shell script improvements #771
Conversation
This PR makes the shell scripts safer by handling spaces better, as well as quoting arguments that should be quoted, and moving from the legacy `\`backtick\`` syntax to the `$(command substitution)` syntax
|
Having reread the CONTRIBUTING.MD, it seems I was supposed to merge into master, rather than develop? I'd be more than happy to rebase this on master if I receive confirmation that I am indeed supposed to do so. |
|
Some process clarification from
"the PC^2 maintainers to merge your code into the PC^2 master branch and thus make it part of an upcoming public distribution of PC^2." At this time you are not part of the maintainers, so any push you might do to master would
Thanks for the offer, but the maintainers will move the work from PR, to develop, to master. |
|
An issue (bug description) should be created for this PR, we use issues to search for changes the PRs related to any fix. |
|
In the to-be-created issue can you describe why the backtick syntac is less secure? |
|
One of the practices we have is for any PR submitter to test all changes - did you test all 14 scripts? |
these were missed in the original sweep
| else | ||
| echo Could not find archive directory, was pc2zip successful? | ||
| fi | ||
| if [ -d logs ] || [ -d profiles ]; then |
There was a problem hiding this comment.
This change is not related to security, and will require additional testing, there are a number
of rewrites of extisting well tested code.
There was a problem hiding this comment.
I'm sorry, I think you misunderstood my usage of the word "safe" in the description. None of these changes should directly affect the security of the scripts. They simply improve edge-case handling and use more modern shell features to ensure higher success rates across a wide variety of machines.
There was a problem hiding this comment.
This specific change from the [ cond -o cond ] syntax to [ cond ] || [ cond ] syntax should make no measurable difference in a wide majority of cases, however, as these scripts run in /bin/sh, which is often provided by different shells (bash in some systems, dash in others such as mine, etc), it is generally advised to stick to POSIX compatible syntax (such as ||) rather than shell extensions which may not be as portable between machines (such as -o)
There was a problem hiding this comment.
From the POSIX definition of test ([])
expression1 -o expression2
[OB XSI]
True if either expression1 or expression2 is true; otherwise, false. The -o binary primary is left associative.
In which, the [OB XSI] classification is described as:
The functionality described may be removed in a future version of this volume of POSIX.1-2017. Strictly Conforming POSIX Applications and Strictly Conforming XSI Applications shall not use obsolescent features.
As thus, for future compatibility and portability in all POSIX shells (which /bin/sh is supposed to be, regardless of it's implementation), using [ cond ] || [ cond ] is the recommended syntax over the test operator -o.
|
I am not a fan of changing all the |
|
|
||
| # ------------------------------------------------------------ | ||
|
|
||
| euid=$(id -u) |
There was a problem hiding this comment.
The script uses the 'sudo' command on the commands that require root. This script does not necessarily have to run as root, but, as a user than can become root using sudo. I think adding this restriction changes the operation of the script.
There was a problem hiding this comment.
I ran this script on my own machine and it failed due to permissions unless it was run as root (at the echo > ... commands). I can revert this, but perhaps these commands that require higher permissions should be investigated.
A few notable lines: line 74, and line 120
This was an accidental artifact from when I was testing the script.
Some of these Two options here would be:
In my personal use cases, I include a function such as the following to ease this problem: log(){ printf '%s\n' "$@"; } |
According to the POSIX documentation for |
I'm not convinced changing |
This could cause issues with backslashes, but @johnbrvc has requested that echo be used.
|
This PR is now being considered for removal. Here are some reasons: Other reasons |
|
@lane55 Of course I have tested the scripts. I apologize for the lack of a response to your above comment. Following a discussion between 3 different people across both an issue and a PR at the same time regarding different conversations resulted in your comment being missed. I have been waiting for a response from the maintainers of the repository regarding what you want done next. Our last communication was here where I expressed willingness to help and continue the process, but received no reply regarding the next steps. If you don't feel it's worth the time or effort to fix these bugs, then I understand that, however I'd request that this not be closed due solely to inactivity. |
|
@aarondill There is done and done done. Clearly you must have some some testing, Provide step by step detailed instructions about how you tested at least one of the scripts to For our team to approve the PR two of us are required to test all 18 scripts and approve a code review. As indicated above in the comment starting with "This PR is now being considered for removal." |
|
@lane55 I have tested each script included, evidence of which can be found by the bugs found and fixed in these commits: The easiest way to test most of these scripts in to move the I understand that it will take time and effort to test all the scripts and I am happy to help, if possible. I also understand that you may feel that these improvements are not worth your time and effort, and as I stated in the response to your comment about reasons to close this PR, if you do feel it's not worth it to fix these bugs, then I will understand the closer of this PR, however, as stated above, I was simply requesting that this PR is not closed solely due to inactivity while I wait for communication from your team as to testing and further steps. |
|
Would it potentially help these changes be merged if this PR is split into several PRs?
These would then be smaller PRs, which would be easier to test/review individually with simpler diffs. Please let me know what your preferred approach is, as this PR is beginning to become rather old (this is the oldest open PR on this repo), and I'd be happy to do what is necessary to get the changes merged if possible |
We are currently implemented changes and features to support the upcoming contests: PacNW, NAC and WF. Low priority items (such as this one) are kind of on the back burner. We will revisit this at some point, but one of the major problems with a PR such as this is the testing required - and that takes a great deal of time and resources. Since two approvals are required, it means two people have to devote time to doing that, and with so many other more pressing needs, well, it's going to be pushed back. I don't think separating them will make anything easier, in fact, it's more "paperwork" in that we have then create an issue for each, and a PR for each, and that, is more work for everyone on the team. Thanks for your interest in helping us develop PC2! |
Description of what the PR does
This PR makes the shell scripts safer by handling spaces better, as well as quoting arguments, and moving from the legacy
`backtick`syntax to the$(command substitution)syntaxIssue which the PR addresses
Fixes #775
Environment in which the PR was developed (OS, IDE, Java version, etc.)
Only POSIX compliant shell scripts are modified, so my environment should not affect the PR. However, in the event it's still desired, here it is:
Precise steps for testing the PR (i.e., how to demonstrate that it works correctly)
run them, I suppose. I don't believe there was ever a testing mechanism for the shell launch scripts.