Mypy doesn't like some annotation in web.py,
this commits aims at pleasing it.

Some terminals with a small number of column
could wrap the cli's output in a way that
would make the testsuite fail.
This commit break the tests in several smaller one
to mitigate this.

This issue was originally reported by eleius
[here](https://github.com/actionless/pikaur/issues/433), and forwarded as #153.

Mounting new, empty filesystem on /tmp makes impossible to use mat2 for manipulating files stored there. Especially it breaks running tests while creating package and using /tmp as temporary builddir which is common setup in Arch Linux:
https://aur.archlinux.org/packages/mat2/#comment-721221

Ivy Fay authored 5 years ago and georg committed 5 years ago

This switches to use "python3 -m unittest discover -v" onevery distro.

georg authored 5 years ago and jvoisin committed 5 years ago

Closes #131

There is a bug in Python3.8 (https://bugs.python.org/issue38688)
triggering an infinite recursion when copying a tree
in a subfolder of the current one. We're working around it
by using a list instead of an iterator, so that Python
won't "discover" the target folder as part of the source files.

This should fix #130

It seems, despite the name, both packages depend on Python 3. However,
pylint3 seems deprecated, and upstream recommends to install pylint:
https://www.pylint.org/#install

The current versions of both packages in Debian unstable are:
pylint  2.4.4-1
pylint3 2.2.2-1

This commit fixes failing CI jobs due to the use of pylint3 2.2.2-1,
which seems broken.

Mat2 (the cli) will now copy the input file permissions
to the output file.

Due to bubblewrap's pickiness, mat2 can now be run
without a sandbox, even if bubblewrap is installed.

Apparently, abstractstaticmethod is deprecated
since python3.3.

madaidan authored 5 years ago and jvoisin committed 5 years ago

This mounts a new tmpfs on /tmp so any files residing there would be hidden
from the sandbox. Many programs store some files in there that might be useful
to an attacker.  It also drops all capabilities incase it is ever run with
extra capabilities for whatever reason.

On some machines (like mine), `/proc` has to be mounted.  Also, since
sandboxing with bubblewrap is best effort and assumes that an attacker doesn't
have control outside of the file to clean, it's safe to __try__ to enable some
bubblewrap features, and to silently fail otherwise.

This is related to the previous commit

nsids are random identifiers, usually used to ease merging
between documents, and can trivially be used for fingerprinting.