dom0-updates: Quote arguments
This commit makes the qubes-download-dom0-updates.sh script quote its arguments before using them to avoid expanding wildcards (such as '*') unintendedly. Fixes QubesOS/qubes-issues#5096
This commit is contained in:
M. Vefa Bicakci
parent
da3c22b4a6
commit
8db8d0cb3c
@ -13,7 +13,7 @@ elif [ -f "$DOM0_UPDATES_DIR/etc/yum.conf" ]; then
|
|||||||
fi
|
fi
|
||||||
# DNF uses /etc/yum.repos.d, even when --installroot is specified
|
# DNF uses /etc/yum.repos.d, even when --installroot is specified
|
||||||
OPTS="$OPTS --setopt=reposdir=$DOM0_UPDATES_DIR/etc/yum.repos.d"
|
OPTS="$OPTS --setopt=reposdir=$DOM0_UPDATES_DIR/etc/yum.repos.d"
|
||||||
PKGLIST=
|
PKGLIST=()
|
||||||
YUM_ACTION=
|
YUM_ACTION=
|
||||||
|
|
||||||
export LC_ALL=C
|
export LC_ALL=C
|
||||||
@ -42,7 +42,7 @@ while [ -n "$1" ]; do
|
|||||||
OPTS="$OPTS $1"
|
OPTS="$OPTS $1"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
PKGLIST="$PKGLIST $1"
|
PKGLIST+=( "${1}" )
|
||||||
if [ -z "$YUM_ACTION" ]; then
|
if [ -z "$YUM_ACTION" ]; then
|
||||||
YUM_ACTION=install
|
YUM_ACTION=install
|
||||||
fi
|
fi
|
||||||
@ -88,7 +88,7 @@ if [ "$CLEAN" = "1" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# just check for updates, but don't download any package
|
# just check for updates, but don't download any package
|
||||||
if [ "x$PKGLIST" = "x" ] && [ "$CHECK_ONLY" = "1" ]; then
|
if [ ${#PKGLIST[@]} -eq 0 ] && [ "$CHECK_ONLY" = "1" ]; then
|
||||||
echo "Checking for dom0 updates..." >&2
|
echo "Checking for dom0 updates..." >&2
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
UPDATES_FULL=$($YUM $OPTS check-update)
|
UPDATES_FULL=$($YUM $OPTS check-update)
|
||||||
@ -120,24 +120,22 @@ if ! $YUM --help | grep -q downloadonly; then
|
|||||||
YUM_COMMAND="yumdownloader --destdir=$DOM0_UPDATES_DIR/packages --resolve"
|
YUM_COMMAND="yumdownloader --destdir=$DOM0_UPDATES_DIR/packages --resolve"
|
||||||
elif [ "$YUM_ACTION" = "upgrade" ]; then
|
elif [ "$YUM_ACTION" = "upgrade" ]; then
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
UPDATES_FULL=$($YUM $OPTS check-update $PKGLIST)
|
UPDATES_FULL=$($YUM $OPTS check-update "${PKGLIST[@]}")
|
||||||
check_update_retcode=$?
|
check_update_retcode=$?
|
||||||
UPDATES_FULL=$(echo "$UPDATES_FULL" | grep -v "^Loaded plugins:\|^Last metadata\|^$")
|
UPDATES_FULL=$(echo "$UPDATES_FULL" | grep -v "^Loaded plugins:\|^Last metadata\|^$")
|
||||||
UPDATES=$(echo "$UPDATES_FULL" | grep -v "^Obsoleting\|Could not" | cut -f 1 -d ' ')
|
mapfile -t PKGLIST < <(echo "$UPDATES_FULL" | grep -v "^Obsoleting\|Could not" | cut -f 1 -d ' ')
|
||||||
if [ "$check_update_retcode" -eq 0 ]; then
|
if [ "$check_update_retcode" -eq 0 ]; then
|
||||||
# exit code 0 means no updates available - regardless of stdout messages
|
# exit code 0 means no updates available - regardless of stdout messages
|
||||||
echo "No new updates available"
|
echo "No new updates available"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
PKGLIST=$UPDATES
|
|
||||||
YUM_COMMAND="yumdownloader --destdir=$DOM0_UPDATES_DIR/packages --resolve"
|
YUM_COMMAND="yumdownloader --destdir=$DOM0_UPDATES_DIR/packages --resolve"
|
||||||
elif [ "$YUM_ACTION" == "list" ] || [ "$YUM_ACTION" == "search" ]; then
|
elif [ "$YUM_ACTION" == "list" ] || [ "$YUM_ACTION" == "search" ]; then
|
||||||
# those actions do not download any package, so lack of --downloadonly is irrelevant
|
# those actions do not download any package, so lack of --downloadonly is irrelevant
|
||||||
YUM_COMMAND="$YUM $YUM_ACTION -y"
|
YUM_COMMAND="$YUM $YUM_ACTION -y"
|
||||||
elif [ "$YUM_ACTION" == "reinstall" ]; then
|
elif [ "$YUM_ACTION" == "reinstall" ]; then
|
||||||
# this is just approximation of 'reinstall' action...
|
# this is just approximation of 'reinstall' action...
|
||||||
# shellcheck disable=SC2086
|
mapfile -t PKGLIST < <(rpm --root=$DOM0_UPDATES_DIR -q "${PKGLIST[@]}")
|
||||||
PKGLIST=$(rpm --root=$DOM0_UPDATES_DIR -q $PKGLIST)
|
|
||||||
YUM_COMMAND="yumdownloader --destdir=$DOM0_UPDATES_DIR/packages --resolve"
|
YUM_COMMAND="yumdownloader --destdir=$DOM0_UPDATES_DIR/packages --resolve"
|
||||||
else
|
else
|
||||||
echo "ERROR: yum version installed in VM $(hostname) does not suppport --downloadonly option" >&2
|
echo "ERROR: yum version installed in VM $(hostname) does not suppport --downloadonly option" >&2
|
||||||
@ -156,12 +154,12 @@ set -e
|
|||||||
if [ "$GUI" = 1 ]; then
|
if [ "$GUI" = 1 ]; then
|
||||||
( echo "1"
|
( echo "1"
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
$YUM_COMMAND $OPTS $PKGLIST
|
$YUM_COMMAND $OPTS "${PKGLIST[@]}"
|
||||||
echo 100 ) | zenity --progress --pulsate --auto-close --auto-kill \
|
echo 100 ) | zenity --progress --pulsate --auto-close --auto-kill \
|
||||||
--text="Downloading updates for Dom0, please wait..." --title="Qubes Dom0 updates"
|
--text="Downloading updates for Dom0, please wait..." --title="Qubes Dom0 updates"
|
||||||
else
|
else
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
$YUM_COMMAND $OPTS $PKGLIST
|
$YUM_COMMAND $OPTS "${PKGLIST[@]}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
find "$DOM0_UPDATES_DIR/var/cache" -name '*.rpm' -print0 |\
|
find "$DOM0_UPDATES_DIR/var/cache" -name '*.rpm' -print0 |\
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user