ROX-8830: Respect local overwrites of variables in BASH_ENV #99
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
mentioned this pull request
vikin91
changed the title
vikin91
changed the title
This was referenced Dec 23, 2021
vikin91
force-pushed
the
pr/fix-bash-env-shadowing
branch
from
c2743b8 to
e8c3d68
Compare
vikin91
requested review from
viswajithiii,
gavin-stackrox,
misberner and
msugakov
msugakov
reviewed
Jan 3, 2022
| echo >&2 "Env var BASH_ENV not properly set" | ||
| return 1 | ||
| fi | ||
| echo "export ${key}=$(printf '%q' "$value")" >> "$BASH_ENV" |
There was a problem hiding this comment.
From my limited understanding of the issue, the problem is that BASH_ENV contents may override whatever is set in the environment before bash process is launched.
- Parent process exports environment variables.
- Parent process starts real
bash(through our wrappers but that doesn't matter). bashseesBASH_ENVand sources that file.BASH_ENVoverwrites environment variables if their names match the ones set by the parent process.
If we assume, we don't want overwriting only for values that we put into $BASH_ENV with our cci-export function, could we simply modify this specific line from
echo "export ${key}=$(printf '%q' "$value")" >> "$BASH_ENV"to
echo "export ${key}=\${${key}:-$(printf '%q' "$value")}" >> "$BASH_ENV"Warning: this needs testing if escaping works as it should.
There was a problem hiding this comment.
This is correct, I added this in line 39.
This solution requires handling one edge-case: cci-exporting the same key twice with different values. In order to make this work properly, I needed to add line 35: remove_lines_starting_with "$BASH_ENV" "$(printf 'export %q="${%q:-' "$key" "$key")". There are unit tests in this PR to cover this edge-case.
There was a problem hiding this comment.
Good point. I did not even think about it. Let me take another look at the current approach.
vikin91
commented
Jan 3, 2022
msugakov
reviewed
Jan 3, 2022
msugakov
reviewed
Jan 3, 2022
ec25484 Revert parts of #96 related to BASH_ENV 8ca7ad5 Revert "Revert parts of #96 related to BASH_ENV" 213f065 Propose candidate no.1 for a proper fix 7f80506 Why bash-wrapper is not being updated? afe22b3 Undo debug and TODO statements e2a78e5 Allov cci-export to handle values containing whitespaces 6df0296 Add unit-tests for cci-export c950ade Do not force-push updated branch 1ee91e0 Fix bug in cci-export 519cc00 Add circleci job running tests 22252c6 Provide separate slim image for testing cci-export 9e9a93a Fix path of Dockerfile d481aac Change machine type for running the tests in CI b3435ed Fix missing code checkout ce7f03b Fix: Add missing auth 8ad7325 Fix: Add missing context da0e58e Fix permissions for bash.env 1ec50d4 Fix permissions of test folder fe774ac Try without setup_file 3ab6bba Add bash.env to Dockerfile cc1a485 Provide temp file to sed 32b55d6 Provide BASH_ENV dynamically 7ddf038 Add testcase d83548d Do not assert_success of printer d653b83 Try updating created PRs instead ov overwriting with force
vikin91
force-pushed
the
pr/fix-bash-env-shadowing
branch
from
72f01f1 to
2439030
Compare
|
Thanks for the comments, I addressed some of them so far, but I will ping you when I am ready with the rest. |
msugakov
reviewed
Jan 5, 2022
msugakov
reviewed
Jan 5, 2022
msugakov
approved these changes
Jan 5, 2022
This was referenced Jan 5, 2022
Merged
|
Let's see how much we postpone :) Maybe only several hours :) |
This was referenced Jan 7, 2022
vikin91
added a commit
that referenced
this pull request
Jan 12, 2022
* X-Smart-Branch-Parent: master * Fix issue ROX-8821 Co-authored-by: msugakov <[email protected]>
vikin91
added a commit
that referenced
this pull request
Jan 13, 2022
f27bebd WIP: Separate common base 1ec38ef Try using base image for cci-export tester and rox 1fb1e7b Fix: Add missing build-and-push-base, add missing --build-args 1e14b10 Fix docker build --build-arg syntax a779455 Fix computing BASE_TAG 2b8f8f0 Do not use image-suffix 56cc4e1 Fix: add required context to test-cci-export 30daa3d Remove -base suffix bb11ab8 Fix: rename tag: base-snapshot to snapshot-base 3720b28 Fix: Login to quay before building cci-export tester f2ea426 Remove redundant requirement for step 'build-and-push-rox' 41d7ea2 Make base a dependency of env-check. Move common parts to base 6145aef Fix missing docker login af38330 Shuffle shared parts between base and rox Dockerfile b3fdf0b Fix docker login issue 6e0a41c Move ARG BASE_TAG to the top 5b9c829 Try to separate roksdb as well 2ebd77d Make roksdb a dependency to rox 60e9a53 Fix typo 4e6f7c4 Fix other typos and mistakes (concentration decreases) 6013df6 Update ca certs 2dde39d Try to build rocksdb image only once per version 8438734 Assign ROCKSDB_VERSION from ARG to ENV 755fd6c Fix confusion with tag_prefix and base_tag 159f4a8 Fix pushing built image a98e13d Fix variable TAG 2af3cd5 Use newer remote_docker that supports 'docker manifest inspect' 917f82e Do not remove wget b8e52c4 No need to COPY --from=base 2e19b09 Undo adding '--no-install-recommends' to one apt-get install command 607f422 Promote rocksdb_version to a pipeline parameter 96243f0 Try using different pushed_image file to avoid conflicts be93611 Try moving attach_workspace to pre_steps d4e1521 Revert "Try moving attach_workspace to pre_steps" 065e1ca Ensure pushed-image-file is unique to prevent 'Concurrent upstream...' error 0889271 ROX-8830: Respect local overwrites of variables in BASH_ENV (#99) 4376a2d Move yarn to base. Cleanup installs in the first and second RUN edbc52c Remove duplicate installs in rox 2fb53d6 Document reasons for separating rocksdb.Dockerfile and resp. build task 22c1318 Hadolint-warning: use WORKDIR in env-check.Dockerfile 4d8fa15 Hadolint: Pin versions for apt-get in base.Dockerfile 1d04e6c Hadolint: Fix warning SC2067 in base.Dockerfile ed9138d Hadolint: Fix DL3042 5508757 Hadolint: Fix DL3004 and DL4001 6c1cf1b Add hadolint ignore with reasons 6483d14 Fix vrong version pin (copy-paste error) a99b269 Fix inline-comments and quotes 7675b6e Fix find -exec part c831fc1 Add gosu alongside with sudo to base ca321a0 Minor: Remove unhelpful comment 30428c7 Fix gosu usage 8fa071b Do not use gosu 8e4f651 Revert pinning in base.Dockerfile f2b8594 Add .hadolint.yaml to configure ingore rules for this repo 30cc746 Rewrite build-and-push-image to avoid too many --build-args 173965b Add missing use-base params to build-and-push-image 98ee1e1 Remove foo-printer from old location (rebase leftover) 0b61702 Remove duplicate job (clean rebase leftover) 31128a2 ROX-8834: Automatically open test-PRs also against collector and scanner (#97) e55c856 Merge branch 'master' into pr/ROX-8830-common-container-base
vikin91
added a commit
that referenced
this pull request
Jan 14, 2022
f27bebd WIP: Separate common base 1ec38ef Try using base image for cci-export tester and rox 1fb1e7b Fix: Add missing build-and-push-base, add missing --build-args 1e14b10 Fix docker build --build-arg syntax a779455 Fix computing BASE_TAG 2b8f8f0 Do not use image-suffix 56cc4e1 Fix: add required context to test-cci-export 30daa3d Remove -base suffix bb11ab8 Fix: rename tag: base-snapshot to snapshot-base 3720b28 Fix: Login to quay before building cci-export tester f2ea426 Remove redundant requirement for step 'build-and-push-rox' 41d7ea2 Make base a dependency of env-check. Move common parts to base 6145aef Fix missing docker login af38330 Shuffle shared parts between base and rox Dockerfile b3fdf0b Fix docker login issue 6e0a41c Move ARG BASE_TAG to the top 5b9c829 Try to separate roksdb as well 2ebd77d Make roksdb a dependency to rox 60e9a53 Fix typo 4e6f7c4 Fix other typos and mistakes (concentration decreases) 6013df6 Update ca certs 2dde39d Try to build rocksdb image only once per version 8438734 Assign ROCKSDB_VERSION from ARG to ENV 755fd6c Fix confusion with tag_prefix and base_tag 159f4a8 Fix pushing built image a98e13d Fix variable TAG 2af3cd5 Use newer remote_docker that supports 'docker manifest inspect' 917f82e Do not remove wget b8e52c4 No need to COPY --from=base 2e19b09 Undo adding '--no-install-recommends' to one apt-get install command 607f422 Promote rocksdb_version to a pipeline parameter 96243f0 Try using different pushed_image file to avoid conflicts be93611 Try moving attach_workspace to pre_steps d4e1521 Revert "Try moving attach_workspace to pre_steps" 065e1ca Ensure pushed-image-file is unique to prevent 'Concurrent upstream...' error 0889271 ROX-8830: Respect local overwrites of variables in BASH_ENV (#99) 4376a2d Move yarn to base. Cleanup installs in the first and second RUN edbc52c Remove duplicate installs in rox 2fb53d6 Document reasons for separating rocksdb.Dockerfile and resp. build task 22c1318 Hadolint-warning: use WORKDIR in env-check.Dockerfile 4d8fa15 Hadolint: Pin versions for apt-get in base.Dockerfile 1d04e6c Hadolint: Fix warning SC2067 in base.Dockerfile ed9138d Hadolint: Fix DL3042 5508757 Hadolint: Fix DL3004 and DL4001 6c1cf1b Add hadolint ignore with reasons 6483d14 Fix vrong version pin (copy-paste error) a99b269 Fix inline-comments and quotes 7675b6e Fix find -exec part c831fc1 Add gosu alongside with sudo to base ca321a0 Minor: Remove unhelpful comment 30428c7 Fix gosu usage 8fa071b Do not use gosu 8e4f651 Revert pinning in base.Dockerfile f2b8594 Add .hadolint.yaml to configure ingore rules for this repo 30cc746 Rewrite build-and-push-image to avoid too many --build-args 173965b Add missing use-base params to build-and-push-image 98ee1e1 Remove foo-printer from old location (rebase leftover) 0b61702 Remove duplicate job (clean rebase leftover) 31128a2 ROX-8834: Automatically open test-PRs also against collector and scanner (#97) e55c856 Merge branch 'master' into pr/ROX-8830-common-container-base
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR:
This is (a part of) the proper fix for the workaround introduced in stackrox/stackrox#180
Variable shadowing problem
This PR fixes the problem defined as follows:
This faulty behavior results in broken master as described in ROX-8821
Fix
The fix is short and its intention should be clear when looking at the diff.
We modify
cci-exportin such a way, so that it respects the existing value of env variable. This changes the priority hierarchy from:cci-export FOO bar(i.e., contents of$BASH_ENV)export FOO=barFOO=x ./script.shInto:
FOO=x ./script.shexport FOO=barcci-export FOO bar(i.e., contents of$BASH_ENV)We obtain this by changing the contents of
$BASH_ENVproduced byexport CIRCLECI=true cci-export FOO barfrom:
export FOO=barinto
however, there can be maximally one
export VARline for each VAR, because othwerwise, subsequentcci-exportcalls would not work as expected.How tested
ci-upgrade-tests