[buildd-tools-devel] Bug#589889: Bug#589889: Bug#589889: schroot: session names being inconsistently restricted

Roger Leigh rleigh at codelibre.net
Sat Aug 7 09:43:13 UTC 2010


tags 589889 + fixed-upstream pending
thanks

On Thu, Jul 22, 2010 at 09:36:13AM -0700, Zach Carter wrote:
> On Thursday 22 July 2010 02:04:52 Roger Leigh wrote:
> > Agreed on all counts and the patch looks great.  I'll review it in
> > more detail when I have time at the weekend and make a new release
> > then.
> 
> Cool!  thanks.

I've applied this to the schroot-1.4 branch with an additional two patches
which use is_valid_sessionname to validate chroot names (i.e. session
names) and the --session-name command-line option.  Your patch validates
it when loading sessions, whereas these additions also force validation
when creating them.

> Just some additional background info.  When I was troubleshooting this issue I 
> noticed some inconsistent behavior in the boost regex logic.  Some of my 
> session names were allowed, and some were not, and I was banging my head 
> against the wall trying to figure out what was different.   A friend of my 
> suggested it may have to do with how the ranges are handled, such as "a-z".   
> Testing confirmed that hypothesis, at least in my environment.  Apparently, 
> those ranges are not very reliable with regard to your locale setting.   

Could you possible let me know what the locale and name was so I can
reproduce this?

> So, it might be advisable to change the regexes used in sbuild-util.cc to use 
> the more reliable character classes, such as [:lower:] and [:digit:], 
> documented here:
> 
> http://www.boost.org/doc/libs/1_43_0/libs/regex/doc/html/boost_regex/syntax/character_classes/std_char_clases.html
> 
> Or, set some compile-time flags to force the locale sensitivity off.

We probably want to force it to only use the ASCII range here, or
else we'll start allowing non-Arabic numerals and non-latin alphabets.
This AFAICT wouldn't change if we switch to character classes.
The same applies to the other use of regexes in schroot.

I just need to work out how to disable boost::regex::collate; is there
an inverse of that option?  Since it's enabled by default for
extended regexes, I'm not sure how to turn this off.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100807/3da1e973/attachment.pgp>


More information about the Buildd-tools-devel mailing list