Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-30 Thread Denys Vlasenko 
On Tue, Jan 30, 2018 at 4:31 AM, Mike Frysinger  wrote:
> On 30 Jan 2018 04:00, Denys Vlasenko wrote:
>> On Mon, Jan 29, 2018 at 7:50 PM, Mike Frysinger wrote:
>> >> I still wonder how on Earth Android filesystem ended up not having 
>> >> /bin/sh.
>> >> No one at Google realized that people are using shell scripts
>> >> all over the Unix universe? Or they seriously did not want people
>> >> to run non-Android specific stuff on Android, and *wanted*
>> >> non-android-tailored shell scripts to fail to execute?
>> >
>> > i think it's more like you shouldn't be running shell the vast majority of
>> > the time. systemd showed the numbers to back this up.
>>
>> We should remove all shell scripts from e.g. kernel, gcc and busybox
>> build machinery. Because systemd. Right.
>
> i don't know what point you're trying to make, but drop the useless
> hyperbole.  you asked about runtime Android, not about random dev
> packages.

No, I did not ask about "runtime Android", whatever that means.
Android is a Unix system, not a custom phone OS like it was the case in first
generations of phones. It can be used as a general-purpose OS:
it is possible to run anything Unixy in it. I personally
wanted to build busybox. I run compilers, editors, git and such.
It's possible.

Or rather, it is possible to run anything Unixy in it
_after_ you root it and fix the stupid decisions by Android devs
who crippled it with incompatible file system layout for no apparent
reason.
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-30 Thread Bernd Petrovitsch 
On Mon, 2018-01-29 at 09:16 +0800, Kang-Che Sung wrote:
> On Mon, Jan 29, 2018 at 2:51 AM, Bernd Petrovitsch
>  wrote:
> > On Fri, 2018-01-26 at 15:15 +0100, Denys Vlasenko wrote:
> > > On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto  wrote:
> > 
> > [...]
> > > > According to the BASH documentation, the source command should:
> > > > Read and execute commands from filename  in  the  current  shell 
> > > > environment
> > > > and return the exit status of the last command executed from filename.  
> > > > If
> > > > filename does not contain a slash, filenames  in  PATH  are used to 
> > > > find the
> > > > directory containing filename.  The file searched for in PATH  need  
> > > > not  be
> > > > executable. When  bash  is  not  in  posix  mode,  the  current 
> > > > directory is
> > > > searched if no file is found in PATH.
> > > 
> > > I wish bash wouldn't introduce gratuitous standard violations.
> > 
> > I see such begaviour more as a security problem - there are good
> > reasons not using "." automagically in $PATH (like DOS did .).
> 
> The problem with DOS/Windows is that they prioritize "." (working directory)
> over PATH when searching commands, which can cause security problems.
> Bash actually considers "." last, which is less of the security threat (unless
> you're setting a shell environment when user doesn't even have permission to
> adjust $PATH).
> 
> For reference, here is the rationale in POSIX:
> 
> http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#dot
> 
> "Some older implementations searched the current directory for the [file],
> even if the value of [PATH] disallowed it. This behavior was omitted from this
> volume of POSIX.1-2008 due to concerns about introducing the susceptibility to
> trojan horses that the user might be trying to avoid by leaving _dot_ out of
> [PATH]."

And good so that the implicit '.' is gone.
People can add "." to $PATH anyways if they want.

And it may be less risky, if the implicit "." is at the end of $PATH
instead of the front, but (at least;-) I mistype commands often enough
and the list of aliases/shell functions a la "alias gerp=grep" keeps
growing - apparently not only for a better user interface.

Kind regards,
Bernd
-- 
Bernd Petrovitsch  Email : be...@petrovitsch.priv.at
 LUGA : http://www.luga.at
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Mike Frysinger 
On 30 Jan 2018 04:00, Denys Vlasenko wrote:
> On Mon, Jan 29, 2018 at 7:50 PM, Mike Frysinger wrote:
> >> I still wonder how on Earth Android filesystem ended up not having /bin/sh.
> >> No one at Google realized that people are using shell scripts
> >> all over the Unix universe? Or they seriously did not want people
> >> to run non-Android specific stuff on Android, and *wanted*
> >> non-android-tailored shell scripts to fail to execute?
> >
> > i think it's more like you shouldn't be running shell the vast majority of
> > the time. systemd showed the numbers to back this up.
> 
> We should remove all shell scripts from e.g. kernel, gcc and busybox
> build machinery. Because systemd. Right.

i don't know what point you're trying to make, but drop the useless
hyperbole.  you asked about runtime Android, not about random dev
packages.  plus i was referring to hard general data (replacing
shell scripts with compiled programs is proven benefit to boot time),
not advocating for systemd.
-mike


signature.asc
Description: Digital signature
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Denys Vlasenko 
On Mon, Jan 29, 2018 at 7:50 PM, Mike Frysinger  wrote:
>> I still wonder how on Earth Android filesystem ended up not having /bin/sh.
>> No one at Google realized that people are using shell scripts
>> all over the Unix universe? Or they seriously did not want people
>> to run non-Android specific stuff on Android, and *wanted*
>> non-android-tailored shell scripts to fail to execute?
>
> i think it's more like you shouldn't be running shell the vast majority of
> the time. systemd showed the numbers to back this up.

We should remove all shell scripts from e.g. kernel, gcc and busybox
build machinery. Because systemd. Right.
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Mike Frysinger 
On 29 Jan 2018 18:52, Denys Vlasenko wrote:
> On Mon, Jan 29, 2018 at 5:55 PM, Mike Frysinger  wrote:
> >> >> >> I wish bash wouldn't introduce gratuitous standard violations.
> >> >> >
> >> >> > bash is its own shell.  why can't it introduce its own extensions as 
> >> >> > it sees
> >> >> > fit ?
> >> >>
> >> >> Because a divergence is not a good thing, especially if it's gratuitous
> >> >
> >> > this position makes no sense.  are you saying that no shell should be 
> >> > allowed
> >> > to extend the syntax however it wants ?  every shell out there should 
> >> > only be
> >> > allowed to implement POSIX and nothing else ?
> >>
> >> The extensions which add some significantly useful functionality are ok.
> >> Example: arrays.
> >>
> >> Changes which don't really add such functionality do more harm than good.
> >> Example: "function" keyword in bash made it possible to do this:
> >
> > in general, i think you're applying 20/20 hindsight to things.  it's easy to
> > say something is a bad idea years after the fact with experience in hand.
> 
> The general observation that "compatibility is a good thing
> and should not be broken just for the fun of it" is very old.
> It's _good_ when you move your stuff from system to system,
> from distro to distro, from one OS to another and things not break.
> Or at least break not too severely.

again, 20/20 hindsight.  you're applying this to a time when there was no
real thing as compatibility: compatible with who ?  this other random project
that just started a year or two ago ?  why are they better ?  there were no
distros to move between, and every system was custom built.  it's why POSIX
is such a mess of permission "implementation defined" cases as it tried to
bring some level of sanity to different systems.

> Unfortunately, every new generation of comp-sci students
> needs to learn it the hard way: by breaking it and then feeling the pain.

or they come out with something so much better that people move away from
the previous thing entirely and it dies.

> I still wonder how on Earth Android filesystem ended up not having /bin/sh.
> No one at Google realized that people are using shell scripts
> all over the Unix universe? Or they seriously did not want people
> to run non-Android specific stuff on Android, and *wanted*
> non-android-tailored shell scripts to fail to execute?

i think it's more like you shouldn't be running shell the vast majority of
the time.  systemd showed the numbers to back this up.  so on a resource
constrained system (like Android phones, especially the first ones from over
a decade ago), no shell is better as it forces people to use a constrained
language.  in this case, the init "exec" stuff, or a compiled language like
C or C++.
https://android.googlesource.com/platform/system/core/+/master/init/README.md
-mike


signature.asc
Description: Digital signature
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Denys Vlasenko 
On Mon, Jan 29, 2018 at 5:55 PM, Mike Frysinger  wrote:
>> >> >> I wish bash wouldn't introduce gratuitous standard violations.
>> >> >
>> >> > bash is its own shell.  why can't it introduce its own extensions as it 
>> >> > sees
>> >> > fit ?
>> >>
>> >> Because a divergence is not a good thing, especially if it's gratuitous
>> >
>> > this position makes no sense.  are you saying that no shell should be 
>> > allowed
>> > to extend the syntax however it wants ?  every shell out there should only 
>> > be
>> > allowed to implement POSIX and nothing else ?
>>
>> The extensions which add some significantly useful functionality are ok.
>> Example: arrays.
>>
>> Changes which don't really add such functionality do more harm than good.
>> Example: "function" keyword in bash made it possible to do this:
>
> in general, i think you're applying 20/20 hindsight to things.  it's easy to
> say something is a bad idea years after the fact with experience in hand.

The general observation that "compatibility is a good thing
and should not be broken just for the fun of it" is very old.
It's _good_ when you move your stuff from system to system,
from distro to distro, from one OS to another and things not break.
Or at least break not too severely.

Unfortunately, every new generation of comp-sci students
needs to learn it the hard way: by breaking it and then feeling the pain.

I still wonder how on Earth Android filesystem ended up not having /bin/sh.
No one at Google realized that people are using shell scripts
all over the Unix universe? Or they seriously did not want people
to run non-Android specific stuff on Android, and *wanted*
non-android-tailored shell scripts to fail to execute?
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Mike Frysinger 
On 29 Jan 2018 08:42, Paul Otto wrote:
> On Sun, Jan 28, 2018 at 10:43 PM, Mike Frysinger wrote:
> > On 28 Jan 2018 19:17, Denys Vlasenko wrote:
> > > Making bash "source" behavior non-standard had nothing useful in it.
> >
> > "source" is already non-standard and not specified in POSIX.  so simply by
> > using it, your script is not POSIX compliant.
> 
> That is why, incidentally, I wrote my proposed contribution the way I did
> initially. In my view, while BASH treats "source" and "." the same, POSIX
> doesn't allow for "source" so why not have "source" hold to the BASH
> standard and "." hold to the POSIX standard? I definitely caved too quickly
> on that point, and wound up with my contribution being swallowed up into a
> patch that did the exact opposite of my intent.  ¯\_(ツ)_/¯

of course POSIX allows for "source".  it would be crazy to have it specify
"anything not explicitly permitted in this specification is banned".  it
does what it does everywhere else: everything not specified is "unspecified"
and thus implementations are free to do what they want.

although that is a generality.  in the specific case of "source", POSIX has
carved out that keyword as both reserved and unspecified:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_09_01_01

meaning that POSIX recognizes that some shells implement it in a semi-consistent
manner, but not enough (yet) to standardize it like it has with other builtins.
-mike


signature.asc
Description: Digital signature
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Mike Frysinger 
On 29 Jan 2018 14:41, Denys Vlasenko wrote:
> On Mon, Jan 29, 2018 at 6:43 AM, Mike Frysinger wrote:
> > On 28 Jan 2018 19:17, Denys Vlasenko wrote:
> >> On Fri, Jan 26, 2018 at 7:50 PM, Mike Frysinger wrote:
> >> > On 26 Jan 2018 15:15, Denys Vlasenko wrote:
> >> >> On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto wrote:
> >> >> > This patch restores, and improves upon, expected behavior to BASH
> >> >> > compatibility which was lost beginning with 1.27.0. This was pulled 
> >> >> > into
> >> >> > Alpine 3.7 which, in turn was pulled into official Docker images 
> >> >> > beginning
> >> >> > with docker:17.12. As a result, a large number of CICD builds that use
> >> >> > "source filename" have broken everywhere.
> >> >> >
> >> >> > According to the BASH documentation, the source command should:
> >> >> > Read and execute commands from filename  in  the  current  shell 
> >> >> > environment
> >> >> > and return the exit status of the last command executed from 
> >> >> > filename.  If
> >> >> > filename does not contain a slash, filenames  in  PATH  are used to 
> >> >> > find the
> >> >> > directory containing filename.  The file searched for in PATH  need  
> >> >> > not  be
> >> >> > executable. When  bash  is  not  in  posix  mode,  the  current 
> >> >> > directory is
> >> >> > searched if no file is found in PATH.
> >> >>
> >> >> I wish bash wouldn't introduce gratuitous standard violations.
> >> >
> >> > bash is its own shell.  why can't it introduce its own extensions as it 
> >> > sees
> >> > fit ?
> >>
> >> Because a divergence is not a good thing, especially if it's gratuitous
> >
> > this position makes no sense.  are you saying that no shell should be 
> > allowed
> > to extend the syntax however it wants ?  every shell out there should only 
> > be
> > allowed to implement POSIX and nothing else ?
> 
> The extensions which add some significantly useful functionality are ok.
> Example: arrays.
> 
> Changes which don't really add such functionality do more harm than good.
> Example: "function" keyword in bash made it possible to do this:

in general, i think you're applying 20/20 hindsight to things.  it's easy to
say something is a bad idea years after the fact with experience in hand.

also, i don't think the function keyword originated in bash.  the internet
suggests it originated in the korn shell and was picked up by other shells.

also, i know you know this, but POSIX isn't a spec that leads the real world.
it exists based on the corpus of existing implementations, including new
functions and features.  so unless people try out new things and get others
to adopt them, then POSIX isn't going to change either.  that includes trying
things that fail.

> f() { echo "Good"; }
> function g { echo "Your script is now not posix compatible,
> congratu-effing-lations"; }

some people like that extra syntatic sugar because it makes scanning code
and identifying functions easier (to their eyes).  i've met a few people
now who argue you should always keep the "function" keyword.
-mike


signature.asc
Description: Digital signature
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Paul Otto 
Thanks for the heads up, William! Great to hear!

Thanks,
Paul

On Jan 29, 2018 8:49 AM, "William Pitcock"  wrote:

> Hello,
>
> On Sat, Jan 27, 2018 at 3:05 PM, Paul Otto  wrote:
> > Thanks for taking care of this, Denys. It didn't wind up the way I'd
> hoped,
> > but at least it is predictable both ways now. I will see if there is a
> way
> > to get Alpine Linux to build with that config option set, to resolve the
> > regression introduced by busybox 1.27.
>
> This is done in 3.7 and edge as busybox-1.27.2-r8.  Relevant commit:
> https://git.alpinelinux.org/cgit/aports/commit/?id=
> fae8e63b4df5c1052fc79ed551d442263ddcb523
>
> William
>
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Emmanuel Deloget 
Hello,

On Mon, Jan 29, 2018 at 4:42 PM, Paul Otto  wrote:

>
>
>
>> > Making bash "source" behavior non-standard had nothing useful in it.
>>
>> "source" is already non-standard and not specified in POSIX.  so simply by
>> using it, your script is not POSIX compliant.
>
>
> That is why, incidentally, I wrote my proposed contribution the way I did
> initially. In my view, while BASH treats "source" and "." the same, POSIX
> doesn't allow for "source" so why not have "source" hold to the BASH
> standard and "." hold to the POSIX standard? I definitely caved too quickly
> on that point, and wound up with my contribution being swallowed up into a
> patch that did the exact opposite of my intent.  ¯\_(ツ)_/¯
>
>
​This is probably due to the fact that many (for instance, I) expect . and
source to behave the same way :) Having them behaving differently would
somewhat violate the principle of least surprise :)

BR,

-- Emmanuel Deloget​
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread William Pitcock 
Hello,

On Sat, Jan 27, 2018 at 3:05 PM, Paul Otto  wrote:
> Thanks for taking care of this, Denys. It didn't wind up the way I'd hoped,
> but at least it is predictable both ways now. I will see if there is a way
> to get Alpine Linux to build with that config option set, to resolve the
> regression introduced by busybox 1.27.

This is done in 3.7 and edge as busybox-1.27.2-r8.  Relevant commit:
https://git.alpinelinux.org/cgit/aports/commit/?id=fae8e63b4df5c1052fc79ed551d442263ddcb523

William
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Kang-Che Sung 
I really want to argue that there is a quite simple workaround to get the
bash 'source' behavior you need: Just append ":." to the PATH environment
variable before you run the "." command.

Or this:
source () {
PATH="$PATH:." . "$@"
}

Was there any difficulty of doing it?
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Paul Otto 
On Sun, Jan 28, 2018 at 10:43 PM, Mike Frysinger  wrote:

> On 28 Jan 2018 19:17, Denys Vlasenko wrote:
> > On Fri, Jan 26, 2018 at 7:50 PM, Mike Frysinger wrote:
> > > On 26 Jan 2018 15:15, Denys Vlasenko wrote:
> > >> On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto wrote:
> > >> > This patch restores, and improves upon, expected behavior to BASH
> > >> > compatibility which was lost beginning with 1.27.0. This was pulled
> into
> > >> > Alpine 3.7 which, in turn was pulled into official Docker images
> beginning
> > >> > with docker:17.12. As a result, a large number of CICD builds that
> use
> > >> > "source filename" have broken everywhere.
> > >> >
> > >> > According to the BASH documentation, the source command should:
> > >> > Read and execute commands from filename  in  the  current  shell
> environment
> > >> > and return the exit status of the last command executed from
> filename.  If
> > >> > filename does not contain a slash, filenames  in  PATH  are used to
> find the
> > >> > directory containing filename.  The file searched for in PATH
> need  not  be
> > >> > executable. When  bash  is  not  in  posix  mode,  the  current
> directory is
> > >> > searched if no file is found in PATH.
> > >>
> > >> I wish bash wouldn't introduce gratuitous standard violations.
> > >
> > > bash is its own shell.  why can't it introduce its own extensions as
> it sees
> > > fit ?
> >
> > Because a divergence is not a good thing, especially if it's gratuitous
>
> this position makes no sense.  are you saying that no shell should be
> allowed
> to extend the syntax however it wants ?  every shell out there should only
> be
> allowed to implement POSIX and nothing else ?
>
>
Based on my understanding of the history of these shells, BASH came up with
its syntax before the POSIX standard was ratified. So, while BASH came out
after sh, it came out *before* this "standard" was established that some
hold to so religiously.


> > Making bash "source" behavior non-standard had nothing useful in it.
>
> "source" is already non-standard and not specified in POSIX.  so simply by
> using it, your script is not POSIX compliant.


That is why, incidentally, I wrote my proposed contribution the way I did
initially. In my view, while BASH treats "source" and "." the same, POSIX
doesn't allow for "source" so why not have "source" hold to the BASH
standard and "." hold to the POSIX standard? I definitely caved too quickly
on that point, and wound up with my contribution being swallowed up into a
patch that did the exact opposite of my intent.  ¯\_(ツ)_/¯
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-29 Thread Denys Vlasenko 
On Mon, Jan 29, 2018 at 6:43 AM, Mike Frysinger  wrote:
> On 28 Jan 2018 19:17, Denys Vlasenko wrote:
>> On Fri, Jan 26, 2018 at 7:50 PM, Mike Frysinger wrote:
>> > On 26 Jan 2018 15:15, Denys Vlasenko wrote:
>> >> On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto wrote:
>> >> > This patch restores, and improves upon, expected behavior to BASH
>> >> > compatibility which was lost beginning with 1.27.0. This was pulled into
>> >> > Alpine 3.7 which, in turn was pulled into official Docker images 
>> >> > beginning
>> >> > with docker:17.12. As a result, a large number of CICD builds that use
>> >> > "source filename" have broken everywhere.
>> >> >
>> >> > According to the BASH documentation, the source command should:
>> >> > Read and execute commands from filename  in  the  current  shell 
>> >> > environment
>> >> > and return the exit status of the last command executed from filename.  
>> >> > If
>> >> > filename does not contain a slash, filenames  in  PATH  are used to 
>> >> > find the
>> >> > directory containing filename.  The file searched for in PATH  need  
>> >> > not  be
>> >> > executable. When  bash  is  not  in  posix  mode,  the  current 
>> >> > directory is
>> >> > searched if no file is found in PATH.
>> >>
>> >> I wish bash wouldn't introduce gratuitous standard violations.
>> >
>> > bash is its own shell.  why can't it introduce its own extensions as it 
>> > sees
>> > fit ?
>>
>> Because a divergence is not a good thing, especially if it's gratuitous
>
> this position makes no sense.  are you saying that no shell should be allowed
> to extend the syntax however it wants ?  every shell out there should only be
> allowed to implement POSIX and nothing else ?

The extensions which add some significantly useful functionality are ok.
Example: arrays.

Changes which don't really add such functionality do more harm than good.
Example: "function" keyword in bash made it possible to do this:

f() { echo "Good"; }
function g { echo "Your script is now not posix compatible,
congratu-effing-lations"; }
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-28 Thread Mike Frysinger 
On 28 Jan 2018 19:17, Denys Vlasenko wrote:
> On Fri, Jan 26, 2018 at 7:50 PM, Mike Frysinger wrote:
> > On 26 Jan 2018 15:15, Denys Vlasenko wrote:
> >> On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto wrote:
> >> > This patch restores, and improves upon, expected behavior to BASH
> >> > compatibility which was lost beginning with 1.27.0. This was pulled into
> >> > Alpine 3.7 which, in turn was pulled into official Docker images 
> >> > beginning
> >> > with docker:17.12. As a result, a large number of CICD builds that use
> >> > "source filename" have broken everywhere.
> >> >
> >> > According to the BASH documentation, the source command should:
> >> > Read and execute commands from filename  in  the  current  shell 
> >> > environment
> >> > and return the exit status of the last command executed from filename.  
> >> > If
> >> > filename does not contain a slash, filenames  in  PATH  are used to find 
> >> > the
> >> > directory containing filename.  The file searched for in PATH  need  not 
> >> >  be
> >> > executable. When  bash  is  not  in  posix  mode,  the  current 
> >> > directory is
> >> > searched if no file is found in PATH.
> >>
> >> I wish bash wouldn't introduce gratuitous standard violations.
> >
> > bash is its own shell.  why can't it introduce its own extensions as it sees
> > fit ?
> 
> Because a divergence is not a good thing, especially if it's gratuitous

this position makes no sense.  are you saying that no shell should be allowed
to extend the syntax however it wants ?  every shell out there should only be
allowed to implement POSIX and nothing else ?

> Making bash "source" behavior non-standard had nothing useful in it.

"source" is already non-standard and not specified in POSIX.  so simply by
using it, your script is not POSIX compliant.
-mike


signature.asc
Description: Digital signature
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-28 Thread Kang-Che Sung 
On Mon, Jan 29, 2018 at 2:51 AM, Bernd Petrovitsch
 wrote:
> On Fri, 2018-01-26 at 15:15 +0100, Denys Vlasenko wrote:
>> On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto  wrote:
> [...]
>> > According to the BASH documentation, the source command should:
>> > Read and execute commands from filename  in  the  current  shell 
>> > environment
>> > and return the exit status of the last command executed from filename.  If
>> > filename does not contain a slash, filenames  in  PATH  are used to find 
>> > the
>> > directory containing filename.  The file searched for in PATH  need  not  
>> > be
>> > executable. When  bash  is  not  in  posix  mode,  the  current directory 
>> > is
>> > searched if no file is found in PATH.
>>
>> I wish bash wouldn't introduce gratuitous standard violations.
>
> I see such begaviour more as a security problem - there are good
> reasons not using "." automagically in $PATH (like DOS did .).
>

The problem with DOS/Windows is that they prioritize "." (working directory)
over PATH when searching commands, which can cause security problems.
Bash actually considers "." last, which is less of the security threat (unless
you're setting a shell environment when user doesn't even have permission to
adjust $PATH).

For reference, here is the rationale in POSIX:

http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#dot

"Some older implementations searched the current directory for the [file],
even if the value of [PATH] disallowed it. This behavior was omitted from this
volume of POSIX.1-2008 due to concerns about introducing the susceptibility to
trojan horses that the user might be trying to avoid by leaving _dot_ out of
[PATH]."
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-28 Thread Bernd Petrovitsch 
On Fri, 2018-01-26 at 15:15 +0100, Denys Vlasenko wrote:
> On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto  wrote:
[...]
> > According to the BASH documentation, the source command should:
> > Read and execute commands from filename  in  the  current  shell environment
> > and return the exit status of the last command executed from filename.  If
> > filename does not contain a slash, filenames  in  PATH  are used to find the
> > directory containing filename.  The file searched for in PATH  need  not  be
> > executable. When  bash  is  not  in  posix  mode,  the  current directory is
> > searched if no file is found in PATH.
> 
> I wish bash wouldn't introduce gratuitous standard violations.

I see such begaviour more as a security problem - there are good
reasons not using "." automagically in $PATH (like DOS did .).

Kind regards,
Bernd

PS: POSIX has some stuff in it which actually requires violation.
-- 
Bernd Petrovitsch  Email : be...@petrovitsch.priv.at
 LUGA : http://www.luga.at
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-28 Thread Denys Vlasenko 
On Fri, Jan 26, 2018 at 7:50 PM, Mike Frysinger  wrote:
> On 26 Jan 2018 15:15, Denys Vlasenko wrote:
>> On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto  wrote:
>> > This patch restores, and improves upon, expected behavior to BASH
>> > compatibility which was lost beginning with 1.27.0. This was pulled into
>> > Alpine 3.7 which, in turn was pulled into official Docker images beginning
>> > with docker:17.12. As a result, a large number of CICD builds that use
>> > "source filename" have broken everywhere.
>> >
>> > According to the BASH documentation, the source command should:
>> > Read and execute commands from filename  in  the  current  shell 
>> > environment
>> > and return the exit status of the last command executed from filename.  If
>> > filename does not contain a slash, filenames  in  PATH  are used to find 
>> > the
>> > directory containing filename.  The file searched for in PATH  need  not  
>> > be
>> > executable. When  bash  is  not  in  posix  mode,  the  current directory 
>> > is
>> > searched if no file is found in PATH.
>>
>> I wish bash wouldn't introduce gratuitous standard violations.
>
> bash is its own shell.  why can't it introduce its own extensions as it sees
> fit ?

Because a divergence is not a good thing, especially if it's gratuitous
(i.e. if a particular bashism is not adding any useful functionaluty).

Making bash "source" behavior non-standard had nothing useful in it.
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-27 Thread Kang-Che Sung 
2018年1月28日 上午5:05,"Paul Otto" 寫道:

Thanks for taking care of this, Denys. It didn't wind up the way I'd hoped,
but at least it is predictable both ways now. I will see if there is a way
to get Alpine Linux to build with that config option set, to resolve the
regression introduced by busybox 1.27.


I wonder when people suggest adding a config option to make "source"/"."
command bash-compatible, why aren't they bothered to append the "."
directory at the end of $PATH and save the bloat on the shell code.

Also, I suggest the new BASH_SOURCE_CURDIR be _one_ config option across
both shells, instead of allowing different behaviors of two shells in one
binary. And since this is about behavior change and not a feature
"extension", I think we have no need for this config option to depend on
*_BASH_COMPAT.
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-27 Thread Paul Otto 
Thanks for taking care of this, Denys. It didn't wind up the way I'd hoped,
but at least it is predictable both ways now. I will see if there is a way
to get Alpine Linux to build with that config option set, to resolve the
regression introduced by busybox 1.27.

- Paul
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-27 Thread Denys Vlasenko 
I already committed a similar patch to git.

On Fri, Jan 26, 2018 at 5:46 PM, Paul Otto  wrote:
> I have modified this patch per your review comments. For what it's worth, I
> went through hush, and found that it still exhibits the BASH non-POSIXy
> behavior. Take a look:
>
> static char *find_in_path(const char *arg)
> {
> ...
> if (sz != 0) {
> ret = xasprintf("%.*s/%s", sz, PATH, arg);
> } else {
> /* We have xxx:: in $PATH,
> * it means "use current dir" */
> ret = xstrdup(arg);
> }
> if (access(ret, F_OK) == 0)
> break;
> ...
>
> 
>
> static int FAST_FUNC builtin_source(char **argv)
> {
> ...
> if (!strchr(filename, '/')) {
> arg_path = find_in_path(filename);
> if (arg_path)
> filename = arg_path;
> }
> ...
>
> 
>
>  shell/ash.c | 26 --
>  1 file changed, 24 insertions(+), 2 deletions(-)
>
> diff --git i/shell/ash.c w/shell/ash.c
> index 865159d20..c9edce16c 100644
> --- i/shell/ash.c
> +++ w/shell/ash.c
> @@ -60,6 +60,20 @@
>  //config:  from GNU bash, which allows for alternative command not
> found
>  //config:  handling.
>  //config:
> +//config:config ASH_BASH_NON_POSIX_DOTCMD
> +//config:  bool "non-POSIXy dotcmd behavior (ie: .  or source
> )"
> +//config:  default n
> +//config:  depends ASH_BASH_COMPAT
> +//config:  help
> +//config:  Activates the expected, non-POSIXy behavior BASH follows
> when
> +//config:  dotcmd is invoked with either ". " or "source ".
> In
> +//config:  BASH, when the dotcmd is combined with a filename without an
> +//config:  absolute or relative path specified, the shell first scans
> the
> +//config:  environment's PATH, followed by the present working
> directory
> +//config:  (PWD). The POSIX-compliant command does NOT scan the present
> +//config:  working directory. This option is disabled by default for
> improved
> +//config:  speed and security.
> +//config:
>  //config:config ASH_JOB_CONTROL
>  //config:  bool "Job control"
>  //config:  default y
> @@ -12967,7 +12981,10 @@ find_dot_file(char *name)
> if (strchr(name, '/'))
> return name;
>
> -   while ((fullname = path_advance(&path, name)) != NULL) {
> +while ((fullname = path_advance(&path, name)) != NULL) {
> +#if ASH_BASH_NON_POSIX_DOTCMD
> +try_cur_dir:
> +#endif
> if ((stat(fullname, &statb) == 0) && S_ISREG(statb.st_mode))
> {
> /*
>  * Don't bother freeing here, since it will
> @@ -12980,7 +12997,12 @@ find_dot_file(char *name)
> }
>
> /* not found in the PATH */
> -   ash_msg_and_raise_error("%s: not found", name);
> +#if ASH_BASH_NON_POSIX_DOTCMD
> +fullname = name;
> +goto try_cur_dir;

you can simply "return name" here.

> +#endif
> +/* not found at all */
> +ash_msg_and_raise_error("%s: not found", name);
> /* NOTREACHED */
>  }
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

RE: [**EXTERNAL**] Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-26 Thread Cathey, Jim 
>I fought through the bash startup scripts almost 20 years ago in 
>college, and still have "source .bashrc" in my ~/.bash_profile that >I've  
>been carrying from system to system ever since :-)
>and my PATH has never had '.' in it.  Your explanation makes
>perfect sense though.

My understanding predates bash.  :-)
But is it correct?  I'd have a hard time testing one of THOSE
systems now!

-Mike

___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [**EXTERNAL**] Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-26 Thread Paul Otto 
On Fri, Jan 26, 2018 at 10:47 AM, Cathey, Jim  wrote:

> My understanding, from years past, is that "source " (or ". ")
> is _exactly_ the same as "", except that it's running in _this_ shell
> rather than in a subshell.  Thus it is able to affect environment variables
> that subsequent commands can inherit, etc.
>
> If "." is not in your PATH, and you want to source a file that's right
> there, you have to ". ./" just as you'd expect.  If that's not what
> bash is doing, then it's wrong.
>
> -- Jim
>
>
Your understanding regarding how ". filename" / "source filename" is
supposed to execute commands in the file is correct, it reads and executes
commands in the *current shell* as opposed to how "./filename" runs a
script as an executable file by launching a *new shell*.

Regarding your last statement though, just because BASH doesn't adhere to
POSIX does not make it "wrong". This is particularly true when it comes to
a tool intended to emulate another tool - to change from the expected
behavior because it is believed to be "wrong" results in a tool which
incorrectly emulates BASH. BASH does many non-POSIX compliant things. It
works exactly as documented.

- Paul
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-26 Thread Michael Conrad 

On 1/26/2018 12:47 PM, Cathey, Jim wrote:

My understanding, from years past, is that "source " (or ". ") is _exactly_ the 
same as "", except that it's running in _this_ shell rather than in a subshell.  Thus it is able to 
affect environment variables that subsequent commands can inherit, etc.

If "." is not in your PATH, and you want to source a file that's right there, you have to 
". ./" just as you'd expect.  If that's not what bash is doing, then it's wrong.


I fought through the bash startup scripts almost 20 years ago in 
college, and still have "source .bashrc" in my ~/.bash_profile that I've 
been carrying from system to system ever since :-)  and my PATH has 
never had '.' in it.  Your explanation makes perfect sense though.


-Mike
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-26 Thread Mike Frysinger 
On 26 Jan 2018 15:15, Denys Vlasenko wrote:
> On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto  wrote:
> > This patch restores, and improves upon, expected behavior to BASH
> > compatibility which was lost beginning with 1.27.0. This was pulled into
> > Alpine 3.7 which, in turn was pulled into official Docker images beginning
> > with docker:17.12. As a result, a large number of CICD builds that use
> > "source filename" have broken everywhere.
> >
> > According to the BASH documentation, the source command should:
> > Read and execute commands from filename  in  the  current  shell environment
> > and return the exit status of the last command executed from filename.  If
> > filename does not contain a slash, filenames  in  PATH  are used to find the
> > directory containing filename.  The file searched for in PATH  need  not  be
> > executable. When  bash  is  not  in  posix  mode,  the  current directory is
> > searched if no file is found in PATH.
> 
> I wish bash wouldn't introduce gratuitous standard violations.

bash is its own shell.  why can't it introduce its own extensions as it sees
fit ?  if you want a runtime that doesn't violate POSIX standards, you can
already get that with `set -o posix` (among other ways).  but it won't turn
off bash extensions that don't clash with the standard ...

if the bash-specific behavior wasn't useful, then people wouldn't request
support for them right ? :)
-mike


signature.asc
Description: Digital signature
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

RE: [**EXTERNAL**] Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-26 Thread Cathey, Jim 
My understanding, from years past, is that "source " (or ". ") is 
_exactly_ the same as "", except that it's running in _this_ shell rather 
than in a subshell.  Thus it is able to affect environment variables that 
subsequent commands can inherit, etc.

If "." is not in your PATH, and you want to source a file that's right there, 
you have to ". ./" just as you'd expect.  If that's not what bash is 
doing, then it's wrong.

-- Jim

___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-26 Thread Michael Conrad 

On 1/26/2018 9:15 AM, Denys Vlasenko wrote:

On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto  wrote:

According to the BASH documentation, the source command should:
Read and execute commands from filename  in  the  current  shell environment
and return the exit status of the last command executed from filename.  If
filename does not contain a slash, filenames  in  PATH  are used to find the
directory containing filename.  The file searched for in PATH  need  not  be
executable. When  bash  is  not  in  posix  mode,  the  current directory is
searched if no file is found in PATH.

I wish bash wouldn't introduce gratuitous standard violations.


But wow, learn something every day... I never knew 'source' searched 
PATH at all.  I thought it just loaded a file with the same semantics as 
'open()'.


This would be the danger of learning by example instead of reading the 
manual.


-Mike
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-26 Thread Paul Otto 
I have modified this patch per your review comments. For what it's worth, I
went through hush, and found that it still exhibits the BASH non-POSIXy
behavior. Take a look:

static char *find_in_path(const char *arg)
{
...
if (sz != 0) {
ret = xasprintf("%.*s/%s", sz, PATH, arg);
} else {
/* We have xxx:: in $PATH,
* it means "use current dir" */
ret = xstrdup(arg);
}
if (access(ret, F_OK) == 0)
break;
...



static int FAST_FUNC builtin_source(char **argv)
{
...
if (!strchr(filename, '/')) {
arg_path = find_in_path(filename);
if (arg_path)
filename = arg_path;
}
...



 shell/ash.c | 26 --
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git i/shell/ash.c w/shell/ash.c
index 865159d20..c9edce16c 100644
--- i/shell/ash.c
+++ w/shell/ash.c
@@ -60,6 +60,20 @@
 //config:  from GNU bash, which allows for alternative command not
found
 //config:  handling.
 //config:
+//config:config ASH_BASH_NON_POSIX_DOTCMD
+//config:  bool "non-POSIXy dotcmd behavior (ie: .  or source
)"
+//config:  default n
+//config:  depends ASH_BASH_COMPAT
+//config:  help
+//config:  Activates the expected, non-POSIXy behavior BASH follows
when
+//config:  dotcmd is invoked with either ". " or "source
". In
+//config:  BASH, when the dotcmd is combined with a filename without an
+//config:  absolute or relative path specified, the shell first scans
the
+//config:  environment's PATH, followed by the present working
directory
+//config:  (PWD). The POSIX-compliant command does NOT scan the present
+//config:  working directory. This option is disabled by default for
improved
+//config:  speed and security.
+//config:
 //config:config ASH_JOB_CONTROL
 //config:  bool "Job control"
 //config:  default y
@@ -12967,7 +12981,10 @@ find_dot_file(char *name)
if (strchr(name, '/'))
return name;

-   while ((fullname = path_advance(&path, name)) != NULL) {
+while ((fullname = path_advance(&path, name)) != NULL) {
+#if ASH_BASH_NON_POSIX_DOTCMD
+try_cur_dir:
+#endif
if ((stat(fullname, &statb) == 0) &&
S_ISREG(statb.st_mode)) {
/*
 * Don't bother freeing here, since it will
@@ -12980,7 +12997,12 @@ find_dot_file(char *name)
}

/* not found in the PATH */
-   ash_msg_and_raise_error("%s: not found", name);
+#if ASH_BASH_NON_POSIX_DOTCMD
+fullname = name;
+goto try_cur_dir;
+#endif
+/* not found at all */
+ash_msg_and_raise_error("%s: not found", name);
/* NOTREACHED */
 }
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: [PATCH] ash: make bash_source command search current directory after PATH

2018-01-26 Thread Denys Vlasenko 
On Fri, Jan 26, 2018 at 9:34 AM, Paul Otto  wrote:
> This patch restores, and improves upon, expected behavior to BASH
> compatibility which was lost beginning with 1.27.0. This was pulled into
> Alpine 3.7 which, in turn was pulled into official Docker images beginning
> with docker:17.12. As a result, a large number of CICD builds that use
> "source filename" have broken everywhere.
>
> According to the BASH documentation, the source command should:
> Read and execute commands from filename  in  the  current  shell environment
> and return the exit status of the last command executed from filename.  If
> filename does not contain a slash, filenames  in  PATH  are used to find the
> directory containing filename.  The file searched for in PATH  need  not  be
> executable. When  bash  is  not  in  posix  mode,  the  current directory is
> searched if no file is found in PATH.

I wish bash wouldn't introduce gratuitous standard violations.

> This patch specifically checks for when commandname is "source"

This is not how bash behaves. It treats "." and "source" the same.

> and only
> performs the additional PWD search in that case, and only after it has
> neither 1) short-circuited from a /; and 2) not been found somewhere within
> the PATH.

I think this should be made a config option, off by default.
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox