This also removes the outdated comments around authorship of each
file. If there is still interest in this information, one can just
look at the git history.
This will prevent the need to call `SCM.get_latest` in the constructor,
since not all SCM objects need the commit to the branch. It also fixes
the situation where a component's git repo doesn't have a "master" branch.
See https://pagure.io/fm-orchestrator/issue/1224
git-ls-remote accepts paramter refs to just return refs for specific
ones. This refactor uses this parameter to avoid handling full list of
refs from remote repository.
In original code, option --exit-code is passed to git-ls-remote, which
would cause command return exit code 2 when no ref is found from remote
repository. SCM._run raises an error if that happens, but the raised
error is not handled. This refactor catches this error to ensure the
original behavior happens, that is if a ref is not found, treat it as a
commit hash and call SCM.get_full_commit_hash.
Signed-off-by: Chenxiong Qi <cqi@redhat.com>
In particular, test to see if we can pass a branch name with shell
characters, and get MBS to inadvertently execute malicious code.
The test shows that doing this in a straightforward way is not possible
and should guard against any future regressions.
Fixes#329.
