From 62f08354aaae95b07e6710644d1b7c1e6da8b7bd Mon Sep 17 00:00:00 2001
From: Eric Ball <eball@linuxfoundation.org>
Date: Thu, 1 Oct 2020 17:52:22 -0700
Subject: [PATCH] Fix rtd-verify.sh to better validate submodules

rtd-verify.sh was using "git submodule" commands to validate
submodules, but Jenkins reads the .gitmodules file and executes a
"git config" command for each submodule. Because of this, if a bad
submodule was added to .gitmodules, it would pass verify but cause
failures on subsequent builds after it was merged.

This change closes that loophole by reading the .gitmodules file, and
then running through the same "git config" command for each submodule
that Jenkins runs when pulling in the main branch.

Issue: RELENG-2932
Change-Id: Ic0e17d23a4763bd52172dad6b98146444bf4c165
Signed-off-by: Eric Ball <eball@linuxfoundation.org>
---
 releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml | 12 ++++++++++++
 shell/rtd-verify.sh                                     |  3 +++
 2 files changed, 15 insertions(+)
 create mode 100644 releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml

diff --git a/releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml b/releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml
new file mode 100644
index 00000000..e1ad7907
--- /dev/null
+++ b/releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml
@@ -0,0 +1,12 @@
+---
+fixes:
+  - |
+    Fix rtd-verify.sh to better validate submodules. rtd-verify.sh was using
+    "git submodule" commands to validate submodules, but Jenkins reads the
+    .gitmodules file and executes a "git config" command for each submodule.
+    Because of this, if a bad submodule was added to .gitmodules, it would pass
+    verify but cause failures on subsequent builds after it was merged.
+
+    This change closes that loophole by reading the .gitmodules file, and
+    then running through the same "git config" command for each submodule
+    that Jenkins runs when pulling in the main branch.
diff --git a/shell/rtd-verify.sh b/shell/rtd-verify.sh
index a1b1330c..29a991b5 100644
--- a/shell/rtd-verify.sh
+++ b/shell/rtd-verify.sh
@@ -29,6 +29,9 @@ fi
 
 git fetch origin "$GERRIT_REFSPEC" && git checkout FETCH_HEAD
 git submodule update
+for submod in $(git config -f .gitmodules --get-regexp '^submodule\.(.+)\.url' | awk -e '{print $1}'); do
+    git config --get "$submod"
+done
 
 
 # When a new commands are added in lftools, the docs verify job needs to
-- 
2.16.6