[pacman-dev] [PATCH 2/2] makepkg: check if $dir is a local clone of the right git repo

[Mohammad Alsaleh]

Before this patch, makepkg does not check if $dir is a local clone of
the right repo.

For example, git fetch would be run even if $dir is not a local
bare clone of a git repo in present in source(), but a subdir of
a checked-out one. That means makepkg can potentially fetch from
a completely unrelated remote and update completely unrelated
dirs/files.

This patch adds a check to make sure we are fetching from the right
remote.

Signed-off-by: Mohammad Alsaleh <msal at mail.i2p>
---
 scripts/makepkg.sh.in | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 6c0e821..7ec523c 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -404,8 +404,14 @@ download_git() {
 			exit 1
 		fi
 	elif (( ! HOLDVER )); then
-		msg2 "$(gettext "Updating %s %s repo...")" "${repo}" "git"
 		cd_safe "$dir"
+		# Make sure we are fetching the right repo
+		if [[ "$url" != "$(git config --get remote.origin.url)"  ]] ; then
+			error "$(gettext "%s is not a clone of %s")" "$dir" "$url"
+			plain "$(gettext "Aborting...")"
+			exit 1
+		fi
+		msg2 "$(gettext "Updating %s %s repo...")" "${repo}" "git"
 		if ! git fetch --all -p; then
 			# only warn on failure to allow offline builds
 			warning "$(gettext "Failure while updating %s %s repo")" "${repo}" "git"
-- 
1.7.11.4