Subject: pkg/30362: pkgsrc/mk/bulk/do-sandbox-build uses 'which' and wrong quoting
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Alexander Becher <abecher@kawo2.rwth-aachen.de>
List: pkgsrc-bugs
Date: 05/28/2005 22:22:00
>Number: 30362
>Category: pkg
>Synopsis: do-sandbox-build uses 'which' and wrong quoting
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat May 28 22:22:00 +0000 2005
>Originator: Alexander Becher
>Release: NetBSD 2.0_STABLE
>Organization:
>Environment:
System: NetBSD abn 2.0_STABLE NetBSD 2.0_STABLE (kernel) #18: Sat May 21 14:41:45 CEST 2005 alex@abn:/home/alex/kernel i386
Architecture: i386
Machine: i386
>Description:
pkgsrc/mk/bulk/do-sandbox-build uses sh=`which sh`. 'which' should
not be used, however, in a /bin/sh script. For the Bourne shell,
that's `command -v sh`, or maybe `type -p`.
Also, its way of passing the command line arguments is wrong.
For "$@" = foo bar baz (3 args), sh -c "cd ... && sh ... $@"
expands to sh -c "cd ... && sh ... foo" bar baz, which is not
what is wanted. You can easily watch this by replacing the
second occurrence of sh by something like the following:
perl -lwe 'print join("\n", @ARGV)'.
>How-To-Repeat:
sudo sh /usr/pkgsrc/mk/bulk/do-sandbox-build -s -m -r
# watch it build the packages, instead of just fetching the distfiles
^C
sudo sh /usr/pkgsrc/mk/bulk/do-sandbox-build -s -m -r
# watch the pre-build script being run again
>Fix:
Index: do-sandbox-build
===================================================================
RCS file: /cvsroot/pkgsrc/mk/bulk/do-sandbox-build,v
retrieving revision 1.10
diff -u -r1.10 do-sandbox-build
--- do-sandbox-build 7 May 2005 22:16:38 -0000 1.10
+++ do-sandbox-build 28 May 2005 22:03:57 -0000
@@ -7,5 +7,5 @@
# See pkgsrc/doc/pkgsrc.txt for documentation!
#
-sh=`which sh`
-chroot /usr/sandbox $sh -c "cd /usr/pkgsrc && $sh mk/bulk/build $@"
+sh=`command -v sh`
+chroot /usr/sandbox $sh -c "cd /usr/pkgsrc && $sh mk/bulk/build "'"$@"' -- "$@"
>Unformatted: