
 
@@ -40,7 +40,7 @@ if(error_code)
 
 endif()
 
 
 execute_process(
 
-  COMMAND "@git_EXECUTABLE@" @git_options@
 
+  COMMAND "@git_EXECUTABLE@"
 
           checkout "@git_tag@" @git_checkout_explicit--@
 
   WORKING_DIRECTORY "@work_dir@/@src_name@"
 
   RESULT_VARIABLE error_code
 
@@ -52,7 +52,7 @@ endif()
 
 set(init_submodules @init_submodules@)
 
 if(init_submodules)
 
   execute_process(
 
-    COMMAND "@git_EXECUTABLE@" @git_options@
 
+    COMMAND "@git_EXECUTABLE@" @git_submodules_config_options@
 
             submodule update @git_submodules_recurse@ --init @git_submodules@
 
     WORKING_DIRECTORY "@work_dir@/@src_name@"
 
     RESULT_VARIABLE error_code

+ 3 - 1
Modules/ExternalProject/gitupdate.cmake.in
Parādīt failu 

@@ -283,7 +283,9 @@ endif()
 
 set(init_submodules "@init_submodules@")
 
 if(init_submodules)
 
   execute_process(
 
-    COMMAND "@git_EXECUTABLE@" --git-dir=.git submodule update @git_submodules_recurse@ --init @git_submodules@
 
+    COMMAND "@git_EXECUTABLE@"
 
+            --git-dir=.git @git_submodules_config_options@
 
+            submodule update @git_submodules_recurse@ --init @git_submodules@
 
     WORKING_DIRECTORY "@work_dir@"
 
     COMMAND_ERROR_IS_FATAL ANY
 
   )