Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix parsing of password-command option (#6268) #9002

Merged
merged 1 commit into from
Jun 18, 2023
Merged

Fix parsing of password-command option (#6268) #9002

merged 1 commit into from
Jun 18, 2023

Conversation

frasertweedale
Copy link
Contributor

@frasertweedale frasertweedale commented Jun 5, 2023
edited
Loading

The password-command option does not parse its value correctly.
Quotes are ignored, making many kinds of commands impossible to
express (e.g. sh -c "foo | bar"). Also, cabal user-config
treats the argument list as a list of option values, rather than a
value that is a list. As a consequence, cabal user-config update corrupts the value in the config file.

Fix these issues by parsing the command as a space separated list of
tokens, and changing the getter to unwords the value and return a
singleton list. Also update the argument placeholder from
PASSWORD to COMMAND.

Fixes: #6268

Manual QA Notes

Please include the following checklist in your PR:

Bonus points for added automated tests!

@ulysses4ever
Copy link
Collaborator

Good job here, thank you! Would it be possible to add a test?

@frasertweedale frasertweedale force-pushed the fix/6268-password-command-quotes branch 2 times, most recently from 1927d8c to b78c95a Compare June 6, 2023 01:01
@frasertweedale
Copy link
Contributor Author

@ulysses4ever I added (well, extended) a test, and updated the users guide.

@frasertweedale
Copy link
Contributor Author

bump please review when able :)

@frasertweedale
Copy link
Contributor Author

@Kleidukos also affects cabal upload command. Suggest adding label cabal-install: cmd/upload.

@ulysses4ever
Copy link
Collaborator

@frasertweedale please, add a changelog as described here.

ulysses4ever
ulysses4ever approved these changes Jun 11, 2023
View reviewed changes
Copy link
Collaborator

@ulysses4ever ulysses4ever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Predicated on the changelog, this looks good to me, thanks!

@ulysses4ever ulysses4ever added the attention: needs-manual-qa PR is destined for manual QA label Jun 11, 2023
@ulysses4ever
Copy link
Collaborator

Also, I think it'd be nice to have manual QA for this change. I'll add a note in the OP.

@frasertweedale
Fix parsing of password-command option (haskell#6268)
95f48ad 
The password-command option does not parse its value correctly.
Quotes are ignored, making many kinds of commands impossible to
express (e.g.  `sh -c "foo | bar"`).  Also, `cabal user-config`
treats the argument list as a *list of option values*, rather than a
*value that is a list*.  As a consequence, `cabal user-config
update` corrupts the value in the config file.

Fix these issues by parsing the command as a space separated list of
tokens, and changing the getter to `unwords` the value and return a
*singleton* list.  Also update the argument placeholder from
`PASSWORD` to `COMMAND`.

Fixes: haskell#6268
@frasertweedale frasertweedale force-pushed the fix/6268-password-command-quotes branch from b78c95a to 95f48ad Compare June 12, 2023 02:59
@frasertweedale
Copy link
Contributor Author

@ulysses4ever I added a changelog.d entry.

@ulysses4ever
Copy link
Collaborator

Thank you! Waiting for a second review…

geekosaur
geekosaur approved these changes Jun 12, 2023
View reviewed changes
Copy link
Collaborator

@geekosaur geekosaur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable to me

@ulysses4ever ulysses4ever added merge me Tell Mergify Bot to merge and removed attention: needs-review labels Jun 12, 2023
@mergify mergify bot added the merge delay passed Applied (usually by Mergify) when PR approved and received no updates for 2 days label Jun 14, 2023
@frasertweedale
Copy link
Contributor Author

Something went wrong with mergify. Can someone advise on next steps? I logged into mergify (never used it previously) but it couldn't access the haskell dashboard or something...

@Kleidukos
Copy link
Member

@frasertweedale no problems, thanks

@Kleidukos Kleidukos merged commit e0ebb86 into haskell:master Jun 18, 2023
@frasertweedale frasertweedale deleted the fix/6268-password-command-quotes branch June 18, 2023 07:04
@jgotoh
Copy link
Member

jgotoh commented Jul 6, 2023
edited
Loading

Here are the results of QA:

  1. Verify with latest cabal 3.10.1.0:

~/.cabal/config contains:
password-command: sh -c "ls | tail -n 1"

Running cabal user-config update results in following change in ~/.cabal/config:
password-command: sh,-c,"ls,|,tail,-n,1

=> password-command was changed, bug exists

  1. Verify fix with latest cabal head:

Running cabal user-config update results in following change in ~/.cabal/config:
password-command: sh -c "ls | tail -n 1"

Same as before, so QA is passed 🥇

Edit:

hold on, I checked the wrong file, sorry. The following change occurs in my config file after running cabal-head user-config update
password-command: "sh" "-c" "ls | tail -n 1"

Is this the correct behavior? @frasertweedale

@jgotoh jgotoh self-assigned this Jul 6, 2023
@ulysses4ever
Copy link
Collaborator

@jgotoh thanks a bunch!

@frasertweedale
Copy link
Contributor Author

frasertweedale commented Jul 6, 2023
edited
Loading

hold on, I checked the wrong file, sorry. The following change occurs in my config file after running cabal-head user-config update password-command: "sh" "-c" "ls | tail -n 1"

Is this the correct behavior? @frasertweedale

This is expected. The values are semantically equivalent. It's an artifact of the token parsing compared to the pretty-printing of the option values. There are two ways of representing a simple token: with quotes, or without. So unless we represent which variant was used in the option values, there is no way to ensure the string representation round-trips.

@jgotoh
Copy link
Member

jgotoh commented Jul 6, 2023

Awesome, thank you very much for your quick answer and your detailed description. Then QA is passed here! :)

@ulysses4ever
Copy link
Collaborator

Bugfix -- qualifies for a backport, I think.

@ulysses4ever
Copy link
Collaborator

@mergify backport 3.10

@mergify
Copy link
Contributor

mergify bot commented Jul 14, 2023
edited
Loading

backport 3.10

✅ Backports have been created

@mergify mergify bot mentioned this pull request Jul 14, 2023
Merged
mergify bot added a commit that referenced this pull request Jul 14, 2023
@mergify
Merge pull request #9125 from haskell/mergify/bp/3.10/pr-9002
529f850 
Fix parsing of password-command option (#6268) (backport #9002)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ulysses4ever ulysses4ever ulysses4ever approved these changes

@geekosaur geekosaur geekosaur approved these changes

Assignees

@jgotoh jgotoh

Labels
attention: needs-manual-qa PR is destined for manual QA cabal-install: cmd/upload cabal-install: cmd/user-config cabal-install: other merge delay passed Applied (usually by Mergify) when PR approved and received no updates for 2 days merge me Tell Mergify Bot to merge
Projects
Manual QA board
Status: Testing Approved
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cabal user-config updates breaks password-command
5 participants
@frasertweedale @ulysses4ever @Kleidukos @jgotoh @geekosaur