From 80a1c39abf60d09bb6b8e033350b06ac789726cf Mon Sep 17 00:00:00 2001 From: Guido Günther Date: Wed, 11 Jan 2017 11:57:37 +0100 Subject: Quote arguments passed to builder Closes: #850869 Thanks: Simon McVittie --- gbp/command_wrappers.py | 3 +++ gbp/scripts/buildpackage.py | 5 ++++- gbp/scripts/buildpackage_rpm.py | 11 +++++++---- tests/component/deb/test_buildpackage.py | 21 +++++++++++++++++++++ 4 files changed, 35 insertions(+), 5 deletions(-) diff --git a/gbp/command_wrappers.py b/gbp/command_wrappers.py index f4b00b89..aec30182 100644 --- a/gbp/command_wrappers.py +++ b/gbp/command_wrappers.py @@ -67,6 +67,9 @@ class Command(object): """ Wraps a shell command, so we don't have to store any kind of command line options in one of the git-buildpackage commands + + Note that it does not do any shell quoting even with shell=True so + you have to quote arguments yourself if necessary. """ def __init__(self, cmd, args=[], shell=False, extra_env=None, cwd=None, capture_stderr=False, diff --git a/gbp/scripts/buildpackage.py b/gbp/scripts/buildpackage.py index 6524f017..04c5e938 100755 --- a/gbp/scripts/buildpackage.py +++ b/gbp/scripts/buildpackage.py @@ -19,6 +19,7 @@ import errno import os +import pipes import shutil import sys import time @@ -727,7 +728,9 @@ def main(argv): )(dir=build_dir) # Finally build the package: - RunAtCommand(options.builder, dpkg_args, shell=True, + RunAtCommand(options.builder, + [pipes.quote(arg) for arg in dpkg_args], + shell=True, extra_env=Hook.md(build_env, {'GBP_BUILD_DIR': build_dir}) )(dir=build_dir) diff --git a/gbp/scripts/buildpackage_rpm.py b/gbp/scripts/buildpackage_rpm.py index 5dde23bb..b34617df 100644 --- a/gbp/scripts/buildpackage_rpm.py +++ b/gbp/scripts/buildpackage_rpm.py @@ -19,6 +19,7 @@ """Build an RPM package out of a Git repository""" import os +import pipes import shutil import sys @@ -242,9 +243,9 @@ def setup_builder(options, builder_args): if len(builder_args) == 0: builder_args.append('-ba') builder_args.extend([ - '--define "_topdir %s"' % os.path.abspath(options.export_dir), - '--define "_specdir %%_topdir/%s"' % options.export_specdir, - '--define "_sourcedir %%_topdir/%s"' % options.export_sourcedir]) + '--define', "_topdir %s" % os.path.abspath(options.export_dir), + '--define', "_specdir %%_topdir/%s" % options.export_specdir, + '--define', "_sourcedir %%_topdir/%s" % options.export_sourcedir]) def packaging_tag_data(repo, commit, name, version, options): @@ -580,7 +581,9 @@ def main(argv): spec.specfile)) else: builder_args.append(spec.specfile) - RunAtCommand(options.builder, builder_args, shell=True, + RunAtCommand(options.builder, + [pipes.quote(arg) for arg in builder_args], + shell=True, extra_env={'GBP_BUILD_DIR': export_dir} )(dir=export_dir) if options.postbuild: diff --git a/tests/component/deb/test_buildpackage.py b/tests/component/deb/test_buildpackage.py index 822f2009..2e4cef68 100644 --- a/tests/component/deb/test_buildpackage.py +++ b/tests/component/deb/test_buildpackage.py @@ -150,3 +150,24 @@ class TestBuildpackage(ComponentTestBase): ['--git-export-dir=../foo/bar'], ) ok_(os.path.exists('../foo/bar')) + + def test_argument_quoting(self): + """Test that we quote arguments to builder (#)""" + def _dsc(version): + return os.path.join(DEB_TEST_DATA_DIR, + 'dsc-native', + 'git-buildpackage_%s.dsc' % version) + + dsc = _dsc('0.4.14') + assert import_dsc(['arg0', dsc]) == 0 + os.chdir('git-buildpackage') + with open('../arg with spaces', 'w'): + pass + # We use ls as builder to look for a file with spaces. This + # will fail if build arguments are not properly quoted and + # therefore split up + ret = buildpackage(['arg0', + '--git-builder=ls', + '--git-cleaner=/bin/true', + '../arg with spaces']) + ok_(ret == 0, "Building the package failed") -- cgit v1.2.3