gnu: python-check-manifest: Relax git security settings in tests.

* gnu/packages/python-xyz.scm (python-check-manifest)[arguments]: Allow git submodule commands via file protocol during testing. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
author: Ontje Lünsdorf <ontje.luensdorf@dlr.de> 2022-11-11 21:09:21 +0100
committer: Ludovic Courtès <ludo@gnu.org> 2022-11-19 19:54:14 +0100
commit: a4ea82b671c7841cdf1e3417723e27fdac26f598 (patch)
tree: 904b7bd5312fdacd1a5c9f6b31c3d896c16da215
parent: 45fe602602d83a85b67bb6ed6c7ff5964af9e68d (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index c5ab9280eb..975b698374 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -25584,6 +25584,17 @@ also be usable with other GSSAPI mechanisms.")
     (build-system python-build-system)
     (native-inputs
      (list python-mock git))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; Tests use git submodule commands over the file transport, which
+         ;; has been disabled in git, see CVE-2022-39253. Enable these
+         ;; commands to allow checks to succeed.
+         (add-before 'check 'allow-git-submodule-add
+           (lambda _
+             (setenv "HOME" "/tmp")
+             (invoke "git" "config" "--global"
+                     "protocol.file.allow" "always"))))))
     (home-page "https://github.com/mgedmin/check-manifest")
     (synopsis "Check MANIFEST.in in a Python source package for completeness")
     (description "Python package can include a MANIFEST.in file to help with
author	Ontje Lünsdorf <ontje.luensdorf@dlr.de>	2022-11-11 21:09:21 +0100
committer	Ludovic Courtès <ludo@gnu.org>	2022-11-19 19:54:14 +0100
commit	a4ea82b671c7841cdf1e3417723e27fdac26f598 (patch)
tree	904b7bd5312fdacd1a5c9f6b31c3d896c16da215
parent	45fe602602d83a85b67bb6ed6c7ff5964af9e68d (diff)