[arch-projects] [devtools] [PATCH 2/2] avoid injecting code into the format string

Tue Jul 30 11:00:55 EDT 2013

Now that die() properly forwards arguments to error(), we can expect
that the first arg is a format string and not the entirety of the
output.

Signed-off-by: Dave Reisner <dreisner at archlinux.org>
---
 arch-nspawn.in   |  4 ++--
 archco.in        |  2 +-
 archrelease.in   |  6 +++---
 checkpkg.in      |  4 ++--
 commitpkg.in     | 10 +++++-----
 crossrepomove.in |  2 +-
 find-libdeps.in  |  2 +-
 makechrootpkg.in | 14 +++++++-------
 mkarchroot.in    |  4 ++--
 9 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/arch-nspawn.in b/arch-nspawn.in
index 8ef39ed..f52afe9 100644
--- a/arch-nspawn.in
+++ b/arch-nspawn.in
@@ -88,9 +88,9 @@ umask 0022
 
 # Sanity check
 if [[ ! -f "$working_dir/.arch-chroot" ]]; then
-	die "'$working_dir' does not appear to be a Arch chroot."
+	die "'%s' does not appear to be a Arch chroot." "$working_dir"
 elif [[ $(cat "$working_dir/.arch-chroot") != $CHROOT_VERSION ]]; then
-	die "chroot '$working_dir' is not at version $CHROOT_VERSION. Please rebuild."
+	die "chroot '%s' is not at version %s. Please rebuild." "$working_dir" "$CHROOT_VERSION"
 fi
 
 build_mount_args
diff --git a/archco.in b/archco.in
index 1ee977e..29e4cd6 100644
--- a/archco.in
+++ b/archco.in
@@ -15,7 +15,7 @@ case $scriptname in
 	communityco)
 		SVNURL="svn+ssh://svn-community@nymeria.archlinux.org/srv/repos/svn-community/svn";;
 	*)
-		die "Couldn't find svn url for $scriptname"
+		die "Couldn't find svn url for %s" $scriptname"
 		;;
 esac
 
diff --git a/archrelease.in b/archrelease.in
index 2e742c2..6f52dbc 100644
--- a/archrelease.in
+++ b/archrelease.in
@@ -8,8 +8,8 @@ FORCE=
 while getopts ':f' flag; do
 	case $flag in
 		f) FORCE=1 ;;
-		:) die "Option requires an argument -- '$OPTARG'" ;;
-		\?) die "Invalid option -- '$OPTARG'" ;;
+		:) die "Option requires an argument -- '%s'" "$OPTARG" ;;
+		\?) die "Invalid option -- '%s'" "$OPTARG" ;;
 	esac
 done
 shift $(( OPTIND - 1 ))
@@ -23,7 +23,7 @@ fi
 if [[ -z $FORCE ]]; then
 	for tag in "$@"; do
 		if ! in_array "$tag" "${_tags[@]}"; then
-			die 'archrelease: Invalid tag: "'$tag'" (use -f to force release)'
+			die "archrelease: Invalid tag: '%s' (use -f to force release)" "$tag"
 		fi
 	done
 fi
diff --git a/checkpkg.in b/checkpkg.in
index 95bf049..8e0f574 100644
--- a/checkpkg.in
+++ b/checkpkg.in
@@ -41,13 +41,13 @@ for _pkgname in "${pkgname[@]}"; do
 	pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$_pkgname")
 
 	if [[ $? -ne 0 ]]; then
-		die "Couldn't download previous package for $_pkgname."
+		die "Couldn't download previous package for %s." "$_pkgname"
 	fi
 
 	oldpkg=${pkgurl##*://*/}
 
 	if [[ ${oldpkg##*/} = ${pkgfile##*/} ]]; then
-		die "The built package ($_pkgname) is the one in the repo right now!"
+		die "The built package (%s) is the one in the repo right now!" "$_pkgname"
 	fi
 
 	if [[ ! -f $oldpkg ]]; then
diff --git a/commitpkg.in b/commitpkg.in
index db78517..ad1005b 100644
--- a/commitpkg.in
+++ b/commitpkg.in
@@ -58,7 +58,7 @@ esac
 # check if all local source files are under version control
 for s in "${source[@]}"; do
 	if [[ $s != *://* ]] && ! svn status -v "$s@" | grep -q '^[ AMRX~]'; then
-		die "$s is not under version control"
+		die "%s is not under version control" "$s"
 	fi
 done
 
@@ -68,7 +68,7 @@ for i in 'changelog' 'install'; do
 		# evaluate any bash variables used
 		eval file=\"$(sed 's/^\(['\''"]\)\(.*\)\1$/\2/' <<< "$file")\"
 		if ! svn status -v "${file}" | grep -q '^[ AMRX~]'; then
-			die "${file} is not under version control"
+			die "%s is not under version control" "$file"
 		fi
 	done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
 done
@@ -81,8 +81,8 @@ while getopts ':l:a:s:f' flag; do
 		s) server=$OPTARG ;;
 		l) rsyncopts+=("--bwlimit=$OPTARG") ;;
 		a) commit_arch=$OPTARG ;;
-		:) die "Option requires an argument -- '$OPTARG'" ;;
-		\?) die "Invalid option -- '$OPTARG'" ;;
+		:) die "Option requires an argument -- '%s'" "$OPTARG" ;;
+		\?) die "Invalid option -- '%s'" "$OPTARG" ;;
 	esac
 done
 shift $(( OPTIND - 1 ))
@@ -164,7 +164,7 @@ for _arch in ${arch[@]}; do
 			gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die
 		fi
 		if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
-			die "Signature ${pkgfile}.sig is incorrect!"
+			die "Signature %s.sig is incorrect!" "$pkgfile"
 		fi
 		uploads+=("$sigfile")
 	done
diff --git a/crossrepomove.in b/crossrepomove.in
index 1d4ae6c..912504f 100644
--- a/crossrepomove.in
+++ b/crossrepomove.in
@@ -25,7 +25,7 @@ case $scriptname in
 		target_repo='extra'
 		;;
 	*)
-		die "Couldn't find configuration for $scriptname"
+		die "Couldn't find configuration for %s" "$scriptname"
 		;;
 esac
 
diff --git a/find-libdeps.in b/find-libdeps.in
index 36e2c43..c9b451e 100644
--- a/find-libdeps.in
+++ b/find-libdeps.in
@@ -16,7 +16,7 @@ script_mode=${0##*/find-lib}
 
 case $script_mode in
 	deps|provides) true;;
-	*) die "Unknown mode $script_mode" ;;
+	*) die "Unknown mode %s" "$script_mode" ;;
 esac
 
 if [[ -z $1 ]]; then
diff --git a/makechrootpkg.in b/makechrootpkg.in
index d7d3ecf..1cd08fb 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -81,8 +81,8 @@ done
 
 # Canonicalize chrootdir, getting rid of trailing /
 chrootdir=$(readlink -e "$passeddir")
-[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '$passeddir'"
-[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot $chrootdir/root base-devel"
+[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir"
+[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot %s/root base-devel" "$chrootdir"
 
 # Detect chrootdir filesystem type
 chroottype=$(stat -f -c %T "$chrootdir")
@@ -136,10 +136,10 @@ create_chroot() {
 		if [[ "$chroottype" == btrfs ]]; then
 			if [[ -d $copydir ]]; then
 				btrfs subvolume delete "$copydir" >/dev/null ||
-					die "Unable to delete subvolume $copydir"
+					die "Unable to delete subvolume %s" "$copydir"
 			fi
 			btrfs subvolume snapshot "$chrootdir/root" "$copydir" >/dev/null ||
-				die "Unable to create subvolume $copydir"
+				die "Unable to create subvolume %s" "$copydir"
 		else
 			mkdir -p "$copydir"
 			rsync -a --delete -q -W -x "$chrootdir/root/" "$copydir"
@@ -155,11 +155,11 @@ clean_temporary() {
 	stat_busy "Removing temporary copy [$copy]"
 	if [[ "$chroottype" == btrfs ]]; then
 		btrfs subvolume delete "$copydir" >/dev/null ||
-			die "Unable to delete subvolume $copydir"
+			die "Unable to delete subvolume %s" "$copydir"
 	else
 		# avoid change of filesystem in case of an umount failure
 		rm --recursive --force --one-file-system "$copydir" ||
-			die "Unable to delete $copydir"
+			die "Unable to delete %s" "$copydir"
 	fi
 
 	# remove lock file
@@ -362,7 +362,7 @@ if (( ret != 0 )); then
 	if $temp_chroot; then
 		die "Build failed"
 	else
-		die "Build failed, check $copydir/build"
+		die "Build failed, check %s/build" "$copydir"
 	fi
 else
 	true
diff --git a/mkarchroot.in b/mkarchroot.in
index 970bbb9..7cdb274 100644
--- a/mkarchroot.in
+++ b/mkarchroot.in
@@ -51,7 +51,7 @@ fi
 
 umask 0022
 
-[[ -e $working_dir ]] && die "Working directory '$working_dir' already exists"
+[[ -e $working_dir ]] && die "Working directory '%s' already exists" "$working_dir"
 
 mkdir -p "$working_dir"
 
@@ -60,7 +60,7 @@ lock 9 "${working_dir}.lock" "Locking chroot"
 if [[ $(stat -f -c %T "$working_dir") == btrfs ]]; then
 	rmdir "$working_dir"
 	if ! btrfs subvolume create "$working_dir"; then
-		die "Couldn't create subvolume for '$working_dir'"
+		die "Couldn't create subvolume for '%s'" "$working_dir"
 	fi
 	chmod 0755 "$working_dir"
 fi
-- 
1.8.3.4

