move untrusted committer test into the wrapper
This saves around 1/4th second per trusted commit since ikiwiki doesn't need to start up.master
Joey Hess
parent
b7c9682b32
commit
7ddea03684
|
|
@ -7,7 +7,6 @@ use strict;
|
|||
use IkiWiki;
|
||||
|
||||
sub getuser () { #{{{
|
||||
# CALLER_UID is set by the suid wrapper, to the original uid
|
||||
my $user=(getpwuid(exists $ENV{CALLER_UID} ? $ENV{CALLER_UID} : $<))[0];
|
||||
if (! defined $user) {
|
||||
error("cannot determine username for $<");
|
||||
|
|
@ -21,6 +20,31 @@ sub trusted () { #{{{
|
|||
! grep { $_ eq $user } @{$config{untrusted_committers}};
|
||||
} #}}}
|
||||
|
||||
sub gen_wrapper () { #{{{
|
||||
# Test for commits from untrusted committers in the wrapper, to
|
||||
# avoid loading ikiwiki at all for trusted commits.
|
||||
|
||||
my $ret=<<"EOF";
|
||||
{
|
||||
int u=getuid();
|
||||
EOF
|
||||
$ret.="\t\tif ( ".
|
||||
join("&&", map {
|
||||
my $uid=getpwnam($_);
|
||||
if (! defined $uid) {
|
||||
error(sprintf(gettext("cannot determine id of untrusted committer %s"), $_));
|
||||
}
|
||||
"u != $uid";
|
||||
} @{$config{untrusted_committers}}).
|
||||
") exit(0);\n";
|
||||
$ret.=<<"EOF";
|
||||
asprintf(&s, "CALLER_UID=%i", u);
|
||||
newenviron[i++]=s;
|
||||
}
|
||||
EOF
|
||||
return $ret;
|
||||
} #}}}
|
||||
|
||||
sub test () { #{{{
|
||||
exit 0 if trusted();
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,13 @@ sub gen_wrapper () { #{{{
|
|||
addenv("$var", s);
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
my $test_receive="";
|
||||
if ($config{test_receive}) {
|
||||
require IkiWiki::Receive;
|
||||
$test_receive=IkiWiki::Receive::gen_wrapper();
|
||||
}
|
||||
|
||||
$Data::Dumper::Indent=0; # no newlines
|
||||
my $configstring=Data::Dumper->Dump([\%config], ['*config']);
|
||||
$configstring=~s/\\/\\\\/g;
|
||||
|
|
@ -67,13 +73,12 @@ addenv(char *var, char *val) {
|
|||
}
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
/* Sanitize environment. */
|
||||
char *s;
|
||||
|
||||
$test_receive
|
||||
$envsave
|
||||
newenviron[i++]="HOME=$ENV{HOME}";
|
||||
newenviron[i++]="WRAPPED_OPTIONS=$configstring";
|
||||
asprintf(&s, "CALLER_UID=%i", getuid());
|
||||
newenviron[i++]=s;
|
||||
newenviron[i]=NULL;
|
||||
environ=newenviron;
|
||||
|
||||
|
|
|
|||
|
|
@ -123,11 +123,6 @@ sub getconfig () { #{{{
|
|||
# optimisation for no-op post_commit
|
||||
exit 0;
|
||||
}
|
||||
elsif ($config{test_receive}) {
|
||||
# quick success if the user is trusted
|
||||
require IkiWiki::Receive;
|
||||
exit 0 if IkiWiki::Receive::trusted();
|
||||
}
|
||||
|
||||
loadplugins();
|
||||
checkconfig();
|
||||
|
|
|
|||
Loading…
Reference in New Issue