[buildd-tools-devel] Bug#589889: Bug#589889: Bug#589889: schroot: session names being inconsistently restricted
Roger Leigh
rleigh at codelibre.net
Sat Aug 7 09:43:13 UTC 2010
tags 589889 + fixed-upstream pending
thanks
On Thu, Jul 22, 2010 at 09:36:13AM -0700, Zach Carter wrote:
> On Thursday 22 July 2010 02:04:52 Roger Leigh wrote:
> > Agreed on all counts and the patch looks great. I'll review it in
> > more detail when I have time at the weekend and make a new release
> > then.
>
> Cool! thanks.
I've applied this to the schroot-1.4 branch with an additional two patches
which use is_valid_sessionname to validate chroot names (i.e. session
names) and the --session-name command-line option. Your patch validates
it when loading sessions, whereas these additions also force validation
when creating them.
> Just some additional background info. When I was troubleshooting this issue I
> noticed some inconsistent behavior in the boost regex logic. Some of my
> session names were allowed, and some were not, and I was banging my head
> against the wall trying to figure out what was different. A friend of my
> suggested it may have to do with how the ranges are handled, such as "a-z".
> Testing confirmed that hypothesis, at least in my environment. Apparently,
> those ranges are not very reliable with regard to your locale setting.
Could you possible let me know what the locale and name was so I can
reproduce this?
> So, it might be advisable to change the regexes used in sbuild-util.cc to use
> the more reliable character classes, such as [:lower:] and [:digit:],
> documented here:
>
> http://www.boost.org/doc/libs/1_43_0/libs/regex/doc/html/boost_regex/syntax/character_classes/std_char_clases.html
>
> Or, set some compile-time flags to force the locale sensitivity off.
We probably want to force it to only use the ASCII range here, or
else we'll start allowing non-Arabic numerals and non-latin alphabets.
This AFAICT wouldn't change if we switch to character classes.
The same applies to the other use of regexes in schroot.
I just need to work out how to disable boost::regex::collate; is there
an inverse of that option? Since it's enabled by default for
extended regexes, I'm not sure how to turn this off.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100807/3da1e973/attachment.pgp>
More information about the Buildd-tools-devel
mailing list