From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) by sourceware.org (Postfix) with ESMTPS id A271F3870858 for ; Sun, 17 May 2020 17:55:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A271F3870858 Received: by mail-wm1-x331.google.com with SMTP id f134so7054841wmf.1 for ; Sun, 17 May 2020 10:55:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=RhePmrl9iwapiOJ0nWJN9vQZZMZ/VdgyQC3ccI1m0A4=; b=rRP19o15kRhEw+CE37xMhrQVoprWvesMa/oMmTYByabjRJ1l/GoEiG25783OsJMLcI xJB+Pgxg3t3Uy4y4vHd4bb38ZiJQlgTrUVHsWKncNSgqDHK+8zy1KjbXOCj9r0TQPbSM fcY/MBZ0hV+1Xbv6oQZqg+YshDRvb8LoSqOvLIwKgbkucBkrbsx80wJr6gM80/eLrdnX 7ARM+qXRhkSodcgqHHZ+jxz9mBTamziAWCTxPkvUIMnxPVduihZEfjeUXEng5fIbO+ET GFTyCJ4uT6QAR4vLoKN0hpTlo/+yG8E4ZSbeL9s+/JEJX4mda16cdNHfoUKRJPpq9NLq wtUA== X-Gm-Message-State: AOAM531/QW11opKKvtGljBBC2LCTUoaiaNVjqbwAc7HXAJvSaFWIB0bU kJv4hMmcGNUOq2VT6mXDiOJgNQ6k X-Google-Smtp-Source: ABdhPJz+Mzo90id49NRAy2aMEx9+33WFqGXbY9mSrK3PdmfaXWFiMACc5ToG0D6LecYckszQ/HcSIA== X-Received: by 2002:a7b:c253:: with SMTP id b19mr15439328wmj.110.1589738119349; Sun, 17 May 2020 10:55:19 -0700 (PDT) Received: from ?IPv6:2a02:8109:9f40:4576::6912? ([2a02:8109:9f40:4576::6912]) by smtp.gmail.com with ESMTPSA id r9sm2287806wra.52.2020.05.17.10.55.17 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 17 May 2020 10:55:18 -0700 (PDT) Subject: Re: cygport development To: cygwin-apps@cygwin.com References: <3501279f-70c8-042c-2e60-2cd315277ae9@SystematicSw.ab.ca> <97e449ba-2c23-a110-ce95-850394b398cf@gmail.com> <871rvgwqbc.fsf@Rainer.invalid> <0d57d59b-638f-47ae-bdd0-eefda2e63f0c@gmail.com> <7ac8dfe8-b7ae-8d4d-03aa-a8fbd95a00ef@gmail.com> <1e2bd9cc5346a540b1a355847af57476f6ccedab.camel@cygwin.com> From: Federico Kircheis Message-ID: Date: Sun, 17 May 2020 19:54:56 +0200 MIME-Version: 1.0 In-Reply-To: <1e2bd9cc5346a540b1a355847af57476f6ccedab.camel@cygwin.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin-apps@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin package maintainer discussion list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2020 17:55:21 -0000 Thank you for the feedback. > This patch is clearly not limited to the protection of data, as it > quotes variables that could in no way contain a space or have anything > to do with file paths. Could you please point me to which variables are unrelated to files. AFAIK i quoted files and arguments, which can all contain whitespace. For example I did quote ${unpack_file_path}, but not ${unpack_cmd}. > As mentioned multiple times, using filenames > ore directories with spaces is asking for trouble, and I have no > interest in trying to support such a case. The first commit makes sure that no information is lost while processing file with spaces or other characters that cause globbing. This prevents writing or modifying the wrong files, which is what happened to me. The second commit add exit in case `cd` fails, which prevents other errors afterwards. Those modification do not add support for path with whitespace, as I was still unable to compile the software, they did however prevent cygport to delete unrelated data (or create data in the wrong location). > I'm willing to consider a > *limited* patch that makes sure that cygport doesn't do something it > shouldn't in that case, but that's about it. Also because if the underlying tool like `make` does not support spaces, it has no benefit. The most minimal patch I can imagine is exiting if `cd` fails (just the second commit). Would you accept that? But please also consider my other arguments. > Yaakov PS: A "nice" side-effect to quoting most variables that could contain white space is that static-analyzers like shellcheck will emit less diagnostic, making it easier to discover potential errors.