From e519b9aad5475758b36cfebfcdd3fec9c484c3fa Mon Sep 17 00:00:00 2001
From: Alexander Couzens <lynxis@fe80.eu>
Date: Thu, 13 Oct 2016 02:12:21 +0200
Subject: reproducible_openwrt|lede: node_save_logs: check input and hardcode
 paths

improves the security if called over ssh and simplify the script.

Signed-off-by: Holger Levsen <holger@layer-acht.org>
---
 bin/reproducible_openwrt_common.sh | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'bin/reproducible_openwrt_common.sh')

diff --git a/bin/reproducible_openwrt_common.sh b/bin/reproducible_openwrt_common.sh
index 23c26682..3e1098a8 100644
--- a/bin/reproducible_openwrt_common.sh
+++ b/bin/reproducible_openwrt_common.sh
@@ -74,11 +74,21 @@ create_results_dirs() {
 	mkdir -p $BASE/$project/dbd
 }
 
+# node_save_logs can be called over ssh OR called within openwrt_build
 node_save_logs() {
-	local TYPE=$1
-	local RUN=$2
+	local tmpdir=$1
 
-	tar cJf "$TMPDIR/$RUN/logs_${TYPE}.tar.xz" logs/
+	if [ "${tmpdir:0:26}" != "/srv/reproducible-results/" ] || [ ${#tmpdir} -le 26 ] ; then
+		echo "Something very strange with \$TMPDIR=$tmpdir exiting instead of doing node_save_logs."
+		exit 1
+	fi
+
+	if [ ! -d "$tmpdir/build/logs" ] ; then
+		# we create an empty tar.xz instead of failing
+		touch "$tmpdir/build_logs.tar.xz"
+	else
+		tar cJf "$tmpdir/build_logs.tar.xz" -C "$tmpdir/build/logs"
+	fi
 }
 
 # RUN - is b1 or b2. b1 for first run, b2 for second
@@ -297,7 +307,7 @@ openwrt_build() {
 	[ "$TYPE" = "openwrt" ] && save_openwrt_results $RUN
 
 	# copy logs
-	node_save_logs $TMPDIR/build_logs.tar.xz $TMPBUILDDIR
+	node_save_logs "$TMPDIR"
 
 	# clean up between builds
 	openwrt_cleanup
-- 
cgit v1.2.3-54-g00ecf