Bug#835498: checkbashisms treats 'command' incorrectly

2020-03-12 Thread jnqnfe 
control: severity -1 important

Debian policy v4.1.5 (July 2018) updated from SUSv3 to POSIX.1-2017
(aka SUSv4). This should presumably (without double checking the
specifics of this version) mean that the way is clear for checkbashisms
to be modified to accept `command -v` etc.

Please address this; the lack of support just impacted some work on
live-build with some work getting reverted due to not passing
checkbashisms, when it turns out that the commit was fine, but
checkbashisms is outdated.

thanks.

On Fri, 26 Aug 2016 12:38:19 +0100 "Adam D. Barratt" <
a...@adam-barratt.org.uk> wrote:
> Control: tags -1 + moreinfo
> 
> On 2016-08-26 11:47, Eero Vuojolahti wrote:
> > Secondly, there are no optional flags listed in the 2008/2013
version
> > of the 'command' specification. In the older (2004) standard, the
|-v|
> > and |-V| options were part of the 'user portability' subset, not
part
> > of the core.
> > 
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html
> 
> POSIX 2004 might be "older" but it is the version referenced by
Debian 
> Policy - as per 
> ;:
> 
> "Scripts may assume that /bin/sh implements the SUSv3 Shell Command 
> Language[90] plus the following additional features not mandated by 
> SUSv3
> [list that doesn't mention "command"]
> 
> If a shell script requires non-SUSv3 features from the shell
interpreter 
> other than those listed above, the appropriate shell must be
specified 
> in the first line of the script (e.g., #!/bin/bash) and the package
must 
> depend on the package providing the shell (unless the shell package
is 
> marked "Essential", as in the case of bash).
> [...]
> 90
> 
> Single UNIX Specification, version 3, which is also IEEE 1003.1-2004 
> (POSIX), and is available on the World Wide Web from The Open Group 
> after free registration.
> "
> 
> checkbashisms's handling of "command" appears to be in line with
that 
> Policy requirement.
> 
> Regards,
> 
> Adam
> 
>

Bug#835498: checkbashisms treats 'command' incorrectly

2020-03-12 Thread John Crawley 

On 2016-08-26 14:38, Adam D. Barratt wrote:
> On 2016-08-26 11:47, Eero Vuojolahti wrote:
>> Secondly, there are no optional flags listed in the 2008/2013 version
>> of the 'command' specification. In the older (2004) standard, the |-v|
>> and |-V| options were part of the 'user portability' subset, not part
>> of the core.
>> http://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html
>
> POSIX 2004 might be "older" but it is the version referenced by Debian
> Policy - as per
> :

Debian Policy (4.5.0.0):
https://www.debian.org/doc/debian-policy/ch-files.html#s-scripts
has now changed to follow POSIX.1-2017 (IEEE Std 1003.1-2017):
https://pubs.opengroup.org/onlinepubs/9699919799//utilities/command.html
Where "The command utility is moved from the User Portability Utilities  
option to the Base".


This makes checkbashisms' rejection of eg 'command -v' a false positive.

--
John

Bug#835498: checkbashisms treats 'command' incorrectly

2016-08-26 Thread Eero Vuojolahti 

Package: devscripts
Version: 2.16.7

contents of test.sh:
#!/bin/sh
command -v ls
command -V ls
command -p -v -a ls
command -p -a -v ls
command -pa ls
command -ap ls
command -p -a ls
command -pV -a ls
exit 0

Output from 'checkbashisms test.sh':
possible bashism in test.sh line 2 ('command' with option other than -p):
command -v ls
possible bashism in test.sh line 3 ('command' with option other than -p):
command -V ls


Firstly, the script didn't recognize invalid option -a, which appears on 
several lines.


Secondly, there are no optional flags listed in the 2008/2013 version of 
the 'command' specification. In the older (2004) standard, the |-v| and 
|-V| options were part of the 'user portability' subset, not part of the 
core. http://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html


Here's a diff that fixes the found issues.
diff -u devscripts/a/checkbashisms devscripts/b/checkbashisms
--- devscripts/a/checkbashisms2016-08-22 07:01:48.0 +0300
+++ devscripts/b/checkbashisms2016-08-26 13:04:44.385760367 +0300
@@ -644,7 +644,7 @@
 qr';;?&' =>  q<;;& and ;& special case operators>,
 $LEADIN . qr'jobs\s' =>  q,
 #$LEADIN . qr'jobs\s+-[^lp]\s' =>  q<'jobs' with option other than 
-l or -p>,
-$LEADIN . qr'command\s+-[^p]\s' =>  q<'command' with option other 
than -p>,
+$LEADIN . qr'command\s+(-[pvV]+\s+)*-[pvV]*[^pvV\s]+[pvV]*\s' =>  
q<'command' with option other than -p, -v or -V>,
 $LEADIN . qr'setvar\s' =>  q'foo="'"$bar"'"'>,
 $LEADIN . qr'trap\s+["\']?.*["\']?\s+.*(?:ERR|DEBUG|RETURN)' => 
q,
 $LEADIN . qr'(?:exit|return)\s+-\d' => q,


Output from the modified script:
checkbashisms test.sh
possible bashism in test.sh line 4 ('command' with option other than -p, 
-v or -V):

command -p -v -a ls
possible bashism in test.sh line 5 ('command' with option other than -p, 
-v or -V):

command -p -a -v ls
possible bashism in test.sh line 6 ('command' with option other than -p, 
-v or -V):

command -pa ls
possible bashism in test.sh line 7 ('command' with option other than -p, 
-v or -V):

command -ap ls
possible bashism in test.sh line 8 ('command' with option other than -p, 
-v or -V):

command -p -a ls
possible bashism in test.sh line 9 ('command' with option other than -p, 
-v or -V):

command -pV -a ls