summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorJoey Hess2016-11-12 01:34:19 -0400
committerJoey Hess2016-11-12 01:34:19 -0400
commitb4adaf75a36d6d6425df820c46023a32e79bb6df (patch)
tree6f780bcb3c4bd9148d5770e389e854d8f025d15f /debian
parent8d79d072dad51c9f7eb147f12bbe33742708f4b5 (diff)
The propellor wrapper checks if ./config.hs exists; if so it runs using the configuration in the current directory, rather than ~/.propellor/config.hs
The config,hs name now seems a bit badly chosen, propellor.hs would be less ambiguous. To avoid accidentially running with a config.hs for something else, the file content has to contain "Propellor". Note that checkRepoUpToDate is only run for ~/.propellor/. I guess propellor configs in other directories won't have been set up that way, and it would take some changes to make that not hardcode use of dotPropellor. There's a new security boundary here, since running propellor looks at the cwd, whose contents might not be user the user's control. The security checks I added for this seem pretty good, but even if they can be bypassed, this is not much different than `make` using the Makefile in cwd. This commit was sponsored by Ole-Morten Duesund on Patreon.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog3
1 files changed, 3 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 509734dd..f3442116 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
propellor (3.2.3) UNRELEASED; urgency=medium
* Improve extraction of gpg secret key id list, to work with gpg 2.1.
+ * The propellor wrapper checks if ./config.hs exists; if so it runs
+ using the configuration in the current directory, rather than
+ ~/.propellor/config.hs
-- Joey Hess <id@joeyh.name> Fri, 11 Nov 2016 19:32:54 -0400