diff options
| author | Joseph Hunkeler <jhunkeler@users.noreply.github.com> | 2024-08-28 13:52:00 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-28 13:52:00 -0400 |
| commit | f22a121c6667e3139f8695ff1dbcc0b33039f330 (patch) | |
| tree | ccc54eaac19a378095b5b6f02716320f70543d2e | |
| parent | 97a6697b9fdebda0be31bc03c4db3846d0947281 (diff) | |
| download | stasis-f22a121c6667e3139f8695ff1dbcc0b33039f330.tar.gz | |
System calls fixup (#38)
* Fix up shell() behavior
* Removes dead code after execl()
* Return the return value of execl() immediately
* Output redirection fix: if f_stderr and redirect_stderr were both set, stderr was not redirected
* Move the file handles into the child process
* Bash now executes with --norc to avoid clobbering environment variables. This mimics /bin/sh behavior.
* Fix test script environment
* shell() already provides a temporary script. Not jumping into another sub-shell should preserve help preserve the top-level environment.
* Try a different approach using declare -f
* Revert "Try a different approach using declare -f"
This reverts commit ea8ec855c3c6870d29c55afe3787afb2c05026a1.
* Revert "Fix test script environment"
This reverts commit 0a4efe972a78378eba5c5fbc6819c39b3cc6c9cb.
* Change script permissions: 0700
* Force conda reactivation in test script
* Switch to the usual environment reactivation method
| -rw-r--r-- | src/delivery.c | 26 | ||||
| -rw-r--r-- | src/system.c | 41 |
2 files changed, 20 insertions, 47 deletions
diff --git a/src/delivery.c b/src/delivery.c index 524dd0a..3a713b5 100644 --- a/src/delivery.c +++ b/src/delivery.c @@ -1710,7 +1710,7 @@ void delivery_tests_run(struct Delivery *ctx) { } else { memset(globals.workaround.conda_reactivate, 0, PATH_MAX); } - snprintf(globals.workaround.conda_reactivate, PATH_MAX - 1, "\nset +x\neval `conda shell.posix reactivate`\nset -x\n"); + snprintf(globals.workaround.conda_reactivate, PATH_MAX - 1, "\nmamba activate ${CONDA_ENV_DEFAULT}\n"); if (!ctx->tests[0].name) { msg(STASIS_MSG_WARN | STASIS_MSG_L2, "no tests are defined!\n"); @@ -1773,7 +1773,6 @@ void delivery_tests_run(struct Delivery *ctx) { } // enable trace mode before executing each test script - strcpy(cmd, ctx->tests[i].script); char *cmd_rendered = tpl_render(cmd); if (cmd_rendered) { @@ -1787,24 +1786,15 @@ void delivery_tests_run(struct Delivery *ctx) { exit(1); } - FILE *runner_fp; - char *runner_filename = xmkstemp(&runner_fp, "w"); - - fprintf(runner_fp, "#!/bin/bash\n" - "eval `conda shell.posix reactivate`\n" - "set -x\n" - "%s\n", - cmd); - fclose(runner_fp); - chmod(runner_filename, 0755); - puts(cmd); - char runner_cmd[PATH_MAX] = {0}; - sprintf(runner_cmd, "%s", runner_filename); + char runner_cmd[0xFFFF] = {0}; + sprintf(runner_cmd, "set +x\nsource %s/etc/profile.d/conda.sh\nsource %s/etc/profile.d/mamba.sh\nmamba activate ${CONDA_ENV_DEFAULT}\n\n%s\n", + ctx->storage.conda_install_prefix, + ctx->storage.conda_install_prefix, + cmd); status = shell(&proc, runner_cmd); if (status) { msg(STASIS_MSG_ERROR, "Script failure: %s\n%s\n\nExit code: %d\n", ctx->tests[i].name, ctx->tests[i].script, status); - remove(runner_filename); popd(); guard_free(cmd); if (!globals.continue_on_error) { @@ -1815,8 +1805,6 @@ void delivery_tests_run(struct Delivery *ctx) { COE_CHECK_ABORT(1, "Test failure"); } guard_free(cmd); - remove(runner_filename); - guard_free(runner_filename); if (toxconf) { remove(toxconf); @@ -2228,4 +2216,4 @@ int delivery_exists(struct Delivery *ctx) { guard_strlist_free(&files); } return 0; // not found -}
\ No newline at end of file +} diff --git a/src/system.c b/src/system.c index 526f0ec..a564769 100644 --- a/src/system.c +++ b/src/system.c @@ -3,8 +3,6 @@ int shell(struct Process *proc, char *args) { struct Process selfproc; - FILE *fp_out = NULL; - FILE *fp_err = NULL; pid_t pid; pid_t status; status = 0; @@ -32,20 +30,28 @@ int shell(struct Process *proc, char *args) { fprintf(tp, "#!/bin/bash\n%s\n", args); fflush(tp); fclose(tp); - chmod(t_name, 0755); + + // Set the script's permissions so that only the calling user can use it + // This should help prevent eavesdropping if keys are applied in plain-text + // somewhere. + chmod(t_name, 0700); pid = fork(); if (pid == -1) { fprintf(stderr, "fork failed\n"); exit(1); } else if (pid == 0) { - int retval; + FILE *fp_out = NULL; + FILE *fp_err = NULL; + if (strlen(proc->f_stdout)) { fp_out = freopen(proc->f_stdout, "w+", stdout); } if (strlen(proc->f_stderr)) { - fp_err = freopen(proc->f_stderr, "w+", stderr); + if (!proc->redirect_stderr) { + fp_err = freopen(proc->f_stderr, "w+", stderr); + } } if (proc->redirect_stderr) { @@ -56,28 +62,7 @@ int shell(struct Process *proc, char *args) { dup2(fileno(stdout), fileno(stderr)); } - retval = execl("/bin/bash", "bash", "-c", t_name, (char *) NULL); - if (!access(t_name, F_OK)) { - remove(t_name); - } - - if (strlen(proc->f_stdout)) { - if (fp_out != NULL) { - fflush(fp_out); - fclose(fp_out); - } - fflush(stdout); - fclose(stdout); - } - if (strlen(proc->f_stderr)) { - if (fp_err) { - fflush(fp_err); - fclose(fp_err); - } - fflush(stderr); - fclose(stderr); - } - return retval; + return execl("/bin/bash", "bash", "--norc", t_name, (char *) NULL); } else { if (waitpid(pid, &status, WUNTRACED) > 0) { if (WIFEXITED(status) && WEXITSTATUS(status)) { @@ -174,4 +159,4 @@ char *shell_output(const char *command, int *status) { } *status = pclose(pp); return result; -}
\ No newline at end of file +} |