-
Notifications
You must be signed in to change notification settings - Fork 242
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nywilken/bump submodules 2.2.1 #427
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
nywilken
commented
Mar 16, 2023
- Split request options from client into a new request struct (Split req and client #230)
- ChecksumFromFile: change checksummedURL to checksummedPath for clarity
- make Get return GetResult (make Get return GetResult #231)
- Allow to not download local files and simply reference them 'inplace' given an option, remove the 'Dir' bool option & rename ClientMode to Mode (Allow to not download local files and simply reference them 'inplace' given an option #232)
- Change module path to github.com/hashicorp/go-getter/v2
- use correct go-getter/v2 for cmd
- Retrieve checksum from subfolder/filename (Retrieve checksum from subfolder/filename #239)
- Create client GetChecksum (Create client GetChecksum #245)
- Create cmd/go-getter/v2, s3/v2 and gcs/v2 submodules (Create sub modules cmd/go-getter/v2, s3/v2 and gcs/v2 #244)
- gcs&s3: use a git sha from v2 branch to require go-getter/v2
- Make checksum func public (Make checksum func public #252)
- Getters refactoring (Getters refactoring #255)
- use v2/helper (Remove go-getter v1.4.1 dependency #258)
- deps: Update github.com/ulikunitz/[email protected] (deps: Update github.com/ulikunitz/[email protected] #279)
- Remove broken bitbucket link
- Use default AWS credential chain under normal circumstances (Use default AWS credential handling under normal circumstances #218)
- feat(detector): provide a detector for repository hosted on GitLab.com (feat(detector): provide a detector for repository hosted on GitLab.com #259) (feat(detector): provide a detector for repository hosted on GitLab.com (#259) #281)
- detector/bitbucket: Remove support for hg URL schema (detector/bitbucket: Remove support for hg URL schema #280)
- Update v2 branch with code from the master branch (Update v2 branch with code from the master branch #282)
- enable GitHub code scanning workflow (enable GitHub code scanning workflow #295) (enable GitHub code scanning workflow for v2 branch #297)
- fixes 320: Pass context to NewRequestWithContext so HTTP requests can be canceled via context (fixes #320: Pass context to NewRequestWithContext so HTTP requests can… #324)
- Append tar and ova decompressor (Append tar and ova decompressor in v2 #351)
- Ignore comments in checksum files (Ignore comments in checksum files #350)
- [v2] update s3 gcs and cmd to use most recent v2 module ([v2] update s3 gcs and cmd to use most recent v2 module #352)
- Remove ova type from list of decompressors (Removed ova file type from the list of supported decompressors #354)
- Multiple fixes for go-getter v2 (Multiple fixes for go-getter v2 #361)
- Update X-Terraform-Get error messaging to match v1 (Update X-Terraform-Get error messaging to match v1 #364)
- Update default client Getters (Update default Getters with known defaults #363)
- [v2] update s3 gcs and cmd to use most recent v2 module ([v2] update s3 gcs and cmd to use most recent v2 module #365)
- docs: provide logging recommendations (docs: provide logging recommendations #371) (docs: provide logging recommendations #372)
- Add Timeout to SmbClientGetter to go-getter/v2 ( Add Timeout to SmbClientGetter to go-getter/v2 #369)
- inital migration of v2 to gha
- Update get_hg_test.go
- Update get_hg_test.go
- upgrade AWS SDK version
- Update go mod sum file for updated s3 module
- add s3 directory
- remove init from s3 file
- fix my grammar
- Add Malformed S3 URL test (Add Malformed S3 URL test #380)
- [v2] update s3, gcs and cmd to use most recent v2 module version ([v2] update s3, gcs and cmd to use most recent v2 module version #400)
- Port Decompression bomb security changes from v1 (Port Decompression bomb security changes from v1 #414)
- Bump all modules to Go 1.18
- [V2] Bump submodules to use most recent v2 module version
- v2/cmd/go-getter: Bump go-getter submodule versions
- Merge pull request v1: decompressors: add LimitedDecompressors helper #413 from hashicorp/limited-decompressors-helper
- Update Go-Getter test workflow to run on pull requests to v2 branch
- Port bomb.zip test updates from v1 (Port bomb.zip test updates from v1 #425)
- [v2] update s3, gcs and cmd to use most recent v2 module version
and document checksumming a bit better.
To allow to tell what operation was done by the go getter; this will allow the go-getter to 'make a choice' based on a set of arguments. For example: * Decide of a random temporary folder/file in which to put the wanted object and then tell us where it was put. * just tell that this file was not being copied but simply referenced because it is already in the drive ( this one is usefull to Packer )
… given an option, remove the 'Dir' bool option & rename ClientMode to Mode (#232) adds the Inplace bool field to a Request allowing to use local files 'inplace' and just setting the GetResult.Dst to the source file. This will allow Packer to not do any operation and to use big local files 'inplace'.
This is in preparation for the first v2 release.
Merge master into v2
to not force importers to import 3rd party getters and dependencies
* make FileChecksum.Checksum public * add FileChecksum.String func * FileChecksum.Checksum: change var name `file` to `filePath` to avoid confusion
Addresses CVE-2020-16845. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845 Reference: GHSA-25xm-hr59-7c27 Reference: ulikunitz/xz#35
#259) (#281) * feat(detector): provide a detector for repository hosted on GitLab.com (#259) * remove hg test after #276 Co-authored-by: Davin Kevin <[email protected]>
This change removes hg as a supported schema for the BitBucket detector as Mercurial enabled repositories are not longer supported by BitBucket. Official announcement at https://bitbucket.org/blog/sunsetting-mercurial-support-in-bitbucket. Test results before change ``` --- FAIL: TestHgGetter_DetectBitBucketDetector (0.52s) get_hg_test.go:157: err: unknown BitBucket SCM type: --- FAIL: TestBitBucketDetector (0.61s) detect_bitbucket_test.go:51: err: unknown BitBucket SCM type: FAIL FAIL github.com/hashicorp/go-getter/v2 6.240s ``` Test results after change ``` ok github.com/hashicorp/go-getter/v2 6.102s ```
* Merge remote-tracking branch 'origin/master' into client_umask * move umask/mode calls in request.go * Request.Mode => Request.GetMode && req.mode => req.Mode * add req.CopyReader func for 3rd party pkgs * fixup calls * up go modules * update cmd
… be canceled via context (#324)
Co-authored-by: Michael Schurter <[email protected]>
* ignore commented lines when parsing a checksum file * Update Dockerfile set noninteractive mode to installation * Update Dockerfile pin to go 1.15, because it worked//works there; I suspect this is a "debian changed something" issue.
* Fix command injection in go-getter when passing params to hg clone The fix for this is to add -- to the arguments of each hg command, before any user-input. This indicates the end of optional arguments, only positional arguments are allowed. * Remove upwards path traversal in subdirectories, filenames * Prevent arbitrary file read, path traversal via subdirectory extraction Not opt-in or opt-out, just never allowed. Upwards path traversal is not a subdirectory. *Prevent arbitrary file write via `filename` Not opt-in or opt-out, just never allowed. Upwards path traversal is not a filename in a subdirectory. * Add Timeout option to HgGetter and GitGetter enforced with os/exec.CommandContext * Add DisableSymlinks option to getter request The fix for this is a new client request option, DisableSymlinks. When set to true, symlinks are disabled. This prevents the client, likely in combination with the GitGetter, from following a symlink when the subdirectory selection from the checked out repo is a symlink. * Add custom symlink copy error * Add DisableSymlinks as client option Setting DisableSymlinks per request works but must be set on all request made by a client. Adding it as a top-level client config option allows for setting DisableSymlinks for all client.Get requests. * Update get_http to address various get concerns * Add XTerraformGetLimit and XTerraformGetDisabled * Add Multiple new options to limit resource consumption: DoNotCheckHeadFirst, HeadFirstTimeout, ReadTimeout, MaxBytes * Add getter client to context for reuse * Add setters/getters for storing configured getter.Client in a context * Update HttpGetter to use ClientFromContext when available; otherwise use a limited client for supporting X-Terraform-Get request * Refactor HttpGetter function to make it clear when a configured getter.Client is required * Add security section to README * Port changes from hashicorp/eastebry/timeout-for-getters Adding timeout to s3Getter * Port changes from from hashicorp/add-missing-timeouts Add missing timeouts to `S3Getter` and `GCSGetter` * Remove windows test for FileGetter * Change to next-get image Co-authored-by: Kent 'picat' Gruber <[email protected]> Co-authored-by: Sylvia Moss <[email protected]>
* By default XTerrformGet header support should be disable; clients needing supporting this header should overwrite the default getters with a custom HttpGetter * Add default timeouts for HTTP Read Requests; including HEAD requests
Co-authored-by: mickael-hc <[email protected]>
* Add Timeout to SmbClientGetter Allow caller to configure a command execution context with a default timeout for all smbclient CLI operations. * Make smbclient timeout configurable
add back gcs and s3 components add smb tests and more go versions whoops change to ubuntu remove tags for now reshifting reshifting testing linux only shifiting again try docker build fix TTY message try to fix windows add git config for submodule remove out error fix window tests disable window tests for now
Co-authored-by: Wilken Rivera <[email protected]>
Co-authored-by: Kent 'picat' Gruber <[email protected]>
Migrate go-getter v2 to GHA
v2: upgrade AWS SDK version
update test s3 bucket name let see if s3 tests work now try matrix for multiple directories try to fix GCS tests move go tests after GCS auth Revert "move go tests after GCS auth" This reverts commit 7adfd47. move go tests after GCS auth comment out other workflows go mod tidy go mod tidy comment out go cmd for now Revert "go mod tidy" This reverts commit 416722c. remove helper directory revert go mod add go cmd go mod tidy for GCS go mod tidy for cmd
Fix Go Tests for V2
The added tests validates that the Go-Getter client for when getting an invalid S3 URL does not panic, as described in CVE-2022-41605.
* Add zstd support Port changes from v1 #292 * Port decompression bomb changes from v1 #412 --------- Co-authored-by: Yan Su <[email protected]> Co-authored-by: Kent 'picat' Gruber <[email protected]>
* Update build flags to new format
v1: decompressors: add LimitedDecompressors helper
* Merge pull request #424 from hashicorp/fix-av-reports Remove `bomb.zip` test file to stop anti-virus noise * Update call to WriteFile --------- Co-authored-by: Kent 'picat' Gruber <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.