* Javi Merino <cibervi...@gmail.com> [20100511 10:48]: > Hi, I think the attached patch fixes the bashism by creating a function > that returns a random number instead of relying on the $RANDOM magic > variable. > > I'll try to get it accepted upstream.
I'm not sure if something based on /dev/urandom will be accepted upstream as /dev/urandom is not available everywhere. > On 11/05/10 07:42, Raphael Geissert wrote: > > While performing an archive wide checkbashisms (from the 'devscripts' > > package) > > check I've found your package containing a /bin/sh script making use > > of a bashism. > > > > checkbashisms' output: > >> possible bashism in ./usr/share/doc/mercurial-common/examples/hgeditor line > >> 30 ($RANDOM): > >> HGTMP="${TMPDIR-/tmp}/hgeditor.$RANDOM.$RANDOM.$RANDOM.$$" This is only a half-bashism, on shells without special support for $RANDOM the variable simply evaluates to the empty string. This is just "hgeditor....$$", so it is easier to create name collisions, but still no security risk as the script simply aborts in this case. I guess the ideal solution would be to rewrite hgeditor in python, but if you can replace the creation of the temporary directory with a simple call to python -c "something" it would be enough to solve your current problem. Regards, Thomas Arendsen Hein -- tho...@intevation.de - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A Intevation GmbH, Neuer Graben 17, 49074 Osnabrueck - AG Osnabrueck, HR B 18998 Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
pgpiE4stKZR3K.pgp
Description: PGP signature