Danek Duvall wrote:
> On Wed, Oct 24, 2007 at 07:04:29AM +0200, Roland Mainz wrote:
>
> > 3. Nit: Use "/usr/bin/ksh" (or "/usr/bin/ksh93"), not "/bin/ksh":
> > -- snip --
> > + MAKE=/usr/ccs/bin/make \
> > + /bin/ksh ./configure \
> > -- snip --
> > BTW: What about using /usr/bin/ksh93 in this case ?
>
> Actually, why call any shell explicitly -- does configure not have the #!
> magic?
As far as I can remeber our "squid" setup the standard "configure"
scripts assume as minimum level at least something based on the POSIX
shell spec, e.g. something like "ksh" or "bash" which understands things
like x="$(foo)" &co. (a quick look at the current "configure" in the
squid CVSWeb shows that they try to support a wild mixture of shells,
even zsh in ksh88 emulation mode... but I'm not sure whether this script
will do it's intended task if you let the old /sbin/sh run it. IMO it
may be better to use a newer shell (e.g. { ksh93, /usr/xpg4/bin/sh,
bash, ksh } (<-- in that order)) instead of trying it and then cleanup
after possible problems... IMO it's not worth the trouble...
> > Quotes missing, e.g. please change this to
> > [ ! -f "${CONF_FILE}" ] && exit $SMF_EXIT_ERR_CONFIG
>
> I'd really rather not see an overabundance of quotes where none are
> necessary. If there aren't any spaces and all values are non-null, there's
> no need. And in such a straightforward script, where that's easily
> checked, you really shouldn't need them at all.
I have to disagree _STRONGLY_. The problem with using 1) the original
bourne shell and then 2) no quotes is the major reason why most shell
scripts in Solaris are _insecure_ and can easily be cheated into doing
whatever a malicious user wants (e.g. using characters from ${IFS} or
some globbing tricks etc.). IMHO the strict rule should be: Use quotes
or use [[ ]] instead of [ ] (which only exists for ksh93, ksh88, bash
and /usr/xpg4/bin/sh and still doesn't close all "holes" prevented if
someone uses quotes (see David Korn's recommendations for setid scripts
or http://www.opensolaris.org/os/project/shell/shellstyle/ (which is
mainly based on David's recommendations))). And IMO these rule should
apply for all scripts run as "root" (which applies more or less to all
SMF scripts).
> > - Who or what defines "_install" (I'm not happy about the leading "_" in
> > front of the same... usually it indicates something (bery) "private" and
> > I'm not sure whether it applies in this case...) ?
>
> That's install.subr, which is sourced. It's baked, but feel free to rework
> it (and all the gate scripts which use it) if you want to spend the time.
Where can I find that script (URL) ?
> > > + cd errors
> > > + for i in `ls -p | grep '\/$'|sed 's/\/$//'`
> >
> > Somehow I wish you would use /usr/bin/ksh93 for this (e.g. neither "ls"
> > or "sed" would be neccesary in this case) ... ;-(
>
> Roland, admit it: you wish everyone would use ksh93 for everything. :)
No... I just wish that the matching/proper tools are used for the
matching job. IMO there is no need to start hunting smal birds with an
Abrams tank, e.g. doing one-line search&&replace jobs using "perl" when
less heavywheight tools are available or (as in this case) using a
"grep" pipeline for filtering a amount of data which is significantly
below the size of the "grep" utilty itself, e.g. when the
|fork()|+|exec()|-overhead significantly outwheights the amount of data
processed (and don't use the bourne shell if you expect to handle
multibyte characters or if the script is somehow performace sensitive
etc.).
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 7950090
(;O/ \/ \O;)
