From a4ea82b671c7841cdf1e3417723e27fdac26f598 Mon Sep 17 00:00:00 2001
From: Ontje Lünsdorf <ontje.luensdorf@dlr.de>
Date: Fri, 11 Nov 2022 21:09:21 +0100
Subject: gnu: python-check-manifest: Relax git security settings in tests.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* gnu/packages/python-xyz.scm (python-check-manifest)[arguments]:
  Allow git submodule commands via file protocol during testing.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
 gnu/packages/python-xyz.scm | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index c5ab9280eb..975b698374 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -25584,6 +25584,17 @@ also be usable with other GSSAPI mechanisms.")
     (build-system python-build-system)
     (native-inputs
      (list python-mock git))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; Tests use git submodule commands over the file transport, which
+         ;; has been disabled in git, see CVE-2022-39253. Enable these
+         ;; commands to allow checks to succeed.
+         (add-before 'check 'allow-git-submodule-add
+           (lambda _
+             (setenv "HOME" "/tmp")
+             (invoke "git" "config" "--global"
+                     "protocol.file.allow" "always"))))))
     (home-page "https://github.com/mgedmin/check-manifest")
     (synopsis "Check MANIFEST.in in a Python source package for completeness")
     (description "Python package can include a MANIFEST.in file to help with
-- 
cgit v1.2.3