Submodules have their git directory in the master repository's directory
(../.git/modules/<name>). firejail does not allow whitelisted paths to
have ".." in them, so use realpath() to get rid of that.
`git show` still wants to be able to access the main repository
directory though, so we also need to whitelist the $repoDir itself.
Bug: T181919
Change-Id: I928df92b47733bc7fbb9c796bcfc1504d4a4598c
+ /**
+ * Location of the repository
+ */
+ protected $repoDir;
+
/**
* Path to JSON cache file for pre-computed git information.
*/
/**
* Path to JSON cache file for pre-computed git information.
*/
* @see precomputeValues
*/
public function __construct( $repoDir, $usePrecomputed = true ) {
* @see precomputeValues
*/
public function __construct( $repoDir, $usePrecomputed = true ) {
+ $this->repoDir = $repoDir;
$this->cacheFile = self::getCacheFilePath( $repoDir );
wfDebugLog( 'gitinfo',
"Computed cacheFile={$this->cacheFile} for {$repoDir}"
$this->cacheFile = self::getCacheFilePath( $repoDir );
wfDebugLog( 'gitinfo',
"Computed cacheFile={$this->cacheFile} for {$repoDir}"
'--format=format:%ct',
'HEAD',
];
'--format=format:%ct',
'HEAD',
];
+ $gitDir = realpath( $this->basedir );
$result = Shell::command( $cmd )
$result = Shell::command( $cmd )
- ->environment( [ 'GIT_DIR' => $this->basedir ] )
+ ->environment( [ 'GIT_DIR' => $gitDir ] )
->restrict( Shell::RESTRICT_DEFAULT | Shell::NO_NETWORK )
->restrict( Shell::RESTRICT_DEFAULT | Shell::NO_NETWORK )
- ->whitelistPaths( [ $this->basedir ] )
+ ->whitelistPaths( [ $gitDir, $this->repoDir ] )
->execute();
if ( $result->getExitCode() === 0 ) {
->execute();
if ( $result->getExitCode() === 0 ) {