GNU bug report logs - #16843
Error caused due to regression in git

Previous Next

Package: automake;

Reported by: Darshit Shah <darnir <at> gmail.com>

Date: Sat, 22 Feb 2014 16:07:01 UTC

Severity: normal

Tags: notabug

Done: Eric Blake <eblake <at> redhat.com>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Darshit Shah <darnir <at> gmail.com>
To: bug-automake <at> gnu.org
Subject: Error caused due to regression in git
Date: Sat, 22 Feb 2014 10:01:21 +0100

[Message part 1 (text/plain, inline)]
automake --version: 1.14.1
autoconf --version: 2.69

The error occured when attempting to run the test suite GNU Wget's git
source.
`make` works correctly, but `make check` happens to fail with the following
output:

if test -d ./.git                               \
        && git --version >/dev/null 2>&1; then                  \
  cd . &&                                               \
  git submodule --quiet foreach                                 \
      test '"$(git rev-parse "$sha1")"'                 \
      = '"$(git merge-base origin "$sha1")"'                    \
    || { echo 'maint.mk: found non-public submodule commit' >&2;        \
         exit 1; };                                             \
else                                                            \
  : ;                                                           \
fi
Stopping at 'gnulib'; script returned non-zero status.
maint.mk: found non-public submodule commit
maint.mk:1394: recipe for target 'public-submodule-commit' failed
make: *** [public-submodule-commit] Error 1


In the repository, gnulib is used as a submodule. Running:
$ git submodule foreach echo $name, $path, $sha1
returns an empty string which implies that git is unable to see the
submodules correctly.

I bisected the git source to find the commit causing the problems. The
following is the commit message:

commit 1c4fb136dbad762c9c4350ee79c3474ae8037587
Author: Anders Kaseorg <andersk <at> MIT.EDU>
Date:   Fri Sep 27 06:23:55 2013 -0400

    submodule foreach: skip eval for more than one argument

    'eval "$@"' creates an extra layer of shell interpretation, which is
    probably not expected by a user who passes multiple arguments to git
    submodule foreach:

     $ git grep "'"
     [searches for single quotes]
     $ git submodule foreach git grep "'"
     Entering '[submodule]'
     /usr/lib/git-core/git-submodule: 1: eval: Syntax error: Unterminated
quoted string
     Stopping at '[submodule]'; script returned non-zero status.

    To fix this, if the user passes more than one argument, execute "$@"
    directly instead of passing it to eval.

    Examples:

     * Typical usage when adding an extra level of quoting is to pass a
       single argument representing the entire command to be passed to the
       shell.  This doesn't change that.

     * One can imagine someone feeding untrusted input as an argument:

        git submodule foreach git grep "$variable"

       That currently results in a nonobvious shell code injection
       vulnerability.  Executing the command named by the arguments
       directly, as in this patch, fixes it.

    Signed-off-by: Anders Kaseorg <andersk <at> mit.edu>
    Acked-by: Johan Herland <johan <at> herland.net>
    Signed-off-by: Jonathan Nieder <jrnieder <at> gmail.com>


Hence, this seems to me as a feature, not a bug in Git. Maybe, automake
needs to fix its scripts accordingly? Because the issue with `make check`
was introduced through this specific commit.

Do let me know if I can provide any more help.
Also, I am not sunscribed to this mailing list, hence, please ensure to
leave my email in the CC list.

-- 
Thanking You,
Darshit Shah

[Message part 2 (text/html, inline)]
This bug report was last modified 11 years and 86 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.