[bitbake-devel] [PATCH] fetch2/git.py: Added handling of the user's password in url
Khem Raj
raj.khem at gmail.com
Sat Apr 14 00:36:58 UTC 2018
On 4/12/18 2:44 AM, Jakub Dębski wrote:
> Fetching source code from private repository (using https or http) fails
> because password passed in url (git://user:pass@domain) is ignored.
>
this is a security issue since SRC_URIs get into the package metadata
infact a patch to detect this case and warn/error about it will be
better. You might want to use .netrc to specify the credentials.
> Signed-off-by: Jakub Dębski <jdebski at enigma.com.pl>
> ---
> lib/bb/fetch2/git.py | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/lib/bb/fetch2/git.py b/lib/bb/fetch2/git.py
> index 3de83be..6600e19 100644
> --- a/lib/bb/fetch2/git.py
> +++ b/lib/bb/fetch2/git.py
> @@ -527,10 +527,13 @@ class Git(FetchMethod):
> Return the repository URL
> """
> if ud.user:
> - username = ud.user + '@'
> + if ud.pswd:
> + userinfo = ud.user + ':' + ud.pswd '@'
> + else:
> + userinfo = ud.user + '@'
> else:
> - username = ""
> - return "%s://%s%s%s" % (ud.proto, username, ud.host, ud.path)
> + userinfo = ""
> + return "%s://%s%s%s" % (ud.proto, userinfo, ud.host, ud.path)
>
> def _revision_key(self, ud, d, name):
> """
>
More information about the bitbake-devel
mailing list