kumquat-buildroot/support/download/hg
Yann E. MORIN 3f2bdd0701 support/download: protect from custom commands with spaces in args
Some users may provide custom download commands with spaces in their
arguments, like so:
    BR2_HG="hg --config foo.bar='some space-separated value'"

However, the way we currently call those commands does not account
for the extra quotes, and each space-separated part of the command is
interpreted as separate arguments.

Fix that by calling 'eval' on the commands.

Because of the eval, we must further quote our own arguments, to avoid
the eval further splitting them in case there are spaces (even though
we do not support paths with spaces, better be clean from the onset to
avoid breakage in the future).

We change all the wrappers to use a wrapper-function, even those with
a single call, so they all look alike.

Note that we do not single-quote some of the variables, like ${verbose}
because it can be empty and we really do not want to generate an
empty-string argument. That's not a problem, as ${verbose} would not
normally contain space-separated values (it could get set to something
like '-q -v' but in that case we'd still want two arguments, so that's
fine).

Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Reviewed-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Tested-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-12 17:00:46 +01:00

39 lines
890 B
Bash
Executable File

#!/usr/bin/env bash
# We want to catch any unexpected failure, and exit immediately
set -e
# Download helper for hg, to be called from the download wrapper script
#
# Call it as:
# .../hg [-q] OUT_FILE REPO_URL CSET BASENAME
#
# Environment:
# HG : the hg command to call
verbose=
while getopts :q OPT; do
case "${OPT}" in
q) verbose=-q;;
\?) printf "unknown option '%s'\n" "${OPTARG}" >&2; exit 1;;
esac
done
shift $((OPTIND-1))
output="${1}"
repo="${2}"
cset="${3}"
basename="${4}"
# Caller needs to single-quote its arguments to prevent them from
# being expanded a second time (in case there are spaces in them)
_hg() {
eval ${HG} "${@}"
}
_hg clone ${verbose} --noupdate "'${repo}'" "'${basename}'"
_hg archive ${verbose} --repository "'${basename}'" --type tgz \
--prefix "'${basename}'" --rev "'${cset}'" \
"'${output}'"