add the "allowed_scms" kojid parameter: a whitelist of hostname:repository tuples that kojid is allowed to checkout from

2007-12-18 12:52:27 -05:00 · 2007-12-18 12:52:27 -05:00 · 31b5d7265c
commit 31b5d7265c
parent 1d040eba5a
2 changed files with 15 additions and 0 deletions
--- a/builder/kojid
+++ b/builder/kojid
@ -1809,6 +1809,17 @@ class BuildSRPMFromSCMTask(BaseTaskHandler):
        # will throw a BuildError if the url is invalid
        scm = SCM(url)

+        for allowed_scm in options.allowed_scms.split():
+            scm_tuple = allowed_scm.split(':')
+            if len(scm_tuple) == 2:
+                if scm.host == scm_tuple[0] and scm.repository == scm_tuple[1]:
+                    # SCM host:repository is in the allowed list
+                    break
+            else:
+                self.logger.warn('Ignoring incorrectly formatted SCM host:repository: %s' % allowed_scm)
+        else:
+            raise koji.BuildError, '%s:%s is not in the list of allowed SCMs' % (scm.host, scm.repository)
+
        # Setup files and directories for SRPM creation
        scmdir = self.workdir + '/scmroot'
        self.logger.debug(scmdir)
@ -2551,6 +2562,7 @@ def get_options():
                'user': None,
                'password': None,
                'pkgurl': None,
+                'allowed_scms': '',
                'cert': '/etc/kojid/client.crt',
                'ca': '/etc/kojid/clientca.crt',
                'serverca': '/etc/kojid/serverca.crt'}
--- a/builder/kojid.conf
+++ b/builder/kojid.conf
@ -35,6 +35,9 @@ server=http://hub.example.com/kojihub
 ; The URL for the packages tree
 pkgurl=http://hub.example.com/packages

+; A space-separated list of hostname:repository pairs that kojid is authorized to checkout from (no quotes)
+allowed_scms=scm.example.com:/cvs/example git.example.org:/example
+
 ; The mail host to use for sending email notifications
 smtphost=example.com