Bug#1033055: tryton-server-uwsgi.postinst: is very fragile
Hi Matthias, On Fri, Mar 17, 2023 at 08:36:07AM +0100, Mathias Behrle wrote: > thanks for testing the package and your patch, will have a look at it shortly. I've attached an extended patch. Please consider it to be a suggested improvement hunk by hunk. I've gone through all shell scripts in debian/ now and it covers quite a bit more occasions. Regarding the postgresql setup, I am mildly surprised that it requires a password. I try to always use unix domain socket based authentication and wonder whether tryton should prefer the same for a local database. If there is no password, you cannot leak it. However, this is drifting from the original matter. Helmut diff --minimal -Nru tryton-server-6.0.29/debian/changelog tryton-server-6.0.29/debian/changelog --- tryton-server-6.0.29/debian/changelog 2023-03-04 10:45:59.0 +0100 +++ tryton-server-6.0.29/debian/changelog 2023-03-16 12:34:42.0 +0100 @@ -1,3 +1,10 @@ +tryton-server (6.0.29-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Fix bugs in various maintainer scripts. (Closes: #-1) + + -- Helmut Grohne Thu, 16 Mar 2023 12:34:42 +0100 + tryton-server (6.0.29-1) unstable; urgency=high * Merging upstream version 6.0.29. diff --minimal -Nru tryton-server-6.0.29/debian/scripts/activate_modules.sh tryton-server-6.0.29/debian/scripts/activate_modules.sh --- tryton-server-6.0.29/debian/scripts/activate_modules.sh 2023-03-04 10:45:59.0 +0100 +++ tryton-server-6.0.29/debian/scripts/activate_modules.sh 2023-03-16 12:34:42.0 +0100 @@ -7,7 +7,7 @@ . /etc/dbconfig-common/tryton-server-postgresql.conf fi -if [ ! -z $dbc_dbname ]; then +if [ ! -z "$dbc_dbname" ]; then db_name=$dbc_dbname fi diff --minimal -Nru tryton-server-6.0.29/debian/scripts/initialize_db.sh tryton-server-6.0.29/debian/scripts/initialize_db.sh --- tryton-server-6.0.29/debian/scripts/initialize_db.sh2023-03-04 10:45:59.0 +0100 +++ tryton-server-6.0.29/debian/scripts/initialize_db.sh2023-03-16 12:34:42.0 +0100 @@ -22,13 +22,13 @@ TRYTONPASSFILE=`mktemp` export TRYTONPASSFILE -echo $admin_password > $TRYTONPASSFILE +echo "$admin_password" > "$TRYTONPASSFILE" unset admin_password # The new configuration file is not yet in place, we construct the database url and use that -uri=postgresql://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver -if [ ! -z $dbc_dbport ]; then -uri="$uri":$dbc_dbport +uri="postgresql://$dbc_dbuser:$dbc_dbpass@$dbc_dbserver" +if [ ! -z "$dbc_dbport" ]; then +uri="$uri:$dbc_dbport" fi uri="$uri"/ export TRYTOND_DATABASE_URI="$uri" diff --minimal -Nru tryton-server-6.0.29/debian/scripts/run_imports.sh tryton-server-6.0.29/debian/scripts/run_imports.sh --- tryton-server-6.0.29/debian/scripts/run_imports.sh 2023-03-04 10:45:59.0 +0100 +++ tryton-server-6.0.29/debian/scripts/run_imports.sh 2023-03-16 12:34:42.0 +0100 @@ -8,7 +8,7 @@ . /etc/dbconfig-common/tryton-server-postgresql.conf fi -if [ ! -z $dbc_dbname ]; then +if [ ! -z "$dbc_dbname" ]; then db_name=$dbc_dbname fi diff --minimal -Nru tryton-server-6.0.29/debian/tryton-server-nginx.postinst tryton-server-6.0.29/debian/tryton-server-nginx.postinst --- tryton-server-6.0.29/debian/tryton-server-nginx.postinst2023-03-04 10:45:59.0 +0100 +++ tryton-server-6.0.29/debian/tryton-server-nginx.postinst2023-03-16 12:34:42.0 +0100 @@ -38,7 +38,7 @@ create_config () { trap cleanup EXIT TRYTON_NGINX_CONF_NEW=$(mktemp) -cp -a "$TRYTON_NGINX_CONF_TEMPLATE" $TRYTON_NGINX_CONF_NEW +cp -a "$TRYTON_NGINX_CONF_TEMPLATE" "$TRYTON_NGINX_CONF_NEW" uwsgi_uri=$(hostname):8001 website_uri=$(hostname -f) diff --minimal -Nru tryton-server-6.0.29/debian/tryton-server-postgresql.postinst tryton-server-6.0.29/debian/tryton-server-postgresql.postinst --- tryton-server-6.0.29/debian/tryton-server-postgresql.postinst 2023-03-04 10:45:59.0 +0100 +++ tryton-server-6.0.29/debian/tryton-server-postgresql.postinst 2023-03-16 12:34:42.0 +0100 @@ -32,15 +32,15 @@ case "$dbc_dbtype" in pgsql) -uri=$dbc_dbuser:$dbc_dbpass@$dbc_dbserver -if [ ! -z $dbc_dbport ]; then -uri="$uri":$dbc_dbport +uri="$dbc_dbuser:$dbc_dbpass@$dbc_dbserver" +if [ ! -z "$dbc_dbport" ]; then +uri="$uri:$dbc_dbport" fi uri="$uri"/ # first uncomment the existing postgresql uri sample line -sed -i -e "s|^#\s*\(uri = postgresql://tryton:tryton@localhost:5432/\)|\1|" "$TRYTON_CONFNEW" +sed -i -e '/^\[database\]$/,/^\[.*\]$/s|^#\s*\(uri = postgresql://tryton:tryton@localhost:5432/\)|\1|' "$TRYTON_CONFNEW" # now update the active postgresql uri with the correct uri -sed -i -e "s|^\(uri = postgresql://\)\(tryton:tryton@localhost:5432/\)|\1$uri|"
Bug#1033055: tryton-server-uwsgi.postinst: is very fragile
* Helmut Grohne: " Bug#1033055: tryton-server-uwsgi.postinst: is very fragile" (Thu, 16 Mar 2023 12:44:22 +0100): Hi Helmut, thanks for testing the package and your patch, will have a look at it shortly. Cheers, Mathias > Source: tryton-server > Version: 6.0.29-1 > Severity: important > Tags: patch > > Hi Matthias, > > I noticed that tryton-server-uwsgi.postinst is quite fragile. When I > tried to install it, I got this failure: > > | /var/lib/dpkg/info/tryton-server-uwsgi.postinst: 46: [: > | postgresql://tryton@/: unexpected operator sed: -e expression #1, char 56: > | unterminated `s' command dpkg: error processing package tryton-server-uwsgi > | (--configure): installed tryton-server-uwsgi package post-installation > | script subprocess returned error exit status 1 Processing triggers for > | man-db (2.9.4-2) ... Processing triggers for libc-bin (2.31-13+deb11u5) ... > | Errors were encountered while processing: > | tryton-server-uwsgi > | E: Sub-process /usr/bin/dpkg returned an error code (1) > > Admittedly, this was using 6.0.29-1~11bullseye+1, but it applies to > unstable as well, so I'll report here. > > While investigating this in encountered multiple issues: > > * A general lack of quoting. It is much safer to quote shell variables >to avoid unintentional word splitting. This actually seems to be >causing the problem above. > * Fragile parsing of trytond.conf, which is an ini file with sections. >The uri that is being parsed can be found in multiple sections such >as database and email. It would be good to use section-aware parsing. > > I'm attaching a patch that addresses all of the above and think that > this should be fixed in bookworm and in the backports provided at > https://debian.m9s.biz/debian. > > Thanks in advance > > Helmut -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6 pgp7M3o2HyMSi.pgp Description: Digitale Signatur von OpenPGP
Bug#1033055: tryton-server-uwsgi.postinst: is very fragile
Source: tryton-server Version: 6.0.29-1 Severity: important Tags: patch Hi Matthias, I noticed that tryton-server-uwsgi.postinst is quite fragile. When I tried to install it, I got this failure: | /var/lib/dpkg/info/tryton-server-uwsgi.postinst: 46: [: postgresql://tryton@/: unexpected operator | sed: -e expression #1, char 56: unterminated `s' command | dpkg: error processing package tryton-server-uwsgi (--configure): | installed tryton-server-uwsgi package post-installation script subprocess returned error exit status 1 | Processing triggers for man-db (2.9.4-2) ... | Processing triggers for libc-bin (2.31-13+deb11u5) ... | Errors were encountered while processing: | tryton-server-uwsgi | E: Sub-process /usr/bin/dpkg returned an error code (1) Admittedly, this was using 6.0.29-1~11bullseye+1, but it applies to unstable as well, so I'll report here. While investigating this in encountered multiple issues: * A general lack of quoting. It is much safer to quote shell variables to avoid unintentional word splitting. This actually seems to be causing the problem above. * Fragile parsing of trytond.conf, which is an ini file with sections. The uri that is being parsed can be found in multiple sections such as database and email. It would be good to use section-aware parsing. I'm attaching a patch that addresses all of the above and think that this should be fixed in bookworm and in the backports provided at https://debian.m9s.biz/debian. Thanks in advance Helmut diff --minimal -Nru tryton-server-6.0.29/debian/changelog tryton-server-6.0.29/debian/changelog --- tryton-server-6.0.29/debian/changelog 2023-03-04 10:45:59.0 +0100 +++ tryton-server-6.0.29/debian/changelog 2023-03-16 12:34:42.0 +0100 @@ -1,3 +1,10 @@ +tryton-server (6.0.29-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Fix bugs in tryton-server-uwsgi.postinst. (Closes: #-1) + + -- Helmut Grohne Thu, 16 Mar 2023 12:34:42 +0100 + tryton-server (6.0.29-1) unstable; urgency=high * Merging upstream version 6.0.29. diff --minimal -Nru tryton-server-6.0.29/debian/tryton-server-uwsgi.postinst tryton-server-6.0.29/debian/tryton-server-uwsgi.postinst --- tryton-server-6.0.29/debian/tryton-server-uwsgi.postinst2023-03-04 10:45:59.0 +0100 +++ tryton-server-6.0.29/debian/tryton-server-uwsgi.postinst2023-03-16 12:34:41.0 +0100 @@ -36,14 +36,14 @@ create_config () { trap cleanup EXIT TRYTON_UWSGI_INI_NEW=$(mktemp) -cp -a "$TRYTON_UWSGI_INI_TEMPLATE" $TRYTON_UWSGI_INI_NEW +cp -a "$TRYTON_UWSGI_INI_TEMPLATE" "$TRYTON_UWSGI_INI_NEW" TRYTON_CONFNEW=$(mktemp) -cp -a "$TRYTON_CONFFILE" $TRYTON_CONFNEW +cp -a "$TRYTON_CONFFILE" "$TRYTON_CONFNEW" db_name="tryton" -db_uri="$(grep "^uri =" $TRYTON_CONFFILE|cut -d' ' -f3)" +db_uri="$(sed -n '/^\[database\]$/,/^\[.*\]$/s/^uri\s*=\s*//p' "$TRYTON_CONFFILE")" # if no uri is configured we use the default sqlite connection -if [ -z $db_uri ]; then +if [ -z "$db_uri" ]; then db_uri=sqlite:// fi @@ -52,7 +52,7 @@ . /etc/dbconfig-common/tryton-server-postgresql.conf fi -if [ ! -z $dbc_dbname ]; then +if [ ! -z "$dbc_dbname" ]; then db_name=$dbc_dbname fi @@ -109,7 +109,7 @@ . /etc/dbconfig-common/tryton-server-postgresql.conf fi -if [ ! -z $dbc_dbname ]; then +if [ ! -z "$dbc_dbname" ]; then db_name=$dbc_dbname fi