summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIan Jackson <ijackson@chiark.greenend.org.uk>2014-10-30 00:38:04 +0000
committerIan Jackson <ijackson@chiark.greenend.org.uk>2014-11-08 16:22:37 +0000
commit2703ad402cb306b67cc0c96adfbd5335f0aff943 (patch)
treeeae1edbcd2574eba078835c3fcf3e5a8fc98b482
parent1c920a62c188ff676127973a548855fa7b02841c (diff)
Add `: dgit <blah>... ;' to the front of ssh remote commands, for the benefit of forced command wrappers
-rw-r--r--debian/changelog4
-rwxr-xr-xdgit16
2 files changed, 14 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog
index 9a3d744..cc02778 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,10 @@ dgit (0.23~) unstable; urgency=low
* Distro access configuration handling changes (should not be noticeable
to most users).
+ * Add :..; prefix to ssh remote commands, for the benefit of future
+ forced command wrappers. Implicitly, this defines a new ssh-based
+ command protocol.
+
--
dgit (0.22.1) unstable; urgency=high
diff --git a/dgit b/dgit
index 3c31140..6e175ad 100755
--- a/dgit
+++ b/dgit
@@ -819,8 +819,8 @@ sub canonicalise_suite_madison {
return $r[0][2];
}
-sub sshpsql ($$) {
- my ($data,$sql) = @_;
+sub sshpsql ($$$) {
+ my ($data,$runeinfo,$sql) = @_;
if (!length $data) {
$data= access_someuserhost('sshpsql').':'.
access_cfg('sshpsql-dbname');
@@ -829,7 +829,9 @@ sub sshpsql ($$) {
my ($userhost,$dbname) = ($`,$'); #';
my @rows;
my @cmd = (access_cfg_ssh, $userhost,
- "export LANG=C; ".shellquote qw(psql -A), $dbname, qw(-c), $sql);
+ ": dgit ssh-psql $runeinfo ;".
+ " export LANG=C;".
+ " ".shellquote qw(psql -A), $dbname, qw(-c), $sql);
printcmd(\*DEBUG,$debugprefix."|",@cmd) if $debug>0;
open P, "-|", @cmd or die $!;
while (<P>) {
@@ -849,13 +851,13 @@ sub sshpsql ($$) {
}
sub sql_injection_check {
- foreach (@_) { die "$_ $& ?" if m/[']/; }
+ foreach (@_) { die "$_ $& ?" if m{[^-+=:_.,/0-9a-zA-Z]}; }
}
sub archive_query_sshpsql ($$) {
my ($proto,$data) = @_;
sql_injection_check $isuite, $package;
- my @rows = sshpsql($data, <<END);
+ my @rows = sshpsql($data, "archive-query $isuite $package", <<END);
SELECT source.version, component.name, files.filename, files.sha256sum
FROM source
JOIN src_associations ON source.id = src_associations.source
@@ -880,7 +882,7 @@ END
sub canonicalise_suite_sshpsql ($$) {
my ($proto,$data) = @_;
sql_injection_check $isuite;
- my @rows = sshpsql($data, <<END);
+ my @rows = sshpsql($data, "canonicalise-suite $isuite", <<END);
SELECT suite.codename
FROM suite where suite_name='$isuite' or codename='$isuite';
END
@@ -975,6 +977,7 @@ sub check_for_git () {
if ($how eq 'ssh-cmd') {
my @cmd =
(access_cfg_ssh, access_gituserhost(),
+ ": dgit git-check $package ;".
" set -e; cd ".access_cfg('git-path').";".
" if test -d $package.git; then echo 1; else echo 0; fi");
my $r= cmdoutput @cmd;
@@ -994,6 +997,7 @@ sub create_remote_git_repo () {
if ($how eq 'ssh-cmd') {
runcmd_ordryrun
(access_cfg_ssh, access_gituserhost(),
+ " : dgit git-create $package ; ".
"set -e; cd ".access_cfg('git-path').";".
" cp -a _template $package.git");
} elsif ($how eq 'true') {