privacy-in-design/gitea-migration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enhance cleanup and setup_git_auth functions for improved security

Browse Source
This commit is contained in:
S
2026-03-01 08:16:37 -05:00
parent 924401a387
commit 8403ea47c0
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phase9_security.sh
View File

@@ -32,6 +32,7 @@ TEMP_BASE="/tmp/gitea-migration-security"
GITEA_BASE_URL="${GITEA_INTERNAL_URL%/}" GITEA_BASE_URL="${GITEA_INTERNAL_URL%/}"
ASKPASS_SCRIPT="" ASKPASS_SCRIPT=""
# Clean up cloned repos and ephemeral auth script on exit (even on failure).
cleanup() { cleanup() {
rm -rf "$TEMP_BASE" rm -rf "$TEMP_BASE"
if [[ -n "$ASKPASS_SCRIPT" ]]; then if [[ -n "$ASKPASS_SCRIPT" ]]; then
@@ -40,6 +41,9 @@ cleanup() {
} }
trap cleanup EXIT trap cleanup EXIT
# Create an ephemeral GIT_ASKPASS script so tokens are never embedded in
# git remote URLs. Git calls this script with "Username for ..." or
# "Password for ..." and the script responds from environment variables.
setup_git_auth() { setup_git_auth() {
ASKPASS_SCRIPT=$(mktemp) ASKPASS_SCRIPT=$(mktemp)
cat > "$ASKPASS_SCRIPT" <<'EOF' cat > "$ASKPASS_SCRIPT" <<'EOF'