diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-11-12 01:34:19 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-11-12 01:34:19 -0400 |
| commit | b4adaf75a36d6d6425df820c46023a32e79bb6df (patch) | |
| tree | 6f780bcb3c4bd9148d5770e389e854d8f025d15f /debian | |
| parent | 8d79d072dad51c9f7eb147f12bbe33742708f4b5 (diff) | |
The propellor wrapper checks if ./config.hs exists; if so it runs using the configuration in the current directory, rather than ~/.propellor/config.hs
The config,hs name now seems a bit badly chosen, propellor.hs would be less
ambiguous. To avoid accidentially running with a config.hs for something
else, the file content has to contain "Propellor".
Note that checkRepoUpToDate is only run for ~/.propellor/. I guess
propellor configs in other directories won't have been set up that way,
and it would take some changes to make that not hardcode use of
dotPropellor.
There's a new security boundary here, since running propellor looks at the
cwd, whose contents might not be user the user's control. The security
checks I added for this seem pretty good, but even if they can be bypassed,
this is not much different than `make` using the Makefile in cwd.
This commit was sponsored by Ole-Morten Duesund on Patreon.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 509734dd..f3442116 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,9 @@ propellor (3.2.3) UNRELEASED; urgency=medium * Improve extraction of gpg secret key id list, to work with gpg 2.1. + * The propellor wrapper checks if ./config.hs exists; if so it runs + using the configuration in the current directory, rather than + ~/.propellor/config.hs -- Joey Hess <id@joeyh.name> Fri, 11 Nov 2016 19:32:54 -0400 |