[arch-general] Mirror not updating
clemens fischer
ino-news at spotteswoode.dnsalias.org
Tue Jul 14 17:35:44 EDT 2009
On Thu-2009/07/09-19:17 Gerhard Brauer wrote:
> for arch in ${ARCHES}; do
> for repo in ${REPOS}; do
> echo -e -n "$arch-$repo:\t"
> date +"%x %X" -u -d @$(wget -q -O - $1/$repo/os/$arch/lastsync)
> done
> done
please don't post anything like this: apart from being barely
comprehendable, it is _unsafe_! you are using _outside info_ in a shell
script _without validation_! it poses the risk of privilege escalation!
and don't say security issues should be handled by remote admins!
how about:
# uses bash features
shopt -s extglob
iam="${0##*/}"
tmp=""
ex=0
tmpfile="${TMPDIR:-/tmp}/${iam}.tmp"
wget="/usr/bin/wget -q"
# risk: race
rm -rf "${tmpfile}" && touch "${tmpfile}" || exit 9
for arch in ${ARCHES}; do
for repo in ${REPOS}; do
# risk: backquote execution, better use unpriv script
${wget} -O "${tmpfile}" "${1}/${repo}/os/${arch}/lastsync" || {
ex=$?
echo "${iam}: $1/${repo}/os/$arch/lastsync wget exits: ${ex}"
continue
}
tmp="$(< ${tmpfile})"
# remove all punctuation characters, check for numbers
tmp="${tmp//[[:punct:]]}"
case ".${tmp}" in
.+([[:digit:]])) ;; # ok
*)
echo "${iam}: $1/${repo}/os/$arch/lastsync not number: ${tmp}"
continue
;;
esac
echo -e -n "${arch}-${repo}:\t"
date +"%x %X" -u -d "@${tmp}"
done
done
not much longer, but a little safer. the least one should do in this
situation.
clemens
More information about the arch-general
mailing list