You are viewing a plain text version of this content. The canonical link for it is here.
Posted to gitbox@yetus.apache.org by GitBox <gi...@apache.org> on 2022/04/21 09:30:06 UTC
[GitHub] [yetus] ndimiduk commented on a diff in pull request #254: YETUS-1159. fixes for CVE-2022-24765
ndimiduk commented on code in PR #254:
URL: https://github.com/apache/yetus/pull/254#discussion_r854977904
##########
precommit/src/main/shell/core.d/00-yetuslib.sh:
##########
@@ -528,3 +528,65 @@ function yetus_set_trap_handler
trap "${func} ${signal}" "${signal}"
done
}
+
+## @description Determine if running in a container
+## @audience public
+## @stability evolving
+## @replaceable no
+function yetus_is_container
+{
+ declare mounts
+ declare cgroups
+
+ if [[ -n "${YETUS_CONTAINER_STATE}" ]]; then
+ if [[ "${YETUS_CONTAINER_STATE}" == "true" ]]; then
+ return 0
+ fi
+ return 1
+ fi
+
+ if [[ -f /.dockerenv ]]; then
+ YETUS_CONTAINER_STATE=true
+ return 0
+ fi
+
+ if [[ -n "${container}" ]]; then
+ YETUS_CONTAINER_STATE=true
+ return 0
+ fi
+
+ if [[ -d /proc/self/mountinfo ]]; then
Review Comment:
Is the order of these checks important? Is it better to start with one proc mount vs the other?
##########
precommit/src/main/shell/core.d/00-yetuslib.sh:
##########
@@ -528,3 +528,65 @@ function yetus_set_trap_handler
trap "${func} ${signal}" "${signal}"
done
}
+
+## @description Determine if running in a container
+## @audience public
+## @stability evolving
+## @replaceable no
+function yetus_is_container
+{
+ declare mounts
+ declare cgroups
+
+ if [[ -n "${YETUS_CONTAINER_STATE}" ]]; then
+ if [[ "${YETUS_CONTAINER_STATE}" == "true" ]]; then
+ return 0
+ fi
+ return 1
+ fi
+
+ if [[ -f /.dockerenv ]]; then
+ YETUS_CONTAINER_STATE=true
+ return 0
+ fi
+
+ if [[ -n "${container}" ]]; then
Review Comment:
Where does `${container}` come from?
##########
precommit/src/main/shell/core.d/01-common.sh:
##########
@@ -303,6 +303,27 @@ function common_args
USER_PLUGIN_DIR="${BASEDIR}/.yetus/plugins.d"
}
+## @description Verify that BASEDIR is a git repo
+## @description and set some git settings
+## @audience public
+## @stability evolving
+## @replaceable no
+function verify_basedir_repo
+{
+ if [[ ! -e "${BASEDIR}/.git" ]]; then
+ yetus_error "ERROR: ${BASEDIR} is not a git repo."
+ cleanup_and_exit 1
Review Comment:
Forgive my ignorance. Is it a common pattern in our public API that functions prefixed with `verify_` can exit the process when their condition is not met?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@yetus.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org