Fix rtd-verify.sh to better validate submodules

rtd-verify.sh was using "git submodule" commands to validate
submodules, but Jenkins reads the .gitmodules file and executes a
"git config" command for each submodule. Because of this, if a bad
submodule was added to .gitmodules, it would pass verify but cause
failures on subsequent builds after it was merged.

This change closes that loophole by reading the .gitmodules file, and
then running through the same "git config" command for each submodule
that Jenkins runs when pulling in the main branch.

Issue: RELENG-2932
Change-Id: Ic0e17d23a4763bd52172dad6b98146444bf4c165
Signed-off-by: Eric Ball <eball@linuxfoundation.org>

diff --git a/releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml b/releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml
new file mode 100644 (file)
index 0000000..e1ad790
--- /dev/null
+++ b/releasenotes/notes/rtd-verify-fix-606efc9b6387b494.yaml
@@ -0,0 +1,12 @@
+---
+fixes:
+  - |
+    Fix rtd-verify.sh to better validate submodules. rtd-verify.sh was using
+    "git submodule" commands to validate submodules, but Jenkins reads the
+    .gitmodules file and executes a "git config" command for each submodule.
+    Because of this, if a bad submodule was added to .gitmodules, it would pass
+    verify but cause failures on subsequent builds after it was merged.
+
+    This change closes that loophole by reading the .gitmodules file, and
+    then running through the same "git config" command for each submodule
+    that Jenkins runs when pulling in the main branch.

diff --git a/shell/rtd-verify.sh b/shell/rtd-verify.sh
index a1b1330..29a991b 100644 (file)
--- a/shell/rtd-verify.sh
+++ b/shell/rtd-verify.sh
@@ -29,6 +29,9 @@ fi
 
 git fetch origin "$GERRIT_REFSPEC" && git checkout FETCH_HEAD
 git submodule update
+for submod in $(git config -f .gitmodules --get-regexp '^submodule\.(.+)\.url' | awk -e '{print $1}'); do
+    git config --get "$submod"
+done
 
 
 # When a new commands are added in lftools, the docs verify job needs to