##
-# Copyright (c) 2013 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2013, 2017 Peter Palfrader <peter@palfrader.org>
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
sys.exit(1)
def get_session_owner(session):
- if re.search('[^0-9a-zA-Z_-]', session):
+ if re.search('^\.|~$|[^0-9a-zA-Z_.~-]', session):
die("Invalid session name.")
path = os.path.join('/var/lib/schroot/session', session)
die("Session owner mismatch.")
def os_supports_unshare():
- if platform.uname()[0] == 'GNU/kFreeBSD':
+ if platform.uname()[0] in ('GNU/kFreeBSD', 'GNU'):
return False
return True
self.apt_simulate_and_ask(['dist-upgrade'])
def apt_install(self, packages):
+ packages = self.reject_invalid_packages(packages)
self.apt_simulate_and_ask(['install', '--'] + packages)
def apt_build_dep(self, packages, archonly=False):
+ packages = self.reject_invalid_packages(packages)
cmd = (['--arch-only'] if archonly else []) + ['build-dep', '--']
self.apt_simulate_and_ask(cmd + packages)
def secure_run(self, args, unshare=True):
WrappedRunner(self.session, args, unshare)
+ @staticmethod
+ def reject_invalid_packages(pkgs):
+ """filter package names
+
+ reject package names that start with . or /, as they are
+ not valid package names, but can be used to install local files
+ which we do not want.
+ """
+ new_pkgs = []
+ for p in pkgs:
+ if p.startswith('.') or p.startswith('/'):
+ die("invalid package name: %s"%(p,))
+ new_pkgs.append(p)
+ return new_pkgs
+
parser = optparse.OptionParser()
parser.set_usage("""%prog [options] -c <session-chroot> [-y] -- <command>