If the exectuable in the virtualenv is not "python" attempt to
detect the python executable. Use the pip entry point for the
pip command.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Require that "web" installations provide release info to validate
existing installations. For known web clients provide a fallback
that uses the manifest to validate the installation.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Do not report invalid if the remote or branch does not match
the configured values. In these conditions report them as
"repo_warnings" that frontends may display to the user.
Hard recovery now requires a recovery URL detected from the git
repo's "origin" remote. This closes a potential security issue where a
malicioius repo could be cloned over an installed repo.
Signed-off-by: Eric Callahan <arskine.code@gmail.com>
On machines running instances of Moonraker and Klipper without
the default service names it is necessary to look up their unit names
using systemd.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Allowing only a single part in the regex resulted in repos
without tags being assigned erronous version info. With
this change, the following tags can be parsed:
v1.0
v1.0.2
1.0
1.0.2
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
When converting a semantic version to a list for comparisons
guarantee that the base version has 3 parts.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Allow tags versions with one, two, or three parts. The following
examples are now valid:
v1
v1.3
v1.0,10
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This endpoint allows clients to refresh items on an individual basis
when the "name" parameter is specified. This endpoint replaces
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Re-implement pip updates using a pinned version. A version
check is now always done prior to installing python requirements,
updating when necessary.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Parse system packages and python requirements prior to and after each
updating, using the difference to determine if an update is necessary.
Only the new detected packages are installed unless the "force" variable
is set.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Several components throughout Moonraker determine whether or not
Klipper is printing or is ready before taking action. This centralizes
queries in one area. The checks do not query Klipper directly but
rather rely on subscriptions to push state to Moonraker.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
While the [update_manager client ...] naming convention is
deprecated it should not be disallowed. This fixes service restart
issues using the old naming convention.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
It is possible that the user manually corrected a corrupt repo.
If a repo makes it past initialization reset the corrupt flag.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
It that "git status" will not detect some repo issues, these are only
found after a fetch. When this condition is detected save the repo
state and report that the repo is corrupt and invalid.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
I'm playing with using git submodules to track my entire printer config,
and moonraker only works with separate clones as is. Using `.exists()`
instead of `.is_dir()` allows moonraker to control the submodules.
Signed-off-by: Franklyn Tackitt <git@frank.af>
Allow components to register reserved paths, then perform reserved
path validation it upon request. Reserved paths may be registered as
read-only or no access. Any request to modify an file/folder that is
either reserved or a child of a reserved path is rejected.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Query the detected url and make sure it redirects to the
expected url. This closes a security vulnerability
where a remote could be changed to an arbitrary repo's url.
The `moved_origin` option is no longer necessary, however it
is currently used as an additional check. In the future it will be
deprecated.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Close a security hole where an attacker could overwrite an existing repo
with any remote and run malicious code through an update.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
If the supplied python executable is a symbolic link attempt
to read the location at which it points. If this is a virtualenv
this should give us the correct pip location.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Check for updates every 7 days rather than every 28 days. This
is in preparation of an upcoming beta release.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
