[ARVADOS] created: 675ae7bb7f73736667d3d2dd445341488c96ddda

Git user git at public.curoverse.com
Fri Apr 8 10:56:51 EDT 2016 

        at  675ae7bb7f73736667d3d2dd445341488c96ddda (commit)


commit 675ae7bb7f73736667d3d2dd445341488c96ddda
Author: Brett Smith <brett at curoverse.com>
Date:   Fri Apr 8 10:56:34 2016 -0400

    8893: Safer quoting of crunch-job's conditional volume switches.
    
    Packing arguments into an array allows us to both have a variable
    number of switches, with correct word splitting, even when the
    indivdiual arguments in the array have whitespace.

diff --git a/sdk/cli/bin/crunch-job b/sdk/cli/bin/crunch-job
index b4cb214..149d20b 100755
--- a/sdk/cli/bin/crunch-job
+++ b/sdk/cli/bin/crunch-job
@@ -862,12 +862,10 @@ for (my $todo_ptr = 0; $todo_ptr <= $#jobstep_todo; $todo_ptr ++)
         .q{&& SWAP=$(awk '($1 == "SwapTotal:"){print $2}' </proc/meminfo) }
         ."&& MEMLIMIT=\$(( (\$MEM * 95) / ($ENV{CRUNCH_NODE_SLOTS} * 100) )) "
         ."&& let SWAPLIMIT=\$MEMLIMIT+\$SWAP "
-        # $VOLUME_CRUNCHRUNNER and $VOLUME_CERTS will be passed unquoted as
-        # arguments to `docker run`.  They must contain their own quoting.
-        .q{&& VOLUME_CRUNCHRUNNER="" VOLUME_CERTS="" }
-        .q{&& if which crunchrunner >/dev/null ; then VOLUME_CRUNCHRUNNER=--volume=$(which crunchrunner):/usr/local/bin/crunchrunner ; fi }
-        .q{&& if test -f /etc/ssl/certs/ca-certificates.crt ; then VOLUME_CERTS=--volume=/etc/ssl/certs/ca-certificates.crt:/etc/arvados/ca-certificates.crt ; }
-        .q{elif test -f /etc/pki/tls/certs/ca-bundle.crt ; then VOLUME_CERTS=--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/arvados/ca-certificates.crt ; fi };
+        .q{&& declare -a VOLUMES=() }
+        .q{&& if which crunchrunner >/dev/null ; then VOLUMES+=("--volume=$(which crunchrunner):/usr/local/bin/crunchrunner") ; fi }
+        .q{&& if test -f /etc/ssl/certs/ca-certificates.crt ; then VOLUMES+=("--volume=/etc/ssl/certs/ca-certificates.crt:/etc/arvados/ca-certificates.crt") ; }
+        .q{elif test -f /etc/pki/tls/certs/ca-bundle.crt ; then VOLUMES+=("--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/arvados/ca-certificates.crt") ; fi };
 
     $command .= "&& exec arv-mount --read-write --mount-by-pdh=by_pdh --mount-tmp=tmp --crunchstat-interval=10 --allow-other $arv_file_cache \Q$keep_mnt\E --exec ";
     $ENV{TASK_KEEPMOUNT} = "$keep_mnt/by_pdh";
@@ -934,7 +932,7 @@ for (my $todo_ptr = 0; $todo_ptr <= $#jobstep_todo; $todo_ptr ++)
 
       # Bind mount the crunchrunner binary and host TLS certificates file into
       # the container.
-      $command .= "\$VOLUME_CRUNCHRUNNER \$VOLUME_CERTS ";
+      $command .= '"${VOLUMES[@]}" ';
 
       while (my ($env_key, $env_val) = each %ENV)
       {

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list