Browse Source

[type/__update_alternatives] Secure cdist-defined environment variables with :?

ander/os_version_debian_sid
Dennis Camera 10 months ago
parent
commit
a7d6481a7d
  1. 2
      cdist/conf/type/__update_alternatives/explorer/alternatives
  2. 6
      cdist/conf/type/__update_alternatives/explorer/link
  3. 4
      cdist/conf/type/__update_alternatives/explorer/path_is
  4. 2
      cdist/conf/type/__update_alternatives/explorer/path_should_state
  5. 13
      cdist/conf/type/__update_alternatives/gencode-remote

2
cdist/conf/type/__update_alternatives/explorer/alternatives vendored

@ -1,4 +1,4 @@
#!/bin/sh -e
update-alternatives --display "$__object_id" 2>/dev/null \
update-alternatives --display "${__object_id:?}" 2>/dev/null \
| awk -F ' - ' '/priority [0-9]+$/ { print $1 }'

6
cdist/conf/type/__update_alternatives/explorer/link vendored

@ -18,12 +18,12 @@ for altdir in \
/var/lib/dpkg/alternatives \
/var/lib/alternatives
do
if [ ! -f "$altdir/$__object_id" ]
if [ ! -f "$altdir/${__object_id:?}" ]
then
continue
fi
link="$( awk 'NR==2' "$altdir/$__object_id" )"
link="$( awk 'NR==2' "$altdir/${__object_id:?}" )"
if [ -n "$link" ]
then
@ -33,7 +33,7 @@ done
if [ -z "$link" ]
then
echo "unable to get link for $__object_id" >&2
echo "unable to get link for ${__object_id:?}" >&2
exit 1
fi

4
cdist/conf/type/__update_alternatives/explorer/path_is vendored

@ -1,11 +1,11 @@
#!/bin/sh -e
path_is="$( update-alternatives --display "$__object_id" 2>/dev/null \
path_is="$( update-alternatives --display "${__object_id:?}" 2>/dev/null \
| awk '/link currently points to/ {print $5}' )"
if [ -z "$path_is" ]
then
echo "unable to get current path for $__object_id" >&2
echo "unable to get current path for ${__object_id:?}" >&2
exit 1
fi

2
cdist/conf/type/__update_alternatives/explorer/path_should_state vendored

@ -1,6 +1,6 @@
#!/bin/sh -e
if [ -f "$( cat "$__object/parameter/path" )" ]
if [ -f "$( cat "${__object:?}/parameter/path" )" ]
then
echo 'present'
else

13
cdist/conf/type/__update_alternatives/gencode-remote vendored

@ -18,26 +18,25 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
path_is="$( cat "$__object/explorer/path_is" )"
path_is="$( cat "${__object:?}/explorer/path_is" )"
path_should="$( cat "$__object/parameter/path" )"
path_should="$( cat "${__object:?}/parameter/path" )"
if [ "$path_is" = "$path_should" ]
then
exit 0
fi
if [ "$( cat "$__object/explorer/path_should_state" )" = 'absent' ] && [ -z "$__cdist_dry_run" ]
if [ "$( cat "${__object:?}/explorer/path_should_state" )" = 'absent' ] \
&& [ -z "${__cdist_dry_run+dry run}" ]
then
echo "$path_should does not exist in target" >&2
exit 1
fi
name="$__object_id"
name=${__object_id:?}
alternatives="$( cat "$__object/explorer/alternatives" )"
if ! echo "$alternatives" | grep -Fxq "$path_should"
if ! grep -Fxq "$path_should" "${__object:?}/explorer/alternatives"
then
if [ ! -f "$__object/parameter/install" ]
then

Loading…
Cancel
Save