Bug#1033055: tryton-server-uwsgi.postinst: is very fragile
Hi Matthias,
On Fri, Mar 17, 2023 at 08:36:07AM +0100, Mathias Behrle wrote:
> thanks for testing the package and your patch, will have a look at it shortly.
I've attached an extended patch. Please consider it to be a suggested
improvement hunk by hunk. I've gone through all shell scripts in debian/
now and it covers quite a bit more occasions.
Regarding the postgresql setup, I am mildly surprised that it requires a
password. I try to always use unix domain socket based authentication
and wonder whether tryton should prefer the same for a local database.
If there is no password, you cannot leak it. However, this is drifting
from the original matter.
Helmut
diff --minimal -Nru tryton-server-6.0.29/debian/changelog
tryton-server-6.0.29/debian/changelog
--- tryton-server-6.0.29/debian/changelog 2023-03-04 10:45:59.0
+0100
+++ tryton-server-6.0.29/debian/changelog 2023-03-16 12:34:42.0
+0100
@@ -1,3 +1,10 @@
+tryton-server (6.0.29-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix bugs in various maintainer scripts. (Closes: #-1)
+
+ -- Helmut Grohne Thu, 16 Mar 2023 12:34:42 +0100
+
tryton-server (6.0.29-1) unstable; urgency=high
* Merging upstream version 6.0.29.
diff --minimal -Nru tryton-server-6.0.29/debian/scripts/activate_modules.sh
tryton-server-6.0.29/debian/scripts/activate_modules.sh
--- tryton-server-6.0.29/debian/scripts/activate_modules.sh 2023-03-04
10:45:59.0 +0100
+++ tryton-server-6.0.29/debian/scripts/activate_modules.sh 2023-03-16
12:34:42.0 +0100
@@ -7,7 +7,7 @@
. /etc/dbconfig-common/tryton-server-postgresql.conf
fi
-if [ ! -z $dbc_dbname ]; then
+if [ ! -z "$dbc_dbname" ]; then
db_name=$dbc_dbname
fi
diff --minimal -Nru tryton-server-6.0.29/debian/scripts/initialize_db.sh
tryton-server-6.0.29/debian/scripts/initialize_db.sh
--- tryton-server-6.0.29/debian/scripts/initialize_db.sh2023-03-04
10:45:59.0 +0100
+++ tryton-server-6.0.29/debian/scripts/initialize_db.sh2023-03-16
12:34:42.0 +0100
@@ -22,13 +22,13 @@
TRYTONPASSFILE=`mktemp`
export TRYTONPASSFILE
-echo $admin_password > $TRYTONPASSFILE
+echo "$admin_password" > "$TRYTONPASSFILE"
unset admin_password
# The new configuration file is not yet in place, we construct the database
url and use that
-uri=postgresql://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver
-if [ ! -z $dbc_dbport ]; then
-uri="$uri":$dbc_dbport
+uri="postgresql://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver"
+if [ ! -z "$dbc_dbport" ]; then
+uri="$uri:$dbc_dbport"
fi
uri="$uri"/
export TRYTOND_DATABASE_URI="$uri"
diff --minimal -Nru tryton-server-6.0.29/debian/scripts/run_imports.sh
tryton-server-6.0.29/debian/scripts/run_imports.sh
--- tryton-server-6.0.29/debian/scripts/run_imports.sh 2023-03-04
10:45:59.0 +0100
+++ tryton-server-6.0.29/debian/scripts/run_imports.sh 2023-03-16
12:34:42.0 +0100
@@ -8,7 +8,7 @@
. /etc/dbconfig-common/tryton-server-postgresql.conf
fi
-if [ ! -z $dbc_dbname ]; then
+if [ ! -z "$dbc_dbname" ]; then
db_name=$dbc_dbname
fi
diff --minimal -Nru tryton-server-6.0.29/debian/tryton-server-nginx.postinst
tryton-server-6.0.29/debian/tryton-server-nginx.postinst
--- tryton-server-6.0.29/debian/tryton-server-nginx.postinst2023-03-04
10:45:59.0 +0100
+++ tryton-server-6.0.29/debian/tryton-server-nginx.postinst2023-03-16
12:34:42.0 +0100
@@ -38,7 +38,7 @@
create_config () {
trap cleanup EXIT
TRYTON_NGINX_CONF_NEW=$(mktemp)
-cp -a "$TRYTON_NGINX_CONF_TEMPLATE" $TRYTON_NGINX_CONF_NEW
+cp -a "$TRYTON_NGINX_CONF_TEMPLATE" "$TRYTON_NGINX_CONF_NEW"
uwsgi_uri=$(hostname):8001
website_uri=$(hostname -f)
diff --minimal -Nru
tryton-server-6.0.29/debian/tryton-server-postgresql.postinst
tryton-server-6.0.29/debian/tryton-server-postgresql.postinst
--- tryton-server-6.0.29/debian/tryton-server-postgresql.postinst
2023-03-04 10:45:59.0 +0100
+++ tryton-server-6.0.29/debian/tryton-server-postgresql.postinst
2023-03-16 12:34:42.0 +0100
@@ -32,15 +32,15 @@
case "$dbc_dbtype" in
pgsql)
-uri=$dbc_dbuser:$dbc_dbpass@$dbc_dbserver
-if [ ! -z $dbc_dbport ]; then
-uri="$uri":$dbc_dbport
+uri="$dbc_dbuser:$dbc_dbpass@$dbc_dbserver"
+if [ ! -z "$dbc_dbport" ]; then
+uri="$uri:$dbc_dbport"
fi
uri="$uri"/
# first uncomment the existing postgresql uri sample line
-sed -i -e "s|^#\s*\(uri =
postgresql://tryton:tryton@localhost:5432/\)|\1|" "$TRYTON_CONFNEW"
+sed -i -e '/^\[database\]$/,/^\[.*\]$/s|^#\s*\(uri =
postgresql://tryton:tryton@localhost:5432/\)|\1|' "$TRYTON_CONFNEW"
# now update the active postgresql uri with the correct uri
-sed -i -e "s|^\(uri =
postgresql://\)\(tryton:tryton@localhost:5432/\)|\1$uri|"
Bug#1033055: tryton-server-uwsgi.postinst: is very fragile
* Helmut Grohne: " Bug#1033055: tryton-server-uwsgi.postinst: is very fragile" (Thu, 16 Mar 2023 12:44:22 +0100): Hi Helmut, thanks for testing the package and your patch, will have a look at it shortly. Cheers, Mathias > Source: tryton-server > Version: 6.0.29-1 > Severity: important > Tags: patch > > Hi Matthias, > > I noticed that tryton-server-uwsgi.postinst is quite fragile. When I > tried to install it, I got this failure: > > | /var/lib/dpkg/info/tryton-server-uwsgi.postinst: 46: [: > | postgresql://tryton@/: unexpected operator sed: -e expression #1, char 56: > | unterminated `s' command dpkg: error processing package tryton-server-uwsgi > | (--configure): installed tryton-server-uwsgi package post-installation > | script subprocess returned error exit status 1 Processing triggers for > | man-db (2.9.4-2) ... Processing triggers for libc-bin (2.31-13+deb11u5) ... > | Errors were encountered while processing: > | tryton-server-uwsgi > | E: Sub-process /usr/bin/dpkg returned an error code (1) > > Admittedly, this was using 6.0.29-1~11bullseye+1, but it applies to > unstable as well, so I'll report here. > > While investigating this in encountered multiple issues: > > * A general lack of quoting. It is much safer to quote shell variables >to avoid unintentional word splitting. This actually seems to be >causing the problem above. > * Fragile parsing of trytond.conf, which is an ini file with sections. >The uri that is being parsed can be found in multiple sections such >as database and email. It would be good to use section-aware parsing. > > I'm attaching a patch that addresses all of the above and think that > this should be fixed in bookworm and in the backports provided at > https://debian.m9s.biz/debian. > > Thanks in advance > > Helmut -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6 pgp7M3o2HyMSi.pgp Description: Digitale Signatur von OpenPGP
Bug#1033055: tryton-server-uwsgi.postinst: is very fragile
Source: tryton-server
Version: 6.0.29-1
Severity: important
Tags: patch
Hi Matthias,
I noticed that tryton-server-uwsgi.postinst is quite fragile. When I
tried to install it, I got this failure:
| /var/lib/dpkg/info/tryton-server-uwsgi.postinst: 46: [:
postgresql://tryton@/: unexpected operator
| sed: -e expression #1, char 56: unterminated `s' command
| dpkg: error processing package tryton-server-uwsgi (--configure):
| installed tryton-server-uwsgi package post-installation script subprocess
returned error exit status 1
| Processing triggers for man-db (2.9.4-2) ...
| Processing triggers for libc-bin (2.31-13+deb11u5) ...
| Errors were encountered while processing:
| tryton-server-uwsgi
| E: Sub-process /usr/bin/dpkg returned an error code (1)
Admittedly, this was using 6.0.29-1~11bullseye+1, but it applies to
unstable as well, so I'll report here.
While investigating this in encountered multiple issues:
* A general lack of quoting. It is much safer to quote shell variables
to avoid unintentional word splitting. This actually seems to be
causing the problem above.
* Fragile parsing of trytond.conf, which is an ini file with sections.
The uri that is being parsed can be found in multiple sections such
as database and email. It would be good to use section-aware parsing.
I'm attaching a patch that addresses all of the above and think that
this should be fixed in bookworm and in the backports provided at
https://debian.m9s.biz/debian.
Thanks in advance
Helmut
diff --minimal -Nru tryton-server-6.0.29/debian/changelog
tryton-server-6.0.29/debian/changelog
--- tryton-server-6.0.29/debian/changelog 2023-03-04 10:45:59.0
+0100
+++ tryton-server-6.0.29/debian/changelog 2023-03-16 12:34:42.0
+0100
@@ -1,3 +1,10 @@
+tryton-server (6.0.29-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix bugs in tryton-server-uwsgi.postinst. (Closes: #-1)
+
+ -- Helmut Grohne Thu, 16 Mar 2023 12:34:42 +0100
+
tryton-server (6.0.29-1) unstable; urgency=high
* Merging upstream version 6.0.29.
diff --minimal -Nru tryton-server-6.0.29/debian/tryton-server-uwsgi.postinst
tryton-server-6.0.29/debian/tryton-server-uwsgi.postinst
--- tryton-server-6.0.29/debian/tryton-server-uwsgi.postinst2023-03-04
10:45:59.0 +0100
+++ tryton-server-6.0.29/debian/tryton-server-uwsgi.postinst2023-03-16
12:34:41.0 +0100
@@ -36,14 +36,14 @@
create_config () {
trap cleanup EXIT
TRYTON_UWSGI_INI_NEW=$(mktemp)
-cp -a "$TRYTON_UWSGI_INI_TEMPLATE" $TRYTON_UWSGI_INI_NEW
+cp -a "$TRYTON_UWSGI_INI_TEMPLATE" "$TRYTON_UWSGI_INI_NEW"
TRYTON_CONFNEW=$(mktemp)
-cp -a "$TRYTON_CONFFILE" $TRYTON_CONFNEW
+cp -a "$TRYTON_CONFFILE" "$TRYTON_CONFNEW"
db_name="tryton"
-db_uri="$(grep "^uri =" $TRYTON_CONFFILE|cut -d' ' -f3)"
+db_uri="$(sed -n '/^\[database\]$/,/^\[.*\]$/s/^uri\s*=\s*//p'
"$TRYTON_CONFFILE")"
# if no uri is configured we use the default sqlite connection
-if [ -z $db_uri ]; then
+if [ -z "$db_uri" ]; then
db_uri=sqlite://
fi
@@ -52,7 +52,7 @@
. /etc/dbconfig-common/tryton-server-postgresql.conf
fi
-if [ ! -z $dbc_dbname ]; then
+if [ ! -z "$dbc_dbname" ]; then
db_name=$dbc_dbname
fi
@@ -109,7 +109,7 @@
. /etc/dbconfig-common/tryton-server-postgresql.conf
fi
-if [ ! -z $dbc_dbname ]; then
+if [ ! -z "$dbc_dbname" ]; then
db_name=$dbc_dbname
fi
