aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGuido Günther <agx@sigxcpu.org>2017-01-11 11:57:37 +0100
committerGuido Günther <agx@sigxcpu.org>2017-01-11 15:23:50 +0100
commit80a1c39abf60d09bb6b8e033350b06ac789726cf (patch)
treee52e6d2c779ba167bdbef3b01209c9e49cdaafb0
parent67d8b9f44b089eb04ae4ce54c03a0e06d751de30 (diff)
Quote arguments passed to builder
Closes: #850869 Thanks: Simon McVittie
-rw-r--r--gbp/command_wrappers.py3
-rwxr-xr-xgbp/scripts/buildpackage.py5
-rw-r--r--gbp/scripts/buildpackage_rpm.py11
-rw-r--r--tests/component/deb/test_buildpackage.py21
4 files changed, 35 insertions, 5 deletions
diff --git a/gbp/command_wrappers.py b/gbp/command_wrappers.py
index f4b00b8..aec3018 100644
--- a/gbp/command_wrappers.py
+++ b/gbp/command_wrappers.py
@@ -67,6 +67,9 @@ class Command(object):
"""
Wraps a shell command, so we don't have to store any kind of command
line options in one of the git-buildpackage commands
+
+ Note that it does not do any shell quoting even with shell=True so
+ you have to quote arguments yourself if necessary.
"""
def __init__(self, cmd, args=[], shell=False, extra_env=None, cwd=None,
capture_stderr=False,
diff --git a/gbp/scripts/buildpackage.py b/gbp/scripts/buildpackage.py
index 6524f01..04c5e93 100755
--- a/gbp/scripts/buildpackage.py
+++ b/gbp/scripts/buildpackage.py
@@ -19,6 +19,7 @@
import errno
import os
+import pipes
import shutil
import sys
import time
@@ -727,7 +728,9 @@ def main(argv):
)(dir=build_dir)
# Finally build the package:
- RunAtCommand(options.builder, dpkg_args, shell=True,
+ RunAtCommand(options.builder,
+ [pipes.quote(arg) for arg in dpkg_args],
+ shell=True,
extra_env=Hook.md(build_env,
{'GBP_BUILD_DIR': build_dir})
)(dir=build_dir)
diff --git a/gbp/scripts/buildpackage_rpm.py b/gbp/scripts/buildpackage_rpm.py
index 5dde23b..b34617d 100644
--- a/gbp/scripts/buildpackage_rpm.py
+++ b/gbp/scripts/buildpackage_rpm.py
@@ -19,6 +19,7 @@
"""Build an RPM package out of a Git repository"""
import os
+import pipes
import shutil
import sys
@@ -242,9 +243,9 @@ def setup_builder(options, builder_args):
if len(builder_args) == 0:
builder_args.append('-ba')
builder_args.extend([
- '--define "_topdir %s"' % os.path.abspath(options.export_dir),
- '--define "_specdir %%_topdir/%s"' % options.export_specdir,
- '--define "_sourcedir %%_topdir/%s"' % options.export_sourcedir])
+ '--define', "_topdir %s" % os.path.abspath(options.export_dir),
+ '--define', "_specdir %%_topdir/%s" % options.export_specdir,
+ '--define', "_sourcedir %%_topdir/%s" % options.export_sourcedir])
def packaging_tag_data(repo, commit, name, version, options):
@@ -580,7 +581,9 @@ def main(argv):
spec.specfile))
else:
builder_args.append(spec.specfile)
- RunAtCommand(options.builder, builder_args, shell=True,
+ RunAtCommand(options.builder,
+ [pipes.quote(arg) for arg in builder_args],
+ shell=True,
extra_env={'GBP_BUILD_DIR': export_dir}
)(dir=export_dir)
if options.postbuild:
diff --git a/tests/component/deb/test_buildpackage.py b/tests/component/deb/test_buildpackage.py
index 822f200..2e4cef6 100644
--- a/tests/component/deb/test_buildpackage.py
+++ b/tests/component/deb/test_buildpackage.py
@@ -150,3 +150,24 @@ class TestBuildpackage(ComponentTestBase):
['--git-export-dir=../foo/bar'],
)
ok_(os.path.exists('../foo/bar'))
+
+ def test_argument_quoting(self):
+ """Test that we quote arguments to builder (#)"""
+ def _dsc(version):
+ return os.path.join(DEB_TEST_DATA_DIR,
+ 'dsc-native',
+ 'git-buildpackage_%s.dsc' % version)
+
+ dsc = _dsc('0.4.14')
+ assert import_dsc(['arg0', dsc]) == 0
+ os.chdir('git-buildpackage')
+ with open('../arg with spaces', 'w'):
+ pass
+ # We use ls as builder to look for a file with spaces. This
+ # will fail if build arguments are not properly quoted and
+ # therefore split up
+ ret = buildpackage(['arg0',
+ '--git-builder=ls',
+ '--git-cleaner=/bin/true',
+ '../arg with spaces'])
+ ok_(ret == 0, "Building the package failed")