[PATCH] Harden os.system
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[PATCH] Harden os.system
From: Bryan O'Sullivan <bos@serpentine.com>
Add util.system function. This is similar to os.system, but will
either succeed (if the process finishes with a zero exit code) or raise
a util.CommandError (if the process exits uncleanly or is killed by
a signal).
Add util.explain_exit function. This tends to be ubiquitous in code
that calls other processes, and must describe what has gone wrong.
Change some uses of os.system over to util.system.
manifest hash: e3bf4adcac5b915432ec0af00efdbcef86bea4b1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCwSipywK+sNU5EO8RAr0RAJkBDt8XQ7mYQAWNHNgTOVt1eyWU1QCfe1oO
2OwxyWqpbRNACVJHHfZ3/Xw=
=OaRX
-----END PGP SIGNATURE-----
#!/bin/bash
#
# This is an example of using HGEDITOR to automate the signing of
# commits and so on.
T1=""; T2=""
cleanup_exit() {
rm -f "$T1" "$T2"
exit $1
}
case "${EDITOR:=vi}" in
emacs)
EDITOR="$EDITOR -nw"
;;
gvim|vim)
EDITOR="$EDITOR -f -o"
;;
esac
if grep -q "^HG: merge resolve" "$1" ; then
# we don't sign merges
exec $EDITOR "$1"
else
T1=`mktemp`; T2=`mktemp`
MANIFEST=`grep '^HG: manifest hash' "$1" | cut -b 19-`
echo -e "\n\nmanifest hash: $MANIFEST" >> "$T1"
grep -vE '^(HG: manifest hash .*)?$' "$1" >> "$T1"
(
cd "`hg root`"
grep '^HG: changed' "$1" | cut -b 13- | while read changed; do
hg diff "$changed" >> "$T2"
done
)
CHECKSUM=`md5sum "$T1"`
$EDITOR "$T1" "$T2" || cleanup_exit $?
echo "$CHECKSUM" | md5sum -c 2>/dev/null && cleanup_exit 0
{
head -1 "$T1"
echo
grep -v "^HG:" "$T1" | gpg -a -u "${HGUSER:-$EMAIL}" --clearsign
} > "$T2" && mv "$T2" "$1"
cleanup_exit $?
fi