Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump git2 to 0.15 and libgit2-sys to 0.14 #11004

Merged
merged 2 commits into from
Aug 27, 2022
Merged

Conversation

jonhoo
Copy link
Contributor

@jonhoo jonhoo commented Aug 17, 2022

This will allow cargo to avoid vendored builds of git2 in up-to-date
environments going forward, and brings in the libgit2 1.4.4 CVE fix.

This will allow cargo to avoid vendored builds of git2 in up-to-date
environments going forward, and brings in the [libgit2 1.4.4 CVE fix].

[libgit2 1.4.4 CVE fix]: https://github.com/libgit2/libgit2/releases/tag/v1.4.4
@rust-highfive
Copy link

r? @weihanglo

(rust-highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Aug 17, 2022
@ehuss
Copy link
Contributor

ehuss commented Aug 17, 2022

I think to move forward with this cargo will need to call libgit2_sys::set_verify_owner_validation(false) in order to disable owner validation. We don't need that for security (cargo doesn't do discovery in any way that is a concern) and there are scenarios where it will trigger in typical environments.

@jonhoo
Copy link
Contributor Author

jonhoo commented Aug 17, 2022

Ah, yes, I remember from the discussion in rust-lang/rfcs#3279. Will update!

@jonhoo
Copy link
Contributor Author

jonhoo commented Aug 17, 2022

One issue with setting that is that it's a global property. Which means that if someone has a project that uses git2 separately from cargo, but also runs cargo, then operations they do with git2 will also not have the owner check applied, which is probably unexpected. We could set it before each git operation and reset it after, though that feels brittle and racy. I wish it were possible to configure this option per repository...

@jonhoo
Copy link
Contributor Author

jonhoo commented Aug 17, 2022

There's git_repository_open_ext, but the flags it supports don't include the owner check.

@jonhoo
Copy link
Contributor Author

jonhoo commented Aug 17, 2022

Having now dug through the libgit2 PR that introduced the ownership check, libgit2/libgit2#6266, I don't see a way around this. Either we have to disable the check globally in something like cargo::Config::new, or we have to surround every call to git2::Repository::open (or ::init? or ::clone?) with a disable + do + enable dance which still risks racing with other (non-Cargo) code to allow opening a repository there with the check unexpectedly disabled.

@ehuss
Copy link
Contributor

ehuss commented Aug 17, 2022

I was thinking it can be called from init_git_transports or somewhere around there on the binary side. That shouldn't affect cargo-lib users, and I believe is the only safe place to do it since it is an unprotected global.

@jonhoo
Copy link
Contributor Author

jonhoo commented Aug 17, 2022

We could do that, although it would mean that anyone using Cargo as a library would need to know to explicitly call that method themselves too. We could perhaps add a method like Config::globally_disable_git_ownership_verification so that consumers will at least a) not have to add git2 as a direct dependency and b) hopefully discover that this is something they may need to call?

@jonhoo
Copy link
Contributor Author

jonhoo commented Aug 17, 2022

One option might be to set the ceiling directories, which can be done per open, but as far as I can tell from the implementation that doesn't actually bypass the check either?

@weihanglo
Copy link
Member

We could perhaps add a method like Config::globally_disable_git_ownership_verification

This sounds lovely to me. And I believe people will eventually find it. As Cargo lib users, they must be accustomed to breakages between versions sometimes. (Sorry about that 😅)

Copy link
Member

@weihanglo weihanglo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am going to merge this. Thanks for the pull request.

If @ehuss or anyone still concerns with this, feel free to comment.

@weihanglo
Copy link
Member

@bors r+

@bors
Copy link
Contributor

bors commented Aug 27, 2022

📌 Commit 222e0e5 has been approved by weihanglo

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Aug 27, 2022
@bors
Copy link
Contributor

bors commented Aug 27, 2022

⌛ Testing commit 222e0e5 with merge e5ec3a8...

@weihanglo weihanglo added the relnotes Release-note worthy label Aug 27, 2022
@weihanglo
Copy link
Member

I feel like this worth mentioning in release note, at least for library user?

@bors
Copy link
Contributor

bors commented Aug 27, 2022

☀️ Test successful - checks-actions
Approved by: weihanglo
Pushing e5ec3a8 to master...

@bors bors merged commit e5ec3a8 into rust-lang:master Aug 27, 2022
@weihanglo weihanglo removed the relnotes Release-note worthy label Aug 27, 2022
bors pushed a commit to rust-lang-ci/rust that referenced this pull request Aug 29, 2022
5 commits in 6da726708a4406f31f996d813790818dce837161..4ed54cecce3ce9ab6ff058781f4c8a500ee6b8b5
2022-08-23 21:39:56 +0000 to 2022-08-27 18:41:39 +0000
- doc: pause, for readability (rust-lang/cargo#11027)
- Bump git2 to 0.15 and libgit2-sys to 0.14 (rust-lang/cargo#11004)
- Fix typo (rust-lang/cargo#11025)
- Update cargo-toml-vs-cargo-lock.md (rust-lang/cargo#11021)
- Apply GitHub fast path even for partial hashes (rust-lang/cargo#10807)
bors added a commit to rust-lang-ci/rust that referenced this pull request Aug 29, 2022
…acrum

Update cargo

5 commits in 6da726708a4406f31f996d813790818dce837161..4ed54cecce3ce9ab6ff058781f4c8a500ee6b8b5
2022-08-23 21:39:56 +0000 to 2022-08-27 18:41:39 +0000
- doc: pause, for readability (rust-lang/cargo#11027)
- Bump git2 to 0.15 and libgit2-sys to 0.14 (rust-lang/cargo#11004)
- Fix typo (rust-lang/cargo#11025)
- Update cargo-toml-vs-cargo-lock.md (rust-lang/cargo#11021)
- Apply GitHub fast path even for partial hashes (rust-lang/cargo#10807)
@jonhoo
Copy link
Contributor Author

jonhoo commented Aug 31, 2022

I agree this should be mentioned in relnotes!

@jonhoo jonhoo deleted the bump-git2 branch August 31, 2022 00:27
@ehuss ehuss added this to the 1.65.0 milestone Aug 31, 2022
@ehuss
Copy link
Contributor

ehuss commented Aug 31, 2022

fwiw, I always include libgit2 bumps in the Cargo changelog. But I don't think this needs to be in the Rust release notes, does it? Are you concerned that third-party packages that link to the cargo API might run into problems here?

@jonhoo
Copy link
Contributor Author

jonhoo commented Aug 31, 2022

Oh, sorry, I thought relnotes was the Cargo release notes, not the Rust release notes. I agree with you it probably doesn't need to be in the Rust release notes.

I will point out that this bump means that libgit2 will now be built from source for anyone without a fairly recent libgit2 installed locally, which may cause some headache (it did for me), but that should only hit a small number of entities I suspect.

@ehuss
Copy link
Contributor

ehuss commented Aug 31, 2022

Ah. Ok, I'll untag the relnotes. That label is only for RELEASES.md.

@ehuss
Copy link
Contributor

ehuss commented Aug 31, 2022

Oh, it was already removed. I was confused. 😄

RalfJung pushed a commit to RalfJung/rust-analyzer that referenced this pull request Apr 20, 2024
Update cargo

5 commits in 6da726708a4406f31f996d813790818dce837161..4ed54cecce3ce9ab6ff058781f4c8a500ee6b8b5
2022-08-23 21:39:56 +0000 to 2022-08-27 18:41:39 +0000
- doc: pause, for readability (rust-lang/cargo#11027)
- Bump git2 to 0.15 and libgit2-sys to 0.14 (rust-lang/cargo#11004)
- Fix typo (rust-lang/cargo#11025)
- Update cargo-toml-vs-cargo-lock.md (rust-lang/cargo#11021)
- Apply GitHub fast path even for partial hashes (rust-lang/cargo#10807)
RalfJung pushed a commit to RalfJung/rust-analyzer that referenced this pull request Apr 27, 2024
Update cargo

5 commits in 6da726708a4406f31f996d813790818dce837161..4ed54cecce3ce9ab6ff058781f4c8a500ee6b8b5
2022-08-23 21:39:56 +0000 to 2022-08-27 18:41:39 +0000
- doc: pause, for readability (rust-lang/cargo#11027)
- Bump git2 to 0.15 and libgit2-sys to 0.14 (rust-lang/cargo#11004)
- Fix typo (rust-lang/cargo#11025)
- Update cargo-toml-vs-cargo-lock.md (rust-lang/cargo#11021)
- Apply GitHub fast path even for partial hashes (rust-lang/cargo#10807)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants