Re: [Sugar-devel] Quoting in shell scripts (was: Re: [sugar-devel] Recent fiddlings with Print Support)
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On Sat, May 16, 2009 at 06:20:56PM +0530, Vamsi Krishna Davuluri wrote: Hello! I finally figured what was going wrong with my script. Jonas, I have tried implementing your suggestions. using mktemp, X, and also a -m 077. The code doesnt work for some reason that way. lpr gets me a failed job. Try piece by piece to locate which part does not work in your environment. Or try invoking the script with bash -x to enable debugging. [va...@localhost Desktop]$ $(set -e abiword [...] I believe the synax is this: [va...@localhost Desktop]$ $(set -e; abiword [...] And if I didn't mention it clearly enough before, I try do it now: I strongly recommends to completely avoid subshells (those `` and $() and () constructs) as they are more complex to do right! The lp user of lp group ( cups script executor) messes up with permissions when executing commands in a subshell, that's really messed up. my rationale is, in a subshell the lp user has no longer domain. Also, CUPS doesnt write to our /tmp folder, instead has its own folder defined somewhere. No surprise. Please read above. Read twice if needed ;-) - Jonas - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEAREDAAYFAkoQKNQACgkQn7DbMsAkQLhpMwCfR7iWoQ41oXptjU0I/GnDJl10 awEAn3U0W9vvbpC4m8GgKYCXJVTgMjtR =w35a -END PGP SIGNATURE- ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Quoting in shell scripts (was: Re: [sugar-devel] Recent fiddlings with Print Support)
Hello! I finally figured what was going wrong with my script.
Jonas, I have tried implementing your suggestions. using mktemp, X, and
also a -m 077. The code doesnt work for some reason that way. lpr gets me a
failed job. Also that code is basically ported from this guide,
http://www.ibm.com/developerworks/linux/library/l-dvi-filter.html
Jonas, Silbe, notice this
[va...@localhost Desktop]$ $(abiword --to=ps /home/Vamsi/lololo.odt); if [
$? -ne 0 ]; then echo 'hello'; else echo 'what'; fi
hello
[va...@localhost Desktop]$ $(abiword --to=doc /home/Vamsi/lololo.odt); if [
$? -ne 0 ]; then echo 'hello'; else echo 'what'; fi
what
[va...@localhost Desktop]$ $(set -e abiword --to=doc
/home/Vamsi/lololo.odt); if [ $? -ne 0 ]; then echo 'hello'; else echo
'what'; fi
what
[va...@localhost Desktop]$ $(set -e abiword --to=ps /home/Vamsi/lololo.odt);
if [ $? -ne 0 ]; then echo 'hello'; else echo 'what'; fi
what
[va...@localhost Desktop]$ $(abiword --to=ps /home/Vamsi/lololo.odt); if [
$? -ne 0 ]; then echo 'hello'; else echo 'what'; fi
hello
[va...@localhost Desktop]$ $(abiword --to=ps /home/Vamsi/lololo.odt); if [
$? -ne 0 ]; then echo 'hello'; else echo 'what'; fi
hello
Set -e basically yields me the same case, that is even on an error it
returns me a 0. But without set -e , it works great.
Moving on,
Its like this,
The lp user of lp group ( cups script executor) messes up with permissions
when executing commands in a subshell, that's really messed up. my rationale
is, in a subshell the lp user has no longer domain. Also, CUPS doesnt write
to our /tmp folder, instead has its own folder defined somewhere.
So what I made is,
sandbox1=${TMPDIR1:-/tmp}/tempcups.
(umask 077 mkdir $sandbox1) || exit 1
I made another temp folder for the subshells to execute their commands
And, andres, it initially does try to convert to doc.
The algorithm is pretty much like this,
1) We try to write to some new path besides the same folder, if it works, we
are running 2.6.6 and plus, if not we are on 2.6.6--
- We cannot check for ~somepath.ps here as 2.6.8 doesnt have that
capability, so that would be inviting a hole as we would be skipping for
2.6.8 as well!
# $fn happens to be supplied variable
$(abiword --to=$sandbox1/temp123.doc $fn)
# if this doesnt work, do the following, as 2.6.6- could only do operations
in the same folder,
# we are copying ;)
if [ $? -ne 0 ];
then
#our dummy file
fn1=$sandbox/temp123.odt
cp $fn $fn1
# Call abiword quietly, securely
abiword --to=ps `echo $fn1 | sed -e 's/odt$/doc/' `
fn2=`echo $fn1 | sed -e 's/odt$/ps/' `
2) Now we enter the case what if we are in fact on 2.6.6+, well now come two
paths again, 1) are we 2.6.8, or 2) anything other than 2.6.8
(again 2.6.8 cant write to ps directly, we need an intermediate doc
conversion for this effect)
# Call abiword quietly, securely
#check if our version doesn't require an intermediate conversion, if it
does, do it
$(abiword --to=$sandbox1/temp123.ps $fn)
if [ $? -ne 0 ];
then
abiword --to=$sandbox/temp123.doc $fn
abiword --to=$sandbox/temp123.ps $sandbox/temp123.doc
else
#abiword --to=$sandbox/temp123.ps $fn
fn2=$sandbox1/temp123.ps
Andres, script works great for ALLL cases :D
#!/bin/bash
# CUPS filter to process ODT files using abiword
# $6 happens to be the path to file passed as argument for debugging
purposes i am use $1
fn=$6
#for our subshell convenience
sandbox1=${TMPDIR1:-/tmp}/tempcups.
(umask 077 mkdir $sandbox1) || exit 1
# we are creating a dummy folder, which can take different file types.
sandbox=${TMPDIR:-/tmp}/t6cups-odftops.
(umask 077 mkdir $sandbox) || exit 1
#The condition which checks whether our abiword is 2.6.6+ or 2.6.6-
$(abiword --to=$sandbox1/temp123.doc $fn)
if [ $? -ne 0 ];
then
#our dummy file
fn1=$sandbox/temp123.odt
cp $fn $fn1
# Call abiword quietly, securely
abiword --to=ps `echo $fn1 | sed -e 's/odt$/doc/' `
fn2=`echo $fn1 | sed -e 's/odt$/ps/' `
else
# Call abiword quietly, securely
#check if our version doesn't require an intermediate conversion, if it
does, do it
$(abiword --to=$sandbox1/temp123.ps $fn)
if [ $? -ne 0 ];
then
abiword --to=$sandbox/temp123.doc $fn
abiword --to=$sandbox/temp123.ps $sandbox/temp123.doc
else
#abiword --to=$sandbox/temp123.ps $fn
fn2=$sandbox1/temp123.ps
fi
fi
cat $fn2
#remove the sandbox folder, for debugging purposes check by commenting the
following line and see what is in the /tmp/ folder
#rm -rf $sandbox
#rm -rf $sandbox1
___
Sugar-devel mailing list
Sugar-devel@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Quoting in shell scripts (was: Re: [sugar-devel] Recent fiddlings with Print Support)
On Wednesday 13 May 2009 08:03:22 am Vamsi Krishna Davuluri wrote:
Thanks. I have taken into account your suggestions and made another
script.
Thank you all for helping out! Here are a few other comments:
#!/bin/bash -e
# CUPS filter to process ODT files using abiword
# $6 happens to be the path to file passed as argument
fn=$6
#in case its not defined
TMPDIR=/tmp
See Jona's comments
# we are creating a dummy folder, which can take different file types
using
mkdir, change to =/tmp/cups-odftops
sandbox=${TMPDIR-/tmp}/cups-odftops.
(umask 077 mkdir $sandbox) || exit 1
#our two dummy files
fn1=$sandbox/temp123.odt
cp $fn $fn1
Do you need to cp? Can't you symlink? Copying potentially large files is a
problem.
# Call abiword quietly, securely
abiword --to=ps $fn1
fn2=`echo $fn1 | sed -e 's/odt/ps/' `
fn2=`echo $fn1 | sed 's/\.odt$/\.ps/'`
#check if our version doesn't require an intermediate conversion, if it
does, do it, else break;
if [ -n `grep -q %!PS-Adobe-3.0 $fn2 ` ];then
grep -q is always silent, and [ -n ] tests for string length nonzero, so this
will always fail.
I guess you're trying to see if the conversion failed (does not contain
%!PS-Adobe-3.0 ), so you should need:
if [ -z `grep %!PS-Adobe-3.0 $fn2` ]; then
abiword --to=doc $fn1
abiword --to=ps `echo $fn1 | sed -e 's/odt/doc/' `
fi
Again, watch out for that sed.
--
Andrés
___
Sugar-devel mailing list
Sugar-devel@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/sugar-devel
[Sugar-devel] Quoting in shell scripts (was: Re: [sugar-devel] Recent fiddlings with Print Support)
On Wed, May 13, 2009 at 01:03:26PM +0530, Vamsi Krishna Davuluri wrote:
Okay, so here's the latest dope.
I hope you don't mind me pointing out a few oversights in your script
publically. The main reason is that I want to remember others (e.g. GSoC
students) to be careful about quoting - a topic that unfortunately
doesn't seem to get as much attention in university courses as it
deserves.
sandbox=${TMPDIR-/tmp}/cups-odftops.$$
(umask 077 mkdir $sandbox) || exit 1
TMPDIR and thus later sandbox may contain any character, so you need to
quote them.
BTW: I usually issue set -e in front of any script and explicitly
handle the cases where I know that some command may fail and I _do_ want
to continue, BTW. Doing it the other way round increases the likelyhood
of forgetting to check for an error and thus making the real error hard
to find.
fn2=`echo $fn1 | sed -e 's/odt/ps/' `
This invocation is the reason for this mail: You should (*) quote both
fn1 and the result of the calculation. This would give:
fn2=`echo \$fn1\ | sed -e 's/odt/ps/' `
As you see, it's a bit awkward. That's why I recommend using $(...)
instead of `...`:
fn2=$(echo $fn1 | sed -e 's/odt/ps/')
The given sed invocation will replace the _first_ occurence of odt
(e.g. Godtfred Kirk Christiansen.odt - Gpsfred Kirk
Christiansen.odt) , BTW. You should append $ after odt to make it
match just the end of the string.
if cat $fn2 | grep -q %!PS-Adobe-3.0
Useless use of cat: you can use shell redirection instead:
if grep -q %!PS-Adobe-3.0 $fn2
break;
Hmm, I don't see any loop that could be aborted. Do you mean exit 0
instead?
(*) For this particular occurence, it isn't strictly necessary to fn1,
as it is passed to echo which will behave the same either way. This
isn't true for most other commands, so it's useful to develop a habit of
always quoting arguments if they may contain arbitrary / unknown /
user-specified data.
CU Sascha
--
http://sascha.silbe.org/
http://www.infra-silbe.de/
signature.asc
Description: Digital signature
___
Sugar-devel mailing list
Sugar-devel@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Quoting in shell scripts (was: Re: [sugar-devel] Recent fiddlings with Print Support)
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
On Wed, May 13, 2009 at 10:25:36AM +0200, Sascha Silbe wrote:
On Wed, May 13, 2009 at 01:03:26PM +0530, Vamsi Krishna Davuluri
wrote:
Okay, so here's the latest dope.
I hope you don't mind me pointing out a few oversights in your script
publically. The main reason is that I want to remember others (e.g.
GSoC students) to be careful about quoting - a topic that
unfortunately doesn't seem to get as much attention in university
courses as it deserves.
sandbox=${TMPDIR-/tmp}/cups-odftops.$$
(umask 077 mkdir $sandbox) || exit 1
TMPDIR and thus later sandbox may contain any character, so you need
to quote them.
While we are at it, I believe it is safer and more elegant to use mktemp
than $$ (which in theory can be captured by evil-doers using simple ps
on a very slow system). Also, I usually avoid subshells to not risk
hiding failures (you need to do set -e inside each subshell).
Here's my suggested variant of above:
sandbox=$(mktemp -t cups-odftops.XX)
mkdir -m 077 $sandbox || exit 1
Enjoy :-)
- Jonas
- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEAREDAAYFAkoKmIEACgkQn7DbMsAkQLi6VQCeIsalYM8qNJApqtDA6MHuszjV
A5sAoIGEd4avfdoYB/syXpwg7l2vdI4/
=iMab
-END PGP SIGNATURE-
___
Sugar-devel mailing list
Sugar-devel@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Quoting in shell scripts (was: Re: [sugar-devel] Recent fiddlings with Print Support)
Thanks. I have taken into account your suggestions and made another script.
This had been not a competition to beautify or verify the rigidity of the
script, rather to see if opensuse accepted it. Which it still doesnt
Something to do with lp user file create permissions.
Though the script works fine on ubuntu and fedora.
And also, this is my first shell script
#!/bin/bash -e
# CUPS filter to process ODT files using abiword
# $6 happens to be the path to file passed as argument
fn=$6
#in case its not defined
TMPDIR=/tmp
# we are creating a dummy folder, which can take different file types using
mkdir, change to =/tmp/cups-odftops
sandbox=${TMPDIR-/tmp}/cups-odftops.
(umask 077 mkdir $sandbox) || exit 1
#our two dummy files
fn1=$sandbox/temp123.odt
cp $fn $fn1
# Call abiword quietly, securely
abiword --to=ps $fn1
fn2=`echo $fn1 | sed -e 's/odt/ps/' `
#check if our version doesn't require an intermediate conversion, if it
does, do it, else break;
if [ -n `grep -q %!PS-Adobe-3.0 $fn2 ` ];then
abiword --to=doc $fn1
abiword --to=ps `echo $fn1 | sed -e 's/odt/doc/' `
fi
cat $fn2
#remove the sandbox folder, for debugging purposes check by commenting the
following line and see what is in the /tmp/ folder
#rm -rf $sandbox
#NOTES: CURSE me for not realizing that these scripts cant write to anyplace
other than tmp dirs, and wasting about 20 hrs doing all sorts of
combinations of selinux tweaking, writing sample scripts (which magically
did the job) and CHMODing
odftops2
Description: Binary data
___
Sugar-devel mailing list
Sugar-devel@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] Quoting in shell scripts (was: Re: [sugar-devel] Recent fiddlings with Print Support)
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
On Wed, May 13, 2009 at 04:33:22PM +0530, Vamsi Krishna Davuluri wrote:
#in case its not defined
TMPDIR=/tmp
Above means that you override if it was defined. Use this instead:
TMPDIR=${TMPDIR:-/tmp}
Or use mktemp which has same fallback (and more!) internally.
# we are creating a dummy folder, which can take different file types using
mkdir, change to =/tmp/cups-odftops
It is common practice to keep lines maximum 72 characters long, to avoid
them wrapping in e.g. emails.
sandbox=${TMPDIR-/tmp}/cups-odftops.
There is absolutely no improved security in 4x$. $$ resolves to the
current process id, which (on most systems?) is not random but
aequential so relatively easy to guess by evil-doers. simply means
use the same process id twice.
My recommendation was to use mktemp with a _skeleton_ value that
includes , which means add a random number that is 4 characters
long.
(umask 077 mkdir $sandbox) || exit 1
If a system for some reason fails to set umask, above command silently
continues!
Kind regards,
- Jonas
- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEAREDAAYFAkoK4SsACgkQn7DbMsAkQLgpAACfSuqCDsFQmFwCPYTjKVSyKRKR
rLUAnA2/5HuoN3VnXc2+3/iaznf8dHgG
=cqf9
-END PGP SIGNATURE-
___
Sugar-devel mailing list
Sugar-devel@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/sugar-devel
