Bug#530087: gettext: bashism in /bin/sh script (fwd)

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#530087: gettext: bashism in /bin/sh script (fwd)

From:	Santiago Vila
Subject:	Bug#530087: gettext: bashism in /bin/sh script (fwd)
Date:	Fri, 24 Jul 2009 13:00:13 +0200 (CEST)

Hello.

I've received this from the Debian bug system.

We have the goal of allowing /bin/sh to be dash by default, in which case,
the code shown does not get the extra randomness provided by $RANDOM,
so it would be considered as unsecure code.

I could simply patch the script to use tempfile, which is essential in
Debian, but a solution for everybody would be better.

For example, some sample scripts in the dialog package do this:

tempfile=`tempfile 2>/dev/null` || tempfile=/tmp/test$$

If autopoint and gettextize would do something like this, it would be great.

Thanks.

---------- Forwarded message ----------
From: Raphael Geissert <address@hidden>
To: address@hidden
Date: Sat, 23 May 2009 00:28:38 -0500
Subject: Bug#530087: gettext: bashism in /bin/sh script
Resent-Sender: address@hidden

Package: gettext
Severity: important
Version: 0.17-6
User: address@hidden
Usertags: goal-dash

Hello maintainer,

While performing an archive wide checkbashisms (from the 'devscripts' package)
check I've found your package containing a /bin/sh script making use
of a bashism.

checkbashisms' output:
> possible bashism in ./usr/bin/autopoint line 55 ($RANDOM):
>     tmp=$TMPDIR/gt$$-$RANDOM
> possible bashism in ./usr/bin/gettextize line 55 ($RANDOM):
>     tmp=$TMPDIR/gt$$-$RANDOM


Not using bash (or a Debian Policy conformant shell interpreter which doesn't
provide such an extra feature) as /bin/sh is likely to lead to errors or
unexpected behaviours.
Please be aware that although bash is currently the default /bin/sh there was
a release goal for Lenny to make dash the default /bin/sh[1], and has been
proposed for squeeze as well[2].

If you want more information about dash as /bin/sh, you can read:
http://lists.debian.org/debian-release/2008/01/msg00189.html

For more information supporting this goal please refer to Debian Policy,
section 10.4, at:
http://www.debian.org/doc/debian-policy/ch-files.html#s-scripts

Hints about how to fix bashisms:
Sometimes these bugs are already fixed in Ubuntu, look at the PTS.
If not already fixed you can read:
https://wiki.ubuntu.com/DashAsBinSh

If you still don't know how to fix the bashisms don't hesitate to reply to
this email, or tag the bug as 'help'.

[1]http://release.debian.org/lenny/goals.txt
[2]http://lists.debian.org/debian-release/2009/04/msg00133.html

Thank you,
Raphael Geissert

[Prev in Thread]

Current Thread

[Next in Thread]

Bug#530087: gettext: bashism in /bin/sh script (fwd), Santiago Vila <=
- Re: Bug#530087: gettext: bashism in /bin/sh script (fwd), Eric Blake, 2009/07/24
- Re: Bug#530087: gettext: bashism in /bin/sh script (fwd), Bob Proulx, 2009/07/26

Prev by Date: Gawk 3.1.7 now available
Next by Date: Re: Bug#530087: gettext: bashism in /bin/sh script (fwd)
Previous by thread: Gawk 3.1.7 now available
Next by thread: Re: Bug#530087: gettext: bashism in /bin/sh script (fwd)
Index(es):
- Date
- Thread