diff options
author | David Kalnischkies <david@kalnischkies.de> | 2015-12-17 17:41:11 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2015-12-19 23:04:34 +0100 |
commit | bc8f83a5afd858206efe518c31bbb1ac948a39a3 (patch) | |
tree | 2d061119245db869f746a99a04b707c3318f70ed /test/integration | |
parent | 3abb6a6a1e485b3bc899b64b0a1b7dc2db25a9c2 (diff) |
avoid evaluating shell in paths used in apt-key
apt-key creates internally a script (since ~1.1) which it will call to
avoid dealing with an array of different options in the code itself, but
while writing this script it wraps the values in "", which will cause
the shell to evaluate its content upon execution.
To make 'use' of this either set a absolute gpg command or TMPDIR to
something as interesting as:
"/tmp/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f1)\$!"
If such paths can be encountered in reality is a different question…
Diffstat (limited to 'test/integration')
-rw-r--r-- | test/integration/framework | 16 | ||||
-rwxr-xr-x | test/integration/test-apt-key | 8 |
2 files changed, 21 insertions, 3 deletions
diff --git a/test/integration/framework b/test/integration/framework index 07b1f3236..8d0c9f5c3 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -54,7 +54,7 @@ msgprintf() { printf "$START " "$1" shift while [ -n "$1" ]; do - printf "$MIDDLE " "$(echo "$1" | sed -e 's#^apt\([cfghs]\)#apt-\1#')" + printf "$MIDDLE " "$(echo "$1" | sed -e 's#^apt\([cfghks]\)#apt-\1#')" shift done fi @@ -245,13 +245,23 @@ addtrap() { trap "shellsetedetector; $CURRENTTRAP exitwithstatus;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM } +escape_shell() { + echo "$@" | sed -e "s#'#'\"'\"'#g" +} + setupenvironment() { # privilege dropping and testing doesn't work if /tmp isn't world-writeable (as e.g. with libpam-tmpdir) if [ -n "$TMPDIR" ] && [ "$(id -u)" = '0' ] && [ "$(stat --format '%a' "$TMPDIR")" != '1777' ]; then unset TMPDIR fi TMPWORKINGDIRECTORY="$(mktemp -d)" - addtrap "cd /; rm -rf \"$TMPWORKINGDIRECTORY\";" + addtrap "cd /; rm -rf '$(escape_shell "$TMPWORKINGDIRECTORY")';" + if [ -n "$TMPDIR_ADD" ]; then + TMPWORKINGDIRECTORY="${TMPWORKINGDIRECTORY}/${TMPDIR_ADD}" + mkdir -p "$TMPWORKINGDIRECTORY" + unset TMPDIR_ADD + export TMPDIR="$TMPWORKINGDIRECTORY" + fi msgninfo "Preparing environment for ${0##*/} in ${TMPWORKINGDIRECTORY}…" mkdir -m 700 "${TMPWORKINGDIRECTORY}/downloaded" @@ -1254,7 +1264,7 @@ EOF # start with an unmounted disk mv "${CD}" "${CD}-unmounted" # we don't want the disk to be modifiable - addtrap 'prefix' "chmod -f -R +w \"$PWD/rootdir/media/cdrom/dists/\" \"$PWD/rootdir/media/cdrom-unmounted/dists/\" || true;" + addtrap 'prefix' "chmod -f -R +w '$(escape_shell "$PWD/rootdir/media/cdrom/dists/")' '$(escape_shell "$PWD/rootdir/media/cdrom-unmounted/dists/")' || true;" chmod -R 555 rootdir/media/cdrom-unmounted/dists } diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 6a4e0d867..7a2849b4e 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -1,6 +1,13 @@ #!/bin/sh set -e +# apt-key is a shell script, so relatively prune to be effected by 'crazy' things: +# confuses config parser as there exists no way of escaping " currently. +#TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!" +# gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program +#TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!" +TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!" + TESTDIR="$(readlink -f "$(dirname "$0")")" . "$TESTDIR/framework" @@ -187,6 +194,7 @@ gpg: unchanged: 1' aptkey --fakeroot update echo 'Verify me. This is my signature.' > signature testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \ adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature + testsuccess test -s signature.gpg -a -s signature for GPGV in '' 'gpgv' 'gpgv2'; do |