[OE-core] [PATCH v2 1/1] systemd: escape paths passed to shell

Damien Riegel damien.riegel at savoirfairelinux.com
Fri Jun 22 18:43:02 UTC 2018 

Systemd mount configuration file must have a name that match the mount
point directory they control. So for instance, if a mount file contains

    [Mount]
    ...
    Where=/mnt/my-data

The file must be named `mnt-my\x2ddata.mount`, or systemd will refuse to
honour it.

If this config file contains an [Install] section, it will silently fail
because the unit file is not escaped properly when systemctl is called.
To fix that, make sure paths are escaped through `shlex.quote`.

Signed-off-by: Damien Riegel <damien.riegel at savoirfairelinux.com>
---
Changes in v2:
 - v1 didn't handle multiple files in SYSTEMD_SERVICE_${PN}, this v2
   fixes using a solution suggested by Christopher Larson

 meta/classes/systemd.bbclass | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/meta/classes/systemd.bbclass b/meta/classes/systemd.bbclass
index 1b134322fb..c7b784dea8 100644
--- a/meta/classes/systemd.bbclass
+++ b/meta/classes/systemd.bbclass
@@ -34,10 +34,10 @@ if type systemctl >/dev/null 2>/dev/null; then
 		systemctl daemon-reload
 	fi
 
-	systemctl $OPTS ${SYSTEMD_AUTO_ENABLE} ${SYSTEMD_SERVICE}
+	systemctl $OPTS ${SYSTEMD_AUTO_ENABLE} ${SYSTEMD_SERVICE_ESCAPED}
 
 	if [ -z "$D" -a "${SYSTEMD_AUTO_ENABLE}" = "enable" ]; then
-		systemctl --no-block restart ${SYSTEMD_SERVICE}
+		systemctl --no-block restart ${SYSTEMD_SERVICE_ESCAPED}
 	fi
 fi
 }
@@ -51,10 +51,10 @@ fi
 
 if type systemctl >/dev/null 2>/dev/null; then
 	if [ -z "$D" ]; then
-		systemctl stop ${SYSTEMD_SERVICE}
+		systemctl stop ${SYSTEMD_SERVICE_ESCAPED}
 	fi
 
-	systemctl $OPTS disable ${SYSTEMD_SERVICE}
+	systemctl $OPTS disable ${SYSTEMD_SERVICE_ESCAPED}
 fi
 }
 
@@ -65,6 +65,7 @@ systemd_populate_packages[vardepsexclude] += "OVERRIDES"
 
 python systemd_populate_packages() {
     import re
+    import shlex
 
     if not bb.utils.contains('DISTRO_FEATURES', 'systemd', True, False, d):
         return
@@ -85,6 +86,9 @@ python systemd_populate_packages() {
     def systemd_generate_package_scripts(pkg):
         bb.debug(1, 'adding systemd calls to postinst/postrm for %s' % pkg)
 
+        paths_escaped = ' '.join(shlex.quote(s) for s in d.getVar('SYSTEMD_SERVICE_' + pkg, True).split())
+        d.setVar('SYSTEMD_SERVICE_ESCAPED_' + pkg, paths_escaped)
+
         # Add pkg to the overrides so that it finds the SYSTEMD_SERVICE_pkg
         # variable.
         localdata = d.createCopy()
@@ -130,7 +134,7 @@ python systemd_populate_packages() {
                 systemd_add_files_and_parse(pkg_systemd, path, service_base + '@.service', keys)
             for key in keys.split():
                 # recurse all dependencies found in keys ('Also';'Conflicts';..) and add to files
-                cmd = "grep %s %s | sed 's,%s=,,g' | tr ',' '\\n'" % (key, fullpath, key)
+                cmd = "grep %s %s | sed 's,%s=,,g' | tr ',' '\\n'" % (key, shlex.quote(fullpath), key)
                 pipe = os.popen(cmd, 'r')
                 line = pipe.readline()
                 while line:
-- 
2.17.1

More information about the Openembedded-core mailing list