Skip to content

Commit

Permalink
module: quote filenames in command lines
Browse files Browse the repository at this point in the history
  • Loading branch information
kenyon committed Aug 22, 2023
1 parent 13272f0 commit ad68e34
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 15 deletions.
4 changes: 2 additions & 2 deletions manifests/module.pp
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@
exec { "build-module-${title}":
path => '/bin:/usr/bin',
cwd => $module_dir,
command => "${build_command} || (rm -f ${module_file}.pp ${module_file}.loaded && exit 1)",
command => "${build_command} || (rm -f '${module_file}.pp' '${module_file}.loaded' && exit 1)",
creates => "${module_file}.pp",
notify => Exec["install-module-${title}"],
}
Expand Down Expand Up @@ -168,7 +168,7 @@
exec { "install-module-${title}":
path => '/sbin:/usr/sbin:/bin:/usr/bin',
cwd => $module_dir,
command => "semodule -i ${module_file}.pp && touch ${module_file}.loaded",
command => "semodule -i '${module_file}.pp' && touch '${module_file}.loaded'",
creates => "${module_file}.loaded",
before => Selmodule[$title],
}
Expand Down
26 changes: 13 additions & 13 deletions spec/defines/selinux_module_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@
it { is_expected.to contain_file("#{workdir}/mymodule.fc").with(source: nil, content: '') }
it { is_expected.to contain_file("#{workdir}/mymodule.if").with(source: nil, content: '') }
it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded'", cwd: workdir) }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f #{module_basepath}.pp #{module_basepath}.loaded && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i #{module_basepath}.pp && touch #{module_basepath}.loaded", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded' && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i '#{module_basepath}.pp' && touch '#{module_basepath}.loaded'", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: workdir) }
end

Expand All @@ -65,8 +65,8 @@
it { is_expected.to contain_file("#{workdir}/mymodule.fc").that_notifies('Exec[clean-module-mymodule]') }
it { is_expected.to contain_file("#{workdir}/mymodule.if").with(source: nil, content: '') }
it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded'", cwd: workdir) }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f #{module_basepath}.pp #{module_basepath}.loaded && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i #{module_basepath}.pp && touch #{module_basepath}.loaded", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded' && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i '#{module_basepath}.pp' && touch '#{module_basepath}.loaded'", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: workdir) }
end

Expand All @@ -85,8 +85,8 @@
it { is_expected.to contain_file("#{workdir}/mymodule.if").that_notifies('Exec[clean-module-mymodule]') }
it { is_expected.to contain_file("#{workdir}/mymodule.fc").that_notifies('Exec[clean-module-mymodule]') }
it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded'", cwd: workdir) }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f #{module_basepath}.pp #{module_basepath}.loaded && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i #{module_basepath}.pp && touch #{module_basepath}.loaded", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded' && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i '#{module_basepath}.pp' && touch '#{module_basepath}.loaded'", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: workdir) }
end

Expand All @@ -105,8 +105,8 @@
it { is_expected.to contain_file("#{workdir}/mymodule.if").with(source: nil, content: 'interface(puppet_test)').that_notifies('Exec[clean-module-mymodule]') }
it { is_expected.to contain_file("#{workdir}/mymodule.fc").with(source: nil, content: '/bin/sh system_u:object_r:bin_t').that_notifies('Exec[clean-module-mymodule]') }
it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded'", cwd: workdir) }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f #{module_basepath}.pp #{module_basepath}.loaded && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i #{module_basepath}.pp && touch #{module_basepath}.loaded", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded' && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i '#{module_basepath}.pp' && touch '#{module_basepath}.loaded'", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: workdir) }
end

Expand All @@ -124,8 +124,8 @@
it { is_expected.to contain_file("#{workdir}/mymodule.fc").with(source: nil, content: '') }
it { is_expected.to contain_file("#{workdir}/mymodule.if").with(source: nil, content: '') }
it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded'", cwd: workdir) }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "/var/lib/puppet/puppet-selinux/bin/selinux_build_module_simple.sh mymodule #{workdir} || (rm -f #{module_basepath}.pp #{module_basepath}.loaded && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i #{module_basepath}.pp && touch #{module_basepath}.loaded", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "/var/lib/puppet/puppet-selinux/bin/selinux_build_module_simple.sh mymodule #{workdir} || (rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded' && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i '#{module_basepath}.pp' && touch '#{module_basepath}.loaded'", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: workdir) }
end

Expand All @@ -142,8 +142,8 @@
it { is_expected.to contain_file("#{workdir}/mymodule.fc").with(source: nil, content: '') }
it { is_expected.to contain_file("#{workdir}/mymodule.if").with(source: nil, content: '') }
it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded'", cwd: workdir) }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "/var/lib/puppet/puppet-selinux/bin/selinux_build_module_simple.sh mymodule #{workdir} || (rm -f #{module_basepath}.pp #{module_basepath}.loaded && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i #{module_basepath}.pp && touch #{module_basepath}.loaded", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_exec('build-module-mymodule').with(command: "/var/lib/puppet/puppet-selinux/bin/selinux_build_module_simple.sh mymodule #{workdir} || (rm -f '#{module_basepath}.pp' '#{module_basepath}.loaded' && exit 1)", creates: "#{module_basepath}.pp") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i '#{module_basepath}.pp' && touch '#{module_basepath}.loaded'", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: workdir) }
end

Expand All @@ -170,7 +170,7 @@
it { is_expected.to contain_file(workdir) }
it { is_expected.to contain_file("#{workdir}/mymodule.pp").that_notifies('Exec[clean-module-mymodule]') }
it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f '#{module_basepath}.loaded'", cwd: workdir) }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i #{module_basepath}.pp && touch #{module_basepath}.loaded", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_exec('install-module-mymodule').with(command: "semodule -i '#{module_basepath}.pp' && touch '#{module_basepath}.loaded'", cwd: workdir, creates: "#{module_basepath}.loaded") }
it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: workdir) }
end

Expand Down

0 comments on commit ad68e34

Please sign in to comment.