X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-dev.git/blobdiff_plain/479b1cb73a333fa76e7d05f4000eb6267d8682c6..1c9ac2563d5afefb47da45c352f4bdd25acf8635:/python/invirt/builder.py

diff --git a/python/invirt/builder.py b/python/invirt/builder.py
index e3280aa..f2cb421 100644
--- a/python/invirt/builder.py
+++ b/python/invirt/builder.py
@@ -28,21 +28,34 @@ def getRepo(package):
     """Return the path to the git repo for a given package."""
     return os.path.join(_REPO_DIR, 'invirt/packages', '%s.git' % package)
 
+def ensureValidRepo(package):
+    """Perform some basic sanity checks that the requested repo is in a
+    subdirectory of _REPO_DIR/invirt/packages.  This prevents weirdness
+    such as submitting a package like '../prod/...git'.  Also ensures that
+    the repo exists."""
+    # TODO: this might be easier just to regex
+    repo = os.path.abspath(getRepo(package))
+    parent_dir = os.path.dirname(repo)
+    prefix = os.path.join(_REPO_DIR, 'invirt/packages')
+    if not parent_dir.startswith(prefix):
+        raise InvalidBuild('Invalid package name %s' % package)
+    elif not os.path.exists(repo):
+        raise InvalidBuild('Nonexisting package %s' % package)
 
 def pocketToGit(pocket):
     """Map a pocket in the configuration to a git branch."""
-    return getattr(getattr(config.git.pockets, pocket), 'git', pocket)
+    return getattr(getattr(config.build.pockets, pocket), 'git', pocket)
 
 
 def pocketToApt(pocket):
     """Map a pocket in the configuration to an apt repo pocket."""
-    return getattr(getattr(config.git.pockets, pocket), 'apt', pocket)
+    return getattr(getattr(config.build.pockets, pocket), 'apt', pocket)
 
 
 def getGitFile(package, ref, path):
     """Return the contents of a path from a git ref in a package."""
     return c.captureOutput(['git', 'cat-file', 'blob', '%s:%s' % (ref, path)],
-                         cwd=getRepo(package))
+                           cwd=getRepo(package))
 
 
 def getChangelog(package, ref):
@@ -85,27 +98,30 @@ def validateBuild(pocket, package, commit):
     another pocket, then this function returns that pocket. Otherwise,
     it returns True.
     """
+    ensureValidRepo(package)
     package_repo = getRepo(package)
     new_version = getVersion(package, commit)
 
-    for p in config.git.pockets:
+    ret = True
+
+    for p in config.build.pockets:
         if p == pocket:
             continue
 
         b = pocketToGit(p)
         current_commit = c.captureOutput(['git', 'rev-parse', b],
-                                       cwd=package_repo)
+                                         cwd=package_repo).strip()
         current_version = getVersion(package, b)
 
         if current_version == new_version:
             if current_commit == commit:
-                return p
+                ret = p
             else:
-                raise InvalidBuild('Version %s of %s already available in '
+                raise InvalidBuild('Version %s of %s already available is in '
                                    'pocket %s from commit %s' %
                                    (new_version, package, p, current_commit))
 
-    if config.git.pockets[pocket].get('allow_backtracking', False):
+    if not config.build.pockets[pocket].get('allow_backtracking', False):
         branch = pocketToGit(pocket)
         current_version = getVersion(package, branch)
         if new_version <= current_version:
@@ -120,4 +136,4 @@ def validateBuild(pocket, package, commit):
                                'commit currently in pocket %s' %
                                (commit, package, pocket))
 
-
+    return ret