diff options
| author | Alexander Couzens <lynxis@fe80.eu> | 2016-10-13 02:12:21 +0200 |
|---|---|---|
| committer | Holger Levsen <holger@layer-acht.org> | 2016-10-13 13:13:29 +0200 |
| commit | e519b9aad5475758b36cfebfcdd3fec9c484c3fa (patch) | |
| tree | 662f81a17dab764d5c06aabdfe28ffc11c6d61f3 | |
| parent | ebb7e40a7b742f265e25e0bfcb591119440c7c30 (diff) | |
| download | jenkins.debian.net-e519b9aad5475758b36cfebfcdd3fec9c484c3fa.tar.xz | |
reproducible_openwrt|lede: node_save_logs: check input and hardcode paths
improves the security if called over ssh and simplify the script.
Signed-off-by: Holger Levsen <holger@layer-acht.org>
| -rw-r--r-- | bin/reproducible_openwrt_common.sh | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/bin/reproducible_openwrt_common.sh b/bin/reproducible_openwrt_common.sh index 23c26682..3e1098a8 100644 --- a/bin/reproducible_openwrt_common.sh +++ b/bin/reproducible_openwrt_common.sh @@ -74,11 +74,21 @@ create_results_dirs() { mkdir -p $BASE/$project/dbd } +# node_save_logs can be called over ssh OR called within openwrt_build node_save_logs() { - local TYPE=$1 - local RUN=$2 + local tmpdir=$1 - tar cJf "$TMPDIR/$RUN/logs_${TYPE}.tar.xz" logs/ + if [ "${tmpdir:0:26}" != "/srv/reproducible-results/" ] || [ ${#tmpdir} -le 26 ] ; then + echo "Something very strange with \$TMPDIR=$tmpdir exiting instead of doing node_save_logs." + exit 1 + fi + + if [ ! -d "$tmpdir/build/logs" ] ; then + # we create an empty tar.xz instead of failing + touch "$tmpdir/build_logs.tar.xz" + else + tar cJf "$tmpdir/build_logs.tar.xz" -C "$tmpdir/build/logs" + fi } # RUN - is b1 or b2. b1 for first run, b2 for second @@ -297,7 +307,7 @@ openwrt_build() { [ "$TYPE" = "openwrt" ] && save_openwrt_results $RUN # copy logs - node_save_logs $TMPDIR/build_logs.tar.xz $TMPBUILDDIR + node_save_logs "$TMPDIR" # clean up between builds openwrt_cleanup |