commit: 99810affa0ba02ab41171fc87fcf98263ff36e97
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Mon Jun 9 21:35:51 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 11 03:26:20 2025 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=99810aff
estrip: marginally improve the handling of STRIP_MASK
The 'STRIP_MASK' variable is intended to contain a <blank>-separated
series of zero-or-more words, each of which is to be treated as an
extended globbing pattern. Should a given pathname match any of these
patterns, it must not be stripped. This commit improves the manner in
which the variable is handled, as described herewith.
Rename the 'm' variable to 'glob', for clarity.
Refrain from using echo to print the words produced by expanding the
'STRIP_MASK' variable. It suffers from various portability issues, and
may respond to "special first operands", as Ramey puts it. Instead, use
the printf builtin.
Consume the words produced by expanding the 'STRIP_MASK' variable as a
stream of zero-or-more null-terminated records. This makes it possible
to employ certain patterns that could not have worked before. For
instance, consider the following assignment (using shell syntax rather
than make.conf syntax).
STRIP_MASK="/foo /bar/\$'\t'baz"
Prior to this commit, the value would map to these three globs:
declare -- glob="/foo"
declare -- glob="/bar/"
declare -- glob="baz"
Following this commit, the value maps to these two globs:
declare -- glob="/foo"
declare -- glob=$'/bar/\tbaz'
Unfortunately, the invocation of the eval builtin remains, since it is
required to support brace expansion. I have added an excoriating comment
regarding this because it is an absurd anti-feature that ought to be
dropped. Until such time as that happens, arbitrary code execution will
remain an attendant risk.
Consider a plausible scenario, in which a user might find it convenient
to define, say, "/foo/{bar,baz,quux}" as a mask. Instead, it should be
written as "/foo/@(bar|baz|quux)", which is a perfectly valid extglob.
Finally, suppress an instance of SC2053 that is a false-positive.
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
bin/estrip | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/bin/estrip b/bin/estrip
index dbd9754575..07d29ec798 100755
--- a/bin/estrip
+++ b/bin/estrip
@@ -602,18 +602,21 @@ for inode_link in *; do
elif (( ! do_prepstrip )); then
do_strip=1
else
- # The noglob funk is to support STRIP_MASK="/*/booga"
and to keep
- # the for loop from expanding the globs.
- # The eval echo is to support
STRIP_MASK="/*/{booga,bar}".
- set -o noglob
do_strip=1
- for m in $(eval echo ${STRIP_MASK}) ; do
- if [[ ${x#"${ED%/}"} == ${m} ]]; then
+ while IFS= read -rd '' glob; do
+ # shellcheck disable=2053
+ if [[ ${x#"${ED%/}"} == ${glob} ]]; then
do_strip=0
break
fi
- done
- set +o noglob
+ done < <(
+ # FIXME: This facilitates code injection, just
+ # for the sake of supporting brace-expansion.
+ # To support it amounts to a grave anti-feature.
+ # It really ought to be dropped.
+ shopt -o -s noglob
+ eval "printf '%s\\0' ${STRIP_MASK}"
+ )
fi
if (( has_feature[splitdebug] && ! has_restriction[splitdebug]
)); then
