Re: 'hash foo' may fail, and would require something like 'hash /usr/bin/foo'
On 2/22/22 10:10 AM, Benoit Lacelle wrote: > Bash Version: 5.1 > Patch Level: 16 > Release Status: relase > Bash version: 5.1.16(1)-release (x86_64-alpine-linux-musl) > > Description: > Issue discussed at https://github.com/disney/meteor-base/pull/102 > Supposedly related with Bash5.1, 'hash npm' now fails in very recent bash, > but not in local macos bash, nor older linux docker images bashes > > > Repeat-By: > Supposedly related with upgrade of Docker node image: 'FROM > node:14.18.2-alpine', or 'RUN apk --no-cache add bash' Closing the loop here. The issue is related to a combination of musl libc, Alpine Linux 3.14, and the docker version CircleCI was using. Basically, musl libc enabled the faccessat2(2) system call and started using it in faccessat(2). access(2) ends up calling faccessat, which now uses faccessat2 if it's available. Alpine Linux 3.14 incorrectly returned EPERM for unknown system calls instead of ENOSYS when running under the faulty Docker version, which didn't know about faccessat2. EPERM has the obvious meaning when access(2) returns it; the caller can't just assume that EPERM means "system call blocked by security policy." And so bash assumed that access returning EPERM meant that the binary wasn't executable. This has all been fixed in the current versions of Alpine Linux and the CircleCI Docker version. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
Re: 'hash foo' may fail, and would require something like 'hash /usr/bin/foo'
On Mär 09 2022, Chet Ramey wrote: > Basically, musl libc enabled the faccessat2(2) system call and started > using it in faccessat(2). access(2) ends up calling faccessat, which now > uses faccessat2 if it's available. Alpine Linux 3.14 incorrectly returned > EPERM for unknown system calls instead of ENOSYS when running under the > faulty Docker version, which didn't know about faccessat2. EPERM has the > obvious meaning when access(2) returns it; the caller can't just assume > that EPERM means "system call blocked by security policy." And so bash > assumed that access returning EPERM meant that the binary wasn't > executable. This is a recurring problem with docker, and all comes down to the syscall filter returning a bogus errno. It happens every time a new syscall is introduced. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different."
Re: 'hash foo' may fail, and would require something like 'hash /usr/bin/foo'
On 3/9/22 12:25 PM, Andreas Schwab wrote: > On Mär 09 2022, Chet Ramey wrote: > >> Basically, musl libc enabled the faccessat2(2) system call and started >> using it in faccessat(2). access(2) ends up calling faccessat, which now >> uses faccessat2 if it's available. Alpine Linux 3.14 incorrectly returned >> EPERM for unknown system calls instead of ENOSYS when running under the >> faulty Docker version, which didn't know about faccessat2. EPERM has the >> obvious meaning when access(2) returns it; the caller can't just assume >> that EPERM means "system call blocked by security policy." And so bash >> assumed that access returning EPERM meant that the binary wasn't >> executable. > > This is a recurring problem with docker, and all comes down to the > syscall filter returning a bogus errno. It happens every time a new > syscall is introduced. Yes, that's why it required the exact conditions to reproduce. Ultimately, this comes down to gaps in the release engineering. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
Re: 'hash foo' may fail, and would require something like 'hash /usr/bin/foo'
On Mär 09 2022, Chet Ramey wrote: > Ultimately, this comes down to gaps in the release engineering. That won't help, the container image often comes from a different source than the docker package. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different."
Re: Feature Request: Add option to make completed values always become properly escaped
On Mon, Mar 7, 2022, 23:16 Chet Ramey, wrote: > On 2/26/22 2:01 PM, konsolebox wrote: > > > I think an option like 'escape' that simply escapes COMPREPLY > > values when used for completion and doesn't compare it to existing > > filesystem objects will be better. > > OK. I'll consider something like this for the next version. Bash-5.2/ > Readline-8.2 are feature frozen. > Ok, no problem. -- konsolebox
