On Wed, Sep 04, 2024 at 12:57:52 +0000, David wrote:
> On Wed, 4 Sept 2024 at 11:03, Max Nikulin <maniku...@gmail.com> wrote:
> > On 04/09/2024 15:17, Thomas Schmitt wrote:
>
> > In /tmp/check_debian_iso line 153:
> > sum_from_file=`dd if=$file bs=2048 count=$blocks | $checksummer | head
> > -1 | awk '{print $1}'`
> > ^---^ SC2086 (info): Double quote to prevent
> > globbing and word splitting.
>
> Hi, that particular SC2086 warning can be ignored because the
> $1 that it is mistakenly complaining about is awk syntax, and the
> shell will not touch that because it is inside single-quotes.
Is it, though? It looks more like it's pointing to the if=$file part.
Perhaps the indentation was mangled by the layers of quoting.
> Whether and whether any of $file, $blocks, $checksummer
> need to be double quoted is a matter of preference, if their
> contents is known to not contain whitespace or globbing
> characters.
There is no sane world in which $file should be left unquoted.
Filenames *frequently* contain whitespace. It should be assumed that
*all* filenames contain whitespace -- you're just better off writing
from that perspective.
count=$blocks ... now, that one could go either way. The quotes are
*probably* not needed, assuming the contents of $blocks are a number.
But it's still better to include the quotes, to save the shell from
having to undergo the additional work of scanning the word for IFS and
globbing characters.
$checksummer here is a special case. The way it's written is a horrible
hack that Bourne shell programmers seem to have embraced. The idea is
that you can put a command and its arguments inside a variables, separated
by spaces, and use the variable unquoted to expand to the command.
This "works" in the simplest cases, where every argument word is just
a series of alphanumeric characters with carefully constrained punctuation
characters (dot, hyphen, underscore).
It **completely fails** if one of the arguments is a filename that
contains whitespace. Or contains whitespace for any other reason, such
as being something like CFLAGS='-g -O'.
The workaround for that is to use an array instead of a string variable
to hold the command and its arguments.
checksummer=( md5sum --magic-arguments )
dd if="$file" | "${checksummer[@]}" | awk 'stuff'
Of course, that's a bash extension, and not available in sh. In sh,
there is simply no way to do this safely, unless of course the contents
of checksummer are static. In that case, checksummer can be written
as a function.
checksummer() { md5sum --magic-arguments; }
dd if="$file" | checksummer | awk 'stuff'
