Referring to local plugins from project.conf using relative paths which lead outside of the project directory
Referring to files or directories which lead outside of the project directory in local source path: configuration
Also relevant, is usage of symlinks in a project directory which lead outside of the project, but are in any way required to build the project, this can happen for both of the above mentioned cases (using proper paths which refer to symlinks which instead attempt to crawl out of the project directory).
In any of these cases, BuildStream should abort early with an error message.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Child items 0
Show closed items
No child items are currently assigned. Use child items to break down this issue into smaller parts.
Note that in order to avoid breaking builds, we need to wait for freedesktop-sdk/freedesktop-sdk#229 (closed) to be fixed in order to properly police and enforce the expected project behavior.
This needs a low level private API to do the grunt work of asserting a project path
A project path must not escape the project
A project path must not have symlink components which maliciously escape the project
This function might raise an exception, or return a boolean
For best convenience of plugin authors and user experience, we should add a public method to Plugin
This belongs to the YAML node manipulation family, something like Plugin.node_load_project_path()
This behaves similarly to calling Plugin.node_get_member() when loading a string, except that it additionally validates the string using the private utils function mentioned above
If the project path is not a valid one, it raises a PluginError() with the appropriate Provenance (see Plugin.node_provenance() etc)
local source needs to use the new Plugin API to load it's path
patch source needs to do the same
ostree source needs to do the same (for the loading of it's gpg file for validation)
_project.py needs to also validate some paths, using a private utility
The element-path
Paths related to local plugin loading locations
Since we always raise the error when extracting the string from the YAML dictionary nodes, maybe we want the private API to be in _yaml.py instead, or have a layer there at least; whichever makes more sense. Point being that we also want the Provenance (filename, line, column) information for any error we encounter at load time.