From d562136c99322f0536d6e37f9186b9f1395d893d Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Thu, 17 Sep 2020 21:50:52 -0700
Subject: [PATCH] update.sh: use quarantine area for git mirror fetches

Fetch git mirror updates into a quarantine area.

Automatically discard the quarantine area if there is a
problem with the fetch or there are no ref changes fetched.

Avoid using a quarantine area when the mirror is from a
foreign vcs to prevent breaking the foreign vcs state when
the quarantine area is discarded on a bad fetch.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
---
 jobd/update.sh | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/jobd/update.sh b/jobd/update.sh
index f8a74a5..fa1f5d7 100755
--- a/jobd/update.sh
+++ b/jobd/update.sh
@@ -536,6 +536,13 @@ case "$url" in
 					git config --replace-all remote.origin.fetch "+refs/*:refs/*"
 				fi
 			fi
+			if ! create_quarantine; then
+				bang echo ""
+				bang echo "unable to create fetch quarantine area"
+				bang_cmd="create_quarantine"
+				bang_errcode=1
+				bang_failed
+			fi
 		fi
 		# remember the starting time so we can easily detect new packs for fast-import mirrors
 		# we sleep for 1 second after creating .gfipack to make sure all packs are newer
@@ -546,6 +553,8 @@ case "$url" in
 		fi
 		fetcharg="default"
 		git config remotes.default >/dev/null 2>&1 || fetcharg="--all"
+		GIT_DIR=.
+		[ -z "$use_quarantine" ] || GIT_DIR="$incoming_fetch"
 		fetchcmd="git_ulimit fetch"
 		[ "$show_progress" != "0" ] || fetchcmd="git_ulimit fetch -q"
 		if [ -n "$var_have_git_171" ] && [ "${show_progress:-0}" != "0" ]; then
@@ -567,6 +576,7 @@ case "$url" in
 		# not -- a malicious Git-impersonation trying to set refs/heads/... refs
 		# to non-commit objects for example).
 		GIT_SSL_NO_VERIFY=1 bang_catch eval "$fetchcmd" $pruneopt --multiple "$fetcharg"
+		unset GIT_SSL_NO_VERIFY
 		# If we did fetch anything, don't treat it as an error, but do keep the log;
 		# otherwise invoke bang_failed as for a normal failure
 		if [ "${bang_errcode:-0}" != "0" ]; then
@@ -580,6 +590,19 @@ case "$url" in
 				bang_failed
 			fi
 		fi
+		if [ -n "$use_quarantine" ]; then
+			check_after_refs
+			unset GIT_DIR
+			if [ -n "$refschanged" ] && ! unquarantine_updates; then
+				bang echo ""
+				bang echo "unable to unquarantine fetched updates"
+				bang_cmd="unquarantine_updates"
+				bang_errcode=1
+				bang_failed
+			fi
+		else
+			unset GIT_DIR
+		fi
 		if ! is_gfi_mirror_url "$url" && [ "$nextisclean" != "$lastwasclean" ]; then
 			if [ -n "$nextisclean" ]; then
 				# We must manually purge the unclean refs now as even prune won't do it
-- 
2.11.4.GIT