Allow components to register reserved paths, then perform reserved
path validation it upon request. Reserved paths may be registered as
read-only or no access. Any request to modify an file/folder that is
either reserved or a child of a reserved path is rejected.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Query the detected url and make sure it redirects to the
expected url. This closes a security vulnerability
where a remote could be changed to an arbitrary repo's url.
The `moved_origin` option is no longer necessary, however it
is currently used as an additional check. In the future it will be
deprecated.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Close a security hole where an attacker could overwrite an existing repo
with any remote and run malicious code through an update.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
If the supplied python executable is a symbolic link attempt
to read the location at which it points. If this is a virtualenv
this should give us the correct pip location.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Check for updates every 7 days rather than every 28 days. This
is in preparation of an upcoming beta release.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Use git for-each-ref to retreive tags and their associated commit
hashes. This allows us to limit the amount of tags to 10 and
simplifies the code as the returned objects are already dereferenced.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Don't require the `app_params` argument, instead dynamically
generate the configuration from a dict. This simiplifies AppDeploy
initialization as the internally generated configurations can be
read in the same way as those supplied in moonraker.conf.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
While use of "unofficial" klippy extras an moonraker components
is not officially supported, there is no harm in facilitating
updates for these extensions in the update manager. This adds
configuration which will restart either moonraker or klipper
after an extension is updated.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
When using tempfile.TemporaryDirectory it is possible that
exiting the context will block when attempting to delete
the temporary directory. Don't use the context manager,
instead create and cleanup the temp dir using the default
threadpoolexecutor.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Commit 7401192 introduced a regression where the saved klipper
paths were not loaded into the Update object.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Shallow clones don't report the tag in git describe, so use
git rev-list to extract the tag and prepend it to the version
string.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
If Klipper or its python executable is located at a custom path
this allows moonraker to instantiate its update on startup
rather than wait for Klipper to connect. This also resolves an
issue where Klipper's update state is always refreshed on startup
when its located in a non-default path.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
All requests to update, refresh, recover, or reinstall must acquire
the command lock. Given that the individual Deployment implementations
are not (and should not be) called from outside of a request the locks they
use to prevent unwanted re-entry are redundant, confusing, and could
potential result in a deadlock if used improperly.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
When creating a virtualenv, some operating systems provide
symbolic links back to /usr/bin/python3 rather than copy
the python exectuable over. Previously Moonraker resolved
this symbolic link, resulting in a failure to locate pip.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
