[type/__update_alternatives] Secure cdist-defined environment variables with :?
This commit is contained in:
parent
542674dae8
commit
a7d6481a7d
5 changed files with 13 additions and 14 deletions
|
@ -1,4 +1,4 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
|
|
||||||
update-alternatives --display "$__object_id" 2>/dev/null \
|
update-alternatives --display "${__object_id:?}" 2>/dev/null \
|
||||||
| awk -F ' - ' '/priority [0-9]+$/ { print $1 }'
|
| awk -F ' - ' '/priority [0-9]+$/ { print $1 }'
|
||||||
|
|
|
@ -18,12 +18,12 @@ for altdir in \
|
||||||
/var/lib/dpkg/alternatives \
|
/var/lib/dpkg/alternatives \
|
||||||
/var/lib/alternatives
|
/var/lib/alternatives
|
||||||
do
|
do
|
||||||
if [ ! -f "$altdir/$__object_id" ]
|
if [ ! -f "$altdir/${__object_id:?}" ]
|
||||||
then
|
then
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
link="$( awk 'NR==2' "$altdir/$__object_id" )"
|
link="$( awk 'NR==2' "$altdir/${__object_id:?}" )"
|
||||||
|
|
||||||
if [ -n "$link" ]
|
if [ -n "$link" ]
|
||||||
then
|
then
|
||||||
|
@ -33,7 +33,7 @@ done
|
||||||
|
|
||||||
if [ -z "$link" ]
|
if [ -z "$link" ]
|
||||||
then
|
then
|
||||||
echo "unable to get link for $__object_id" >&2
|
echo "unable to get link for ${__object_id:?}" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
|
|
||||||
path_is="$( update-alternatives --display "$__object_id" 2>/dev/null \
|
path_is="$( update-alternatives --display "${__object_id:?}" 2>/dev/null \
|
||||||
| awk '/link currently points to/ {print $5}' )"
|
| awk '/link currently points to/ {print $5}' )"
|
||||||
|
|
||||||
if [ -z "$path_is" ]
|
if [ -z "$path_is" ]
|
||||||
then
|
then
|
||||||
echo "unable to get current path for $__object_id" >&2
|
echo "unable to get current path for ${__object_id:?}" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
|
|
||||||
if [ -f "$( cat "$__object/parameter/path" )" ]
|
if [ -f "$( cat "${__object:?}/parameter/path" )" ]
|
||||||
then
|
then
|
||||||
echo 'present'
|
echo 'present'
|
||||||
else
|
else
|
||||||
|
|
|
@ -18,26 +18,25 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
path_is="$( cat "$__object/explorer/path_is" )"
|
path_is="$( cat "${__object:?}/explorer/path_is" )"
|
||||||
|
|
||||||
path_should="$( cat "$__object/parameter/path" )"
|
path_should="$( cat "${__object:?}/parameter/path" )"
|
||||||
|
|
||||||
if [ "$path_is" = "$path_should" ]
|
if [ "$path_is" = "$path_should" ]
|
||||||
then
|
then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$( cat "$__object/explorer/path_should_state" )" = 'absent' ] && [ -z "$__cdist_dry_run" ]
|
if [ "$( cat "${__object:?}/explorer/path_should_state" )" = 'absent' ] \
|
||||||
|
&& [ -z "${__cdist_dry_run+dry run}" ]
|
||||||
then
|
then
|
||||||
echo "$path_should does not exist in target" >&2
|
echo "$path_should does not exist in target" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
name="$__object_id"
|
name=${__object_id:?}
|
||||||
|
|
||||||
alternatives="$( cat "$__object/explorer/alternatives" )"
|
if ! grep -Fxq "$path_should" "${__object:?}/explorer/alternatives"
|
||||||
|
|
||||||
if ! echo "$alternatives" | grep -Fxq "$path_should"
|
|
||||||
then
|
then
|
||||||
if [ ! -f "$__object/parameter/install" ]
|
if [ ! -f "$__object/parameter/install" ]
|
||||||
then
|
then
|
||||||
|
|
Loading…
Reference in a new issue