Debian Bug report logs - #528963
schroot: copyfile does not expand variables

version graph

Package: schroot; Maintainer for schroot is Christoph Biedl <debian.axhn@manchmal.in-ulm.de>; Source for schroot is src:schroot (PTS, buildd, popcon).

Reported by: Detlef Vollmann <dv@vollmann.ch>

Date: Sat, 16 May 2009 18:12:02 UTC

Severity: wishlist

Found in version 1.2.2

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian buildd-tools Developers <buildd-tools-devel@lists.alioth.debian.org>:
Bug#528963; Package schroot. (Sat, 16 May 2009 18:12:04 GMT) (full text, mbox, link).

Acknowledgement sent to Detlef Vollmann <dv@vollmann.ch>:
New Bug report received and forwarded. Copy sent to Debian buildd-tools Developers <buildd-tools-devel@lists.alioth.debian.org>. (Sat, 16 May 2009 18:12:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Detlef Vollmann <dv@vollmann.ch>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: schroot: copyfile does not expand variables
Date: Sat, 16 May 2009 20:08:47 +0200
[Message part 1 (text/plain, inline)]
Package: schroot
Version: 1.2.2
Severity: wishlist

Sometimes I want to copy user specific files.
Instead of hardcoding the username in the respective copyfiles list,
I'd like to use ${AUTH_USER}.
With the attached patch, this works.

  Detlef Vollmann

[copyfiles-eval-path.patch (text/x-diff, inline)]
--- bin/schroot/setup/20copyfiles	2009-03-22 23:08:01.000000000 +0100
+++ bin/schroot/setup/20copyfiles.new	2009-05-16 19:51:45.000000000 +0200
@@ -70,6 +70,7 @@
     if [ -n "$COPYFILES" ]; then
 	if [ -f "$COPYFILES" ]; then
 	    while read file; do
+		file=`eval "echo $file"`
 		if echo "$file" | grep -q '^/'; then
 		    copy_file "$file" "${CHROOT_PATH}$file"
 		else

Information forwarded to debian-bugs-dist@lists.debian.org, Debian buildd-tools Developers <buildd-tools-devel@lists.alioth.debian.org>:
Bug#528963; Package schroot. (Sun, 17 May 2009 11:27:05 GMT) (full text, mbox, link).

Acknowledgement sent to Roger Leigh <rleigh@codelibre.net>:
Extra info received and forwarded to list. Copy sent to Debian buildd-tools Developers <buildd-tools-devel@lists.alioth.debian.org>. (Sun, 17 May 2009 11:27:06 GMT) (full text, mbox, link).

Message #10 received at 528963@bugs.debian.org (full text, mbox, reply):

From: Roger Leigh <rleigh@codelibre.net>
To: Detlef Vollmann <dv@vollmann.ch>, 528963@bugs.debian.org
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: [buildd-tools-devel] Bug#528963: schroot: copyfile does not expand variables
Date: Sun, 17 May 2009 13:24:26 +0100
On Sat, May 16, 2009 at 08:08:47PM +0200, Detlef Vollmann wrote:
> Package: schroot
> Version: 1.2.2
> Severity: wishlist
>
> Sometimes I want to copy user specific files.
> Instead of hardcoding the username in the respective copyfiles list,
> I'd like to use ${AUTH_USER}.
> With the attached patch, this works.

Thanks for the patch.

I'm not really sure if this is something we should be allowing.
It exposes internal details of how the scripts work in the configuration
files, which makes it hard to change them in the future once people
start relying on them.  I can see that it's useful, but I do want to
consider some of the long-term implications as well as its immediate
usefulness.

Is the eval strictly necessary?  Likewise the use of backticks [$() is
a better choice, by the way]?  Is there any other way of accomplishing
the same thing in the script?

Also, will this work for files with spaces in the name?


Thanks,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian buildd-tools Developers <buildd-tools-devel@lists.alioth.debian.org>:
Bug#528963; Package schroot. (Mon, 18 May 2009 22:39:09 GMT) (full text, mbox, link).

Acknowledgement sent to Detlef Vollmann <dv@vollmann.ch>:
Extra info received and forwarded to list. Copy sent to Debian buildd-tools Developers <buildd-tools-devel@lists.alioth.debian.org>. (Mon, 18 May 2009 22:39:09 GMT) (full text, mbox, link).

Message #15 received at 528963@bugs.debian.org (full text, mbox, reply):

From: Detlef Vollmann <dv@vollmann.ch>
To: Roger Leigh <rleigh@codelibre.net>
Cc: 528963@bugs.debian.org, Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: [buildd-tools-devel] Bug#528963: schroot: copyfile does not expand variables
Date: Tue, 19 May 2009 00:08:28 +0200
Roger Leigh wrote:
> On Sat, May 16, 2009 at 08:08:47PM +0200, Detlef Vollmann wrote:
>> Package: schroot
>> Version: 1.2.2
>> Severity: wishlist
>>
>> Sometimes I want to copy user specific files.
>> Instead of hardcoding the username in the respective copyfiles list,
>> I'd like to use ${AUTH_USER}.
>> With the attached patch, this works.
> 
> Thanks for the patch.

> I'm not really sure if this is something we should be allowing.
I'm not sure what you mean here:
 a - use of 'AUTH_USER'
 b - use of variable expansion in COPYFILES

a: it's documented in schroot-setup(5)
b: well, it make things clearer.
My previous approach (on a version that didn't have COPYFILES)
used another setup file to copy these files.
But with COPYFILES all files to be copied seemed to be in one
list, so I added my files there as well -- but I needed
user specific paths.

> It exposes internal details of how the scripts work in the configuration
> files, which makes it hard to change them in the future once people
> start relying on them.
Hmmm, I think the interface (i.e. using normal shell variable expension
syntax) is a natural one, and yes, I'd expect that this would work
in the future as well (however it's implemented).

> Is the eval strictly necessary?
I don't know any other way to implement this in bash (or Posix shell).
I understand that 'eval' is some kind of security risk, as the setup
script is run as root.
So if the script-config file or the copyfiles file is writeable by
a non-root user then it opens a big security hole.
But if files in /etc/schroot are writeble by non-root users you
probably have a security hole anyway.

>  Likewise the use of backticks [$() is
> a better choice, by the way]?
I agree that $() is better than backticks.

>  Is there any other way of accomplishing
> the same thing in the script?
I worked on something similar for quite a while and couldn't
find another way to do it in a shell script.  But that doesn't
mean that there is no other way...

> Also, will this work for files with spaces in the name?
Not as in the patch, but this should work:
file="$(eval "echo $file")"

Best Regards,
  Detlef

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue Jan 30 06:53:08 2024; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.