diff options
| author | Joseph Hunkeler <jhunkeler@gmail.com> | 2023-11-20 17:07:11 -0500 |
|---|---|---|
| committer | Joseph Hunkeler <jhunkeler@gmail.com> | 2023-11-20 17:07:11 -0500 |
| commit | 43bcd36bb31c1ab117b54f21746b119db2448449 (patch) | |
| tree | 12e69ecb6c84a8b99ae8df3bbf65642152d21bcc | |
| parent | 8b3f862c59f7866f67f1da349efd5e3d931e1eae (diff) | |
| download | stasis-43bcd36bb31c1ab117b54f21746b119db2448449.tar.gz | |
Use TMPDIR, and fail when script cannot be executed within that filesystem
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | include/omc.h | 1 | ||||
| -rw-r--r-- | include/system.h | 2 | ||||
| -rw-r--r-- | src/conda.c | 5 | ||||
| -rw-r--r-- | src/deliverable.c | 6 | ||||
| -rw-r--r-- | src/main.c | 47 | ||||
| -rw-r--r-- | src/system.c | 10 | ||||
| -rw-r--r-- | src/utils.c | 2 |
8 files changed, 68 insertions, 8 deletions
@@ -1 +1,2 @@ -# Oh My CAL +# OH MY CAL + diff --git a/include/omc.h b/include/omc.h index 6c4821f..432d88a 100644 --- a/include/omc.h +++ b/include/omc.h @@ -13,6 +13,7 @@ struct OMC_GLOBAL { unsigned char verbose; unsigned char always_update_base_environment; unsigned char continue_on_error; + char *tmpdir; }; #include "utils.h" diff --git a/include/system.h b/include/system.h index d744726..32c7c79 100644 --- a/include/system.h +++ b/include/system.h @@ -24,6 +24,6 @@ struct Process { int shell(struct Process *proc, char *args[]); int shell2(struct Process *proc, char *args); int shell_safe(struct Process *proc, char *args[]); -char *shell_output(const char *command); +char *shell_output(const char *command, int *status); #endif //OMC_SYSTEM_H diff --git a/src/conda.c b/src/conda.c index a361267..9575c25 100644 --- a/src/conda.c +++ b/src/conda.c @@ -73,7 +73,7 @@ int conda_activate(const char *root, const char *env_name) { // Set the path to our stdout log // Emulate mktemp()'s behavior. Give us a unique file name, but don't use // the file handle at all. We'll open it as a FILE stream soon enough. - strcpy(logfile, "/tmp/shell_XXXXXX"); + sprintf(logfile, "%s/%s", globals.tmpdir, "shell_XXXXXX"); fd = mkstemp(logfile); if (fd < 0) { perror(logfile); @@ -87,11 +87,13 @@ int conda_activate(const char *root, const char *env_name) { // Verify conda's init scripts are available if (access(path_conda, F_OK) < 0) { perror(path_conda); + remove(logfile); return -1; } if (access(path_mamba, F_OK) < 0) { perror(path_mamba); + remove(logfile); return -1; } @@ -101,6 +103,7 @@ int conda_activate(const char *root, const char *env_name) { int retval = shell2(&proc, command); if (retval) { // it didn't work; drop out for cleanup + remove(logfile); return retval; } diff --git a/src/deliverable.c b/src/deliverable.c index a9b3b51..7008e7e 100644 --- a/src/deliverable.c +++ b/src/deliverable.c @@ -898,12 +898,14 @@ void delivery_tests_run(struct Delivery *ctx) { } void delivery_gather_tool_versions(struct Delivery *ctx) { + int status = 0; + // Extract version from tool output - ctx->conda.tool_version = shell_output("conda --version"); + ctx->conda.tool_version = shell_output("conda --version", &status); if (ctx->conda.tool_version) strip(ctx->conda.tool_version); - ctx->conda.tool_build_version = shell_output("conda build --version"); + ctx->conda.tool_build_version = shell_output("conda build --version", &status); if (ctx->conda.tool_build_version) strip(ctx->conda.tool_version); } @@ -1,11 +1,13 @@ -#define GNU_SOURCE +#define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <string.h> #include <limits.h> #include <sys/utsname.h> #include <getopt.h> +#include <sys/statvfs.h> #include "omc.h" +#include "copy.h" const char *VERSION = "1.0.0"; const char *AUTHOR = "Joseph Hunkeler"; @@ -104,6 +106,38 @@ static void usage(char *progname) { } } +char *get_tmpdir(int *usable) { + char *tmpdir_env = NULL; + char *x = NULL; + *usable = 0; + x = getenv("TMPDIR"); + + if (x) { + tmpdir_env = strdup(x); + } else { + tmpdir_env = strdup("/tmp"); + } + + if (access(tmpdir_env, F_OK) < 0) { + if (mkdirs(tmpdir_env, 0755) < 0) { + free(tmpdir_env); + tmpdir_env = NULL; + } + } + + struct statvfs st; + if (statvfs(tmpdir_env, &st) < 0) { + free(tmpdir_env); + return NULL; + } + + if (!(st.f_flag & ST_NOEXEC) || !(st.f_flag & ST_RDONLY)) { + *usable = 1; + } + + return tmpdir_env; +} + int main(int argc, char *argv[], char *arge[]) { struct INIFILE *cfg = NULL; struct INIFILE *ini = NULL; @@ -121,6 +155,17 @@ int main(int argc, char *argv[], char *arge[]) { char python_override_version[NAME_MAX]; unsigned char arg_continue_on_error = 0; unsigned char arg_always_update_base_environment = 0; + int tmpdir_usable = 0; + + globals.tmpdir = get_tmpdir(&tmpdir_usable); + if (!tmpdir_usable) { + fprintf(stderr, "%s cannot be used due to restrictive mount options.\n" + "Please set $TMPDIR to a path other than %s", + globals.tmpdir, globals.tmpdir); + if (globals.tmpdir) + free(globals.tmpdir); + exit(1); + } int c; while (1) { diff --git a/src/system.c b/src/system.c index b819615..52e354a 100644 --- a/src/system.c +++ b/src/system.c @@ -204,16 +204,24 @@ int shell_safe(struct Process *proc, char *args[]) { return result; } -char *shell_output(const char *command) { +char *shell_output(const char *command, int *status) { const size_t initial_size = OMC_BUFSIZ; size_t current_size = initial_size; char *result = NULL; char line[OMC_BUFSIZ]; FILE *pp; + + errno = 0; + *status = 0; pp = popen(command, "r"); if (!pp) { + *status = -1; return NULL; } + + if (errno) { + *status = 1; + } result = calloc(initial_size, sizeof(result)); while (fgets(line, sizeof(line) - 1, pp) != NULL) { size_t result_len = strlen(result); diff --git a/src/utils.c b/src/utils.c index 802d397..5889d70 100644 --- a/src/utils.c +++ b/src/utils.c @@ -431,7 +431,7 @@ void debug_shell() { char *xmkstemp(FILE **fp) { char t_name[PATH_MAX]; - strcpy(t_name, "/tmp/OMC.XXXXXX"); + sprintf(t_name, "%s/%s", globals.tmpdir, "OMC.XXXXXX"); int fd = mkstemp(t_name); *fp = fdopen(fd, "w"); |