commit 77fa3207a9f54c6956c01584d0745703e9fd13e0 Author: Kerin Millar Date: Sun Dec 20 17:00:56 2020 +0200 net-irc/irker: address bug 760869 Quote the ${parameter:=word} expansions (SC2223), while removing two that are spurious. Remove the -z test which does absolutely nothing. It can never be true, because IRKERD_USER will always contain something. As an aside, the "nobody" account is not intended for running services. If ever the test is re-instated, it should be carried out _before_ checkpath is invoked, for reasons that should be obvious. Remove the use of the [[ keyword in favour of the POSIX test command (SC3010). Employ a vastly improved method of conveying the user-specified options. Obviously, POSIX sh doesn't support arrays so we must still perform word-splitting upon IRKERD_OPTS. However, potential pathname expansion can still be suppressed with set -f, so let's do that. Next, proceed to assemble a list of positional parameters using the set builtin. This completely eliminates the possibility for word-splitting and pathname expansion to be performed upon the other IRKERD_* variables, instead conveying them verbatim. Note that the start function is altered to define a ( ... ) compound command, so that the effects of set -f do not persist beyond the intended scope of the function. Closes: https://bugs.gentoo.org/760869 Signed-off-by: Kerin Millar diff --git a/net-irc/irker/files/irkerd.confd b/net-irc/irker/files/irkerd.confd index 42ae7323612a..9b74518472c4 100644 --- a/net-irc/irker/files/irkerd.confd +++ b/net-irc/irker/files/irkerd.confd @@ -12,8 +12,8 @@ # Debug Level (critical, error, warning, info, debug) # IRKERD_LOGLEVEL="" -# To run an anonymous irkerd safely. It should not be able -# to write to anywhere on your system +# To run an anonymous irkerd safely. It should not be able to write to anywhere +# on your system. If the user is undefined or empty, it defaults to "nobody". # IRKERD_USER="" # see man pages for irkerd for valid cmdline options diff --git a/net-irc/irker/files/irkerd.initd b/net-irc/irker/files/irkerd.initd index 6417d45ebf8e..9a02708e2eec 100644 --- a/net-irc/irker/files/irkerd.initd +++ b/net-irc/irker/files/irkerd.initd @@ -2,32 +2,27 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -: ${pidfile:=/run/${RC_SVCNAME}.pid} - -: ${IRKERD_NICK:=} -: ${IRKERD_PASSWORD:=} -: ${IRKERD_USER:=nobody} +: "${pidfile:=/run/${RC_SVCNAME}.pid}" +: "${IRKERD_USER:=nobody}" depend() { use net } -start () { - if [[ ${IRKERD_LOGFILE} ]] ; then +start() ( + if [ -n "${IRKERD_LOGFILE}" ] ; then checkpath -f \ -o "${IRKERD_USER}" \ "${IRKERD_LOGFILE}" \ || return 1 fi - if [[ -z "${IRKERD_USER}" ]] ; then - die "IRKERD_USER is mandatory" - fi - - [[ -n "${IRKERD_LOGLEVEL}" ]] && IRKERD_OPTS="${IRKERD_OPTS} -d ${IRKERD_LOGLEVEL}" - [[ -n "${IRKERD_LOGFILE}" ]] && IRKERD_OPTS="${IRKERD_OPTS} -l ${IRKERD_LOGFILE}" - [[ -n "${IRKERD_NICK}" ]] && IRKERD_OPTS="${IRKERD_OPTS} -n ${IRKERD_NICK}" - [[ -n "${IRKERD_PASSWORD}" ]] && IRKERD_OPTS="${IRKERD_OPTS} -p ${IRKERD_PASSWORD}" + set -f + set -- ${IRKERD_OPTS} + [ -n "${IRKERD_LOGLEVEL}" ] && set -- "$@" -d "${IRKERD_LOGLEVEL}" + [ -n "${IRKERD_LOGFILE}" ] && set -- "$@" -l "${IRKERD_LOGFILE}" + [ -n "${IRKERD_NICK}" ] && set -- "$@" -n "${IRKERD_NICK}" + [ -n "${IRKERD_PASSWORD}" ] && set -- "$@" -p "${IRKERD_PASSWORD}" ebegin "Starting ${RC_SVCNAME}" start-stop-daemon --start \ @@ -35,6 +30,6 @@ start () { --user "${IRKERD_USER}" \ --make-pidfile --pidfile "${pidfile}" \ --exec /usr/bin/irkerd \ - -- ${IRKERD_OPTS} < /dev/null + -- "$@" < /dev/null eend $? -} +)