Ted Zlatanov <t...@lifelogs.com> wrote:
>One more improvement: the .git/config file is now enforced :)
>
>This means that it's pretty much impossible for an attacker to make you
>check out the wrong thing, even if they can modify the .git/config file
>(they can always exploit a race condition, but it's still an
>improvement).
>
>But it seems like `this.promise_filename' refers to the top-level
>(i.e. runme.cf) filename, even though the vcs_freshclone promises are
>made in a different file. This makes it impossible to find templates
>relative to the sketch installation; e.g. when
>
>bundle agent vcs_freshclone(prefix)
>{
> vars:
> "bundle_home" string => dirname("$(this.promise_filename)"),
> policy => "overridable";
>}
>
>is called from A/runme.cf, while B/vcs_freshclone.cf has the actual
>bundle definition, $(bundle_home) will have A and not B.
>
>Nick, if you can confirm this bug (I could always be doing something
>dumb on my side), I'll submit it to the bugtracker and think of an
>interim way to feed the template location to a sketch. This is the
>last
>improvement before I consider vcs_freshclone production-ready. I've
>been testing it since Saturday and it's working great for me.
>
>Thanks
>Ted
I'll try to look at it today. Been gone all weekend for sisters graduation
--
Sent from Kaiten Mail for Android. Please excuse my brevity.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
