Commit Graph

17 Commits

Author SHA1 Message Date
Alexey Tourbin
2b1c36538f find-package: implemented protection against shell metacharacters and evil paths
There are two possibilities for protection:
1) we should protect at least from very evil shell metacharacters,
like [$*], and also from [:cntrl:] (e.g. newline).
2) we can provide an exhaustive list of characters that are valid
for non-evil pathnames and commands, and issue mandatory warning
if the command or path appears to be evil.

I chose the latter approach.
Valid character range is 'A-Za-z0-9/@=.,:_+-'.

Note that (almost) all files from our base build system
are valid paths:

$ valid='A-Za-z0-9/@=.,:_+-'
$ hsh-run -- rpm -qal |grep "[^$valid]"
/usr/bin/[
/usr/share/man/man1/[.1.bz2
(contains no files)
(contains no files)
$

Later we'll see if the range of valid characters needs to be extended.
2007-09-10 13:32:26 +04:00
Alexey Tourbin
7b199c08da shell.req: use "file -bL" 2007-08-28 02:12:58 +04:00
Alexey Tourbin
806a7e6491 shell.req: reworked
Now "sh --rpm-requires" failures are always verbose:

$ ln -s /usr/lib/rpm @RPMCONFIGDIR@
$ scripts/shell.req.in /usr/lib/rpm/tcl.req
/usr/lib/rpm/tcl.req: line 32: syntax error near unexpected token `}'
/usr/lib/rpm/tcl.req: line 32: `}'
shell.req.in: /usr/lib/rpm/tcl.req is ${RPM_TCLSH:-/usr/bin/tclsh} script!
shell.req.in: /usr/lib/rpm/tcl.req: invalid pathname ${RPM_TCLSH:-/usr/bin/tclsh}
$ echo $?
0
$

$ scripts/shell.req.in /usr/bin/perldoc
/usr/bin/perldoc: line 6: syntax error near unexpected token `Pod::Perldoc-'
/usr/bin/perldoc: line 6: `exit( Pod::Perldoc->run() );'
shell.req.in: /usr/bin/perldoc: /bin/sh --rpm-requires failed
$ echo $?
1
$
2007-08-28 01:22:46 +04:00
Alexey Tourbin
60ca916d3b shell.req.in: quote grep arguments with "--"
There's a bug in "sh --rpm-requires" mode:

$ sh --rpm-requires /dev/stdin <<<'exec -a PERL /usr/bin/perl'
executable(-a)
$

Then "-a" is passed to grep as its first argument (search pattern).
2007-08-03 19:04:29 +04:00
Alexey Tourbin
b8c1488e12 shell.req: better error diagnostics 2007-03-12 15:05:57 +03:00
Alexey Tourbin
e69e87503e scripts/shell.req.in: fixed sed filter
See my previous commit.  It goes like this:

$ /usr/lib/rpm/shell.req -v /usr/bin/buildreq
shell.req: /usr/bin/buildreq: cat -> /bin/cat -> coreutils (via rpmdb)
shell.req: /usr/bin/buildreq: cmp -> /usr/bin/cmp -> diffutils (via rpmdb)
shell.req: /usr/bin/buildreq: function(Info) not found (skip)
shell.req: /usr/bin/buildreq: function(show_help) not found (skip)
shell.req: /usr/bin/buildreq: function(show_usage) not found (skip)
shell.req: /usr/bin/buildreq: rm -> /bin/rm -> coreutils (via rpmdb)
shell.req: /usr/bin/buildreq: sed -> /bin/sed -> sed (via rpmdb)
coreutils
diffutils
sed
$

I argue that this behaviour, i.e. function(Info) processing, is erroneous.
There are two reasons: 1) it is impossible to resolve function(Info) neither
via FindPackage nor via .provides.sh (the latter has just plain function names);
2) the fact that Info has been detected as function means that Info() function
is defined in the very same file, i.e. /usr/bin/buildreq.  This means that
function(Info) is self-provided dependency and thus should not be processed
at all.
2007-03-11 15:00:27 +03:00
Alexey Tourbin
6dd0803866 adapted shell.req and shell.prov
1) added scripts/shell.req.files and scripts/shell.prov.files.
scripts/shell.req.files has new patterns for '/usr/bin/env bash'
and '/bin/ash'.

2) adapted scripts/shell.req.in and scripts/shell.prov.in
by using ArgvFileAction.  Also made them work with empty RPM_BUILD_ROOT.

Note: now shell.req produces dependencies from .provides.sh even
if the latter is inside RPM_BUILD_ROOT.  The reason is that .provides.sh
and the script can reside in two different subpackages (and otherwise,
rpm will optimize out the dependency).

3) removed corresponding old code from autodeps/linux.req.in
and autodeps/linux.prov.in.
2007-03-11 15:00:23 +03:00
5416277102 Removed cvsid tags. 2006-05-14 17:05:34 +04:00
1eedbeba03 redirect test run of bash --rpm-requires to /dev/null 2005-07-01 10:46:58 +00:00
4eae428069 use /bin/bash for Bourne-Again shell scripts, and /bin/sh for all the rest 2005-06-29 18:21:40 +00:00
ebc53cf631 use functions 2003-11-09 16:47:45 +00:00
8b81f418b6 use functions 2003-11-09 16:30:18 +00:00
243abe98b9 use printf instead of echo where appropriate 2003-11-07 17:56:45 +00:00
7b8bc46bfe Implemented shell functions requires/provides autodetection 2003-04-25 16:51:52 +00:00
b8fa98159d minor code cleanups 2003-04-22 14:24:35 +00:00
f9ad206e5c updated copyright information 2003-02-01 17:48:24 +00:00
8b8d4d39aa sync with rpm4 branch: added new files 2002-03-25 20:37:46 +00:00