[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug#530087: gettext: bashism in /bin/sh script (fwd)
From: |
Santiago Vila |
Subject: |
Bug#530087: gettext: bashism in /bin/sh script (fwd) |
Date: |
Fri, 24 Jul 2009 13:00:13 +0200 (CEST) |
Hello.
I've received this from the Debian bug system.
We have the goal of allowing /bin/sh to be dash by default, in which case,
the code shown does not get the extra randomness provided by $RANDOM,
so it would be considered as unsecure code.
I could simply patch the script to use tempfile, which is essential in
Debian, but a solution for everybody would be better.
For example, some sample scripts in the dialog package do this:
tempfile=`tempfile 2>/dev/null` || tempfile=/tmp/test$$
If autopoint and gettextize would do something like this, it would be great.
Thanks.
---------- Forwarded message ----------
From: Raphael Geissert <address@hidden>
To: address@hidden
Date: Sat, 23 May 2009 00:28:38 -0500
Subject: Bug#530087: gettext: bashism in /bin/sh script
Resent-Sender: address@hidden
Package: gettext
Severity: important
Version: 0.17-6
User: address@hidden
Usertags: goal-dash
Hello maintainer,
While performing an archive wide checkbashisms (from the 'devscripts' package)
check I've found your package containing a /bin/sh script making use
of a bashism.
checkbashisms' output:
> possible bashism in ./usr/bin/autopoint line 55 ($RANDOM):
> tmp=$TMPDIR/gt$$-$RANDOM
> possible bashism in ./usr/bin/gettextize line 55 ($RANDOM):
> tmp=$TMPDIR/gt$$-$RANDOM
Not using bash (or a Debian Policy conformant shell interpreter which doesn't
provide such an extra feature) as /bin/sh is likely to lead to errors or
unexpected behaviours.
Please be aware that although bash is currently the default /bin/sh there was
a release goal for Lenny to make dash the default /bin/sh[1], and has been
proposed for squeeze as well[2].
If you want more information about dash as /bin/sh, you can read:
http://lists.debian.org/debian-release/2008/01/msg00189.html
For more information supporting this goal please refer to Debian Policy,
section 10.4, at:
http://www.debian.org/doc/debian-policy/ch-files.html#s-scripts
Hints about how to fix bashisms:
Sometimes these bugs are already fixed in Ubuntu, look at the PTS.
If not already fixed you can read:
https://wiki.ubuntu.com/DashAsBinSh
If you still don't know how to fix the bashisms don't hesitate to reply to
this email, or tag the bug as 'help'.
[1]http://release.debian.org/lenny/goals.txt
[2]http://lists.debian.org/debian-release/2009/04/msg00133.html
Thank you,
Raphael Geissert
- Bug#530087: gettext: bashism in /bin/sh script (fwd),
Santiago Vila <=