Commit Graph

102 Commits

Author SHA1 Message Date
Frantisek Hrbata
99f9dd4c07 feat(docker): allow to add paths into git's safe.directory
With 8959555cee7e[1] ("setup_git_directory(): add an owner check for the top..")
git added an ownership check of the git directory and refuses to
run any git commands, even parsing the config file, if the git directory
is not owned by the current user. The "fatal: detected dubious ownership in repository"
is reported.

This fixes CVE-2022-24765[2], which allows to compromise user account. On a
multi-user system or e.g. on a shared file system, one user may create a "rogue"
git repository with e.g. core.fsmonitor set to an arbitrary command. Other user
may unwillingly execute this command by running e.g. git-diff or
git-status within the "rogue" git repository, which may be in one of the parent
directories. If e.g. PS1 is set to display information about a git
repository in CWD, as suggested in Git in Bash[3], the user do not need to run
any git command to trigger this, just entering some subdirectory under
this "rogue" git repository is enough, because the git command will be
started transparently through the script used in PS1. The core.fsmonitor
can be set to arbitrary command. It's purpose is to help git to identify changed files
and speed up the scanning for changed files.

rogue
├── .git     # owned by user1
└── dir1     # owned by user2
    ├── dir2 # owned by user2
    └── .git # owned by user2

user1 sets core.fsmonitor for git repository in rogue directory
$ git config --add core.fsmonitor "bash -c 'rm -rf \$HOME'"

user2 enters dir1 and runs e.g. git diff and triggers the core.fsmonitor command.

The ownership check may cause problems when running git commands in
ESP-IDF Docker container. For example user may run the container as
root, but the mounted project may be owned by a particular user.

In this case git will refuse to execute any git command within the
"/project" directory, because it's not owned by root. To overcome this,
git allows to set safe.directories, for which the ownership check is
skipped. The security check may be completely disabled by setting
safe.directories to "*". This solution was proposed in PR 12636[4], but
it would allow make it possible to exploit this vulnerability again.

This fix allows user to specify git's safe.directory in IDF_GIT_SAFE_DIR
environmental variable, which may be set during container startup.

The IDF_GIT_SAFE_DIR has same format as PATH and multiple directories can be
specified by using a ":" separator. To entirely disable this git security check
within the container, user may set IDF_GIT_SAFE_DIR='*'. This might be
heplfull in CI.

Closes https://github.com/espressif/esp-idf/pull/12636

[1] - 8959555cee
[2] - https://nvd.nist.gov/vuln/detail/cve-2022-24765
[3] - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
[4] - https://github.com/espressif/esp-idf/pull/12636

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-12-01 08:23:16 +01:00
Shang Zhou
c14d05ff61 docs: Update CN translation for api-guides/tools/idf-monitor.rst 2023-11-27 09:38:39 +01:00
Peter Dragun
c0e8969afa fix(tools/monitor): fix PRINT_FILTER env variable usage 2023-11-27 09:37:36 +01:00
Anton Maklakov
be79c75b64 feat(tools): Add QEMU 8.0.0_20230522 to tools.json
Process wildcards in the install and download lists of idf_tools
    Fix the install and download handlers to get common behaviour
2023-10-11 12:28:47 +07:00
Jakub Kocka
2c3c4adaa3 docs(docker): Update Using Remote Serial Port chapter
By default some shells such as zsh has NOMATCH option set (https://zsh.sourceforge.io/Doc/Release/Options.html).
The root cause of the problem is that while bash expands the parameter to itself if it does not match any filename, the zsh reports an error. IOW if we do % setopt nonomatch it will work even in zsh.

Closes https://github.com/espressif/esp-idf/issues/12060
2023-09-08 09:15:30 +02:00
Roland Dobai
84e5d91b4e Merge branch 'docs/uninstall_idf_v5.1' into 'release/v5.1'
docs(idf-tools): Add uninstallation instructions (backport v5.1)

See merge request espressif/esp-idf!25494
2023-08-25 14:27:54 +08:00
Shang Zhou
3a3c9a73f0 docs: Update CN translation for get-started/index.rst 2023-08-23 11:19:43 +02:00
radim.karnis
4e88f767cd docs(idf-tools): Add uninstallation instructions 2023-08-23 11:19:33 +02:00
radim.karnis
c4b984734f docs(esp_idf_monitor): ROM ELF address decoding 2023-07-27 06:50:36 +00:00
Cai Xin Ying
6f253e2d37 docs: add CN translation for api-guides/tools/idf-py.rst (backport v5.1) 2023-07-11 16:34:23 +08:00
Peter Dragun
49718b20a5 bug(idf_monitor): fix color on windows with hints
Closes https://github.com/espressif/esp-idf/issues/9610
2023-04-21 14:42:26 +02:00
Peter Dragun
64be67e59d docs(docker): update instructions for esp_rfc2217_server 2023-03-20 10:53:05 +01:00
Frantisek Hrbata
0788616626 docs: add info how to access serial port inside docker via rfc2217
On Windows/Mac the serial port cannot be access directly inside
docker container. This is already mentioned in the documentation.
This expands the documentation for steps which can be used to overcome
this limitation by using remote serial port access via telnet protocol.

Closes https://github.com/espressif/esp-idf/issues/10617

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-02-21 15:02:48 +01:00
Roland Dobai
afe554c753 Tools: Allow custom Python installation path with IDF_PYTHON_ENV_PATH
IDF_PYTHON_ENV_PATH is the path where the Python environment is created
and used. By default it is inside IDF_TOOLS_PATH. IDF_PYTHON_ENV_PATH
was exported by idf_tools.py but was not imported back. This fixes the
issue and ESP-IDF will honor the value of IDF_PYTHON_ENV_PATH.

Closes https://github.com/espressif/esp-idf/issues/10489
2023-02-14 17:26:04 +01:00
Roland Dobai
648b1a41c6 Merge branch 'bugfix/dbg_target_hints' into 'master'
tools: enable hints for debug targets

Closes IDF-5795

See merge request espressif/esp-idf!22198
2023-02-10 17:25:27 +08:00
Frantisek Hrbata
08c9a7b520 tools: add new outdated option for idf_tools.py list
This adds a new outdated option, which only lists outdated
packages installed in IDF_TOOLS_PATH. It searches for the
latest installed tool version in the IDF_TOOLS_PATH/tools path and
compares it against the latest available version in the tools.json
file. If the latest version of a tool installed in IDF_TOOLS_PATH/tools
is smaller, it's reported as outdated. Nothing is reported if the tool
is up to date.

Two new tests are added. First just checks if nothing is reported in
case there is no update available. The second artificially generates
new tools.json file called tools.outdated.json and sets XTENSA_ESP32_ELF
version to 'zzzzzz'. It then checks if the XTENSA_ESP32_ELF tool
is reported as outdated by the 'zzzzzz' version.

Description of the new outdated option is addedd to docs as well.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-02-09 10:25:45 +01:00
Frantisek Hrbata
4b5e56e08c docs: hints are supported for gdbui and openocd
Hints should be now working for gdbui and openocd. They are not
produced via RunTool(), but the hints are used directly.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-02-03 14:59:28 +01:00
Peter Dragun
3e3533f918 feat(idf_monitor): move idf_monitor to separate repo 2023-02-03 11:20:15 +01:00
Marius Vikhammer
c7a41fb860 docs: update system api guides and intr chapters for C6 and H2 2023-01-29 16:15:36 +08:00
Shang Zhou
1089065b02 docs: Update CN translation for idf-monitor.rst 2023-01-03 13:22:26 +01:00
Roland Dobai
17286337ea Tools: IDF Monitor: Determine possible instruction addresses based on ELF segments 2023-01-03 13:22:26 +01:00
Fu Hanxi
17224f3254 component manager: add build property DEPENDENCIES_LOCK
closes https://github.com/espressif/esp-idf/issues/9394
2022-12-13 15:25:19 +08:00
Alexey Gerenkov
55bd4a74cd tools: Replace 'xtensa-clang' with 'esp-clang' 2022-11-22 17:30:14 +03:00
laokaiyao
8677216576 esp32h2: renaming esp32h2 to esp32h4 2022-11-08 17:05:33 +08:00
Roland Dobai
40b48a5393 Merge branch 'tools/idf_py_size_output_file_opt' into 'master'
tools: Add --output-file argument to idf.py size commands

Closes IDF-5954

See merge request espressif/esp-idf!20354
2022-10-10 15:54:00 +08:00
Roland Dobai
d50f574a31 Tools: The Python dependency checker should not update the constraint file
The Python dependency checker called from the export scripts and before
build remains offline, i.e. it will use the previously downloaded
constraint file but won't download a newer version.

Related to https://github.com/espressif/esp-idf/pull/9328
2022-10-03 11:39:28 +02:00
Djordje Nedic
09e61e8a23 tools: Add --output-file argument to idf.py size commands
This commit ads the corresponding --output-file option from idf_size.py to idf.py.

This is needed because piping the idf.py size output to a file would result in CMake output being present in the file as well.
2022-09-27 15:41:36 +02:00
Alexey Lapshin
fd2846c95e tools: add esp-rom-elfs version '20220823' 2022-09-21 22:39:03 +04:00
Alexey Lapshin
a9bd454529 tools: update esp32ulp-elf to v2.35_20220830
Closes https://github.com/espressif/esp-idf/issues/6432
Closes https://github.com/espressif/binutils-esp32ulp/issues/23
2022-09-13 12:55:48 +04:00
Roland Dobai
84acc58d3c Merge branch 'fix/disable_idf_py_moinitor_hints' into 'master'
Tools: Disable idf.py hints for IDF Monitor

Closes IDFGH-8110

See merge request espressif/esp-idf!19782
2022-08-29 22:51:55 +08:00
Djordje Nedic
5ee663d592 tools: Add CSV support to idf_size.py
This adds CSV support to idf_size.py and idf.py size actions and using the --format argument which accepts 'text', 'json' or 'csv' as input.

idf_size.py --json argument is deprecated but left to avoid a breaking change.

For idf.py size actions OUTPUT_JSON environment variable set at configuration time is overriden at target build time if --format is used.

Additionally, this commit refactors big parts of code, unified usage of json_dict and manually generated dictionaries for textual output and improves code quality in many parts.
2022-08-26 15:34:21 +02:00
Roland Dobai
ff38cb8e0d Tools: Disable idf.py hints for IDF Monitor
The feature will be re-enabled later after a proper fix for the
following Github issue.

Closes https://github.com/espressif/esp-idf/issues/9610
2022-08-25 14:53:41 +02:00
Roland Dobai
152ce8884b Tools: Fix idf.py hints to be enabled all the time and being able to disable them 2022-08-15 13:01:39 +02:00
Roland Dobai
de37f9dc33 Tools: Disable Python constraint files with environment variable
Constraint files can be disabled with environment variable as well which
is useful when one uses the install/export scripts instead of
idf_tools.py directly. This is option is useful for offline build as
well.

Closes https://github.com/espressif/esp-idf/issues/9263
2022-07-14 11:25:29 +02:00
Wang Fang
a8aead1986 Merge branch 'docs/update_ide_documentation' into 'master'
docs: deleted IDE documentation and provided links to these IDE GitHub repos

Closes DOC-3254, DOC-2982, and DOC-2961

See merge request espressif/esp-idf!18627
2022-07-08 09:35:13 +08:00
Wang Fang
c69908e976 docs: deleted IDE documentation and provided links to these IDE GitHub repos 2022-07-07 18:14:26 +08:00
Roland Dobai
12e8f0ba8c Merge branch 'feature/auto_hints_with_ci_fix' into 'master'
idf.py: Add automated hints on how to resolve errors with fix for ci

Closes IDF-4511, IDF-4512, and IDF-4631

See merge request espressif/esp-idf!18759
2022-07-06 21:05:33 +08:00
Anton Maklakov
a5d6a93c3c Merge branch 'bugfix/clang-tidy-for-esp32s3' into 'master'
tools: fix clang-tidy work for esp32s2 and esp32s3

Closes RDT-228 and IDFGH-7756

See merge request espressif/esp-idf!18773
2022-07-06 19:49:42 +08:00
simon.chupin
43c69f0910 idf.py: Add automated hints on how to resolve errors 2022-07-04 08:15:23 +00:00
Anton Maklakov
0bbfff4382 docs(idf.py): clarify clang-tidy setup 2022-07-01 10:32:49 +07:00
Marek Fiala
90a69c4490 Tools: --disable-* argument for removing features
Optional argument --disable-* for removing features in install scripts.
2022-06-30 12:31:59 +02:00
Roland Dobai
8dddb8b596 Revert "Merge branch 'feature/clippy' into 'master'"
This reverts merge request !16998
2022-06-29 16:46:47 +08:00
simon.chupin
c6a6eaeb60 idf.py: Add automated hints on how to resolve errors 2022-06-23 14:09:34 +02:00
daiziyan
59453d0e78 docs: update CN translation for idf-monitor.rst 2022-05-30 20:55:37 +08:00
Ivan Grokhotkov
212cbc3fb6
tools/docker: add README.md file to be displayed on Docker Hub
Closes https://github.com/espressif/esp-idf/issues/7933
2022-05-26 03:44:13 +02:00
Ivan Grokhotkov
ec96adae2b
docs: document build arguments of the Docker image 2022-05-26 03:31:22 +02:00
Roland Dobai
6cbe0ceaa7 Merge branch 'feature/enable_component_manager_by_default_for_pure_cmake' into 'master'
tools: Enable the component manager by default in CMake

Closes IDF-4322

See merge request espressif/esp-idf!17724
2022-05-13 15:39:01 +08:00
Martin Gano
89f754183e Merge branch 'contrib/github_pr_8788' into 'master'
Add idf.py monitor argument --no-reset (-R) (GitHub PR)

Closes IDFGH-7189, IDFGH-7301, and IDFGH-5963

See merge request espressif/esp-idf!18010
2022-05-10 23:34:37 +08:00
Martin Gaňo
c02c0cc9b7 Tools: Add --no-reset option for IDF Monitor in order to avoid resetting the chip target upon connection
Closes https://github.com/espressif/esp-idf/issues/8889

Closes IDFGH-7189, IDFGH-7301, IDFGH-5963

Closes https://github.com/espressif/esp-idf/issues/7651

Merges https://github.com/espressif/esp-idf/pull/8788
2022-05-10 14:19:37 +02:00
Sergei Silnov
69cf85e6a6 tools: Enable the component manager by default in CMake 2022-05-03 17:38:36 +02:00