On Fri, Jan 22, 2021 at 03:32:04PM -0500, Jeff King wrote:
> Yeah, that is exactly right. "use_shell" just means that the command is
> (possibly) run with a shell. Quoting for any extra arguments is handled
> automatically.
>
> I think you're correct that this was broken from the start in 10ac85c785
> (upload-pack: add object filtering for partial clone, 2017-12-08).
> That's even before the use_shell was added, and then later it was pushed
> into that conditional by 0b6069fe0a (fetch-pack: test support excluding
> large blobs, 2017-12-08). Presumably because the non-hook path would not
> have worked at all, and that was the first time any of it was actually
> tested. ;)
>
> (I've cc'd authors of those commits as an FYI; I think both were
> relatively new to the project at the time so misunderstanding this
> subtlety of run-command is not too surprising).
While we're thinking about it, let's beef up the documentation a bit.
-- >8 --
Subject: [PATCH] run-command: document use_shell option
It's unclear how run-command's use_shell option should impact the
arguments fed to a command. Plausibly it could mean that we glue all of
the arguments together into a string to pass to the shell, in which case
that opens the question of whether the caller needs to quote them.
But in fact we don't implement it that way (and even if we did, we'd
probably auto-quote the arguments as part of the glue step). And we must
not receive quoted arguments, because we might actually optimize out the
shell entirely (i.e., the caller does not even know if a shell will be
involved in the end or not).
Since this ambiguity may have been the cause of a recent bug, let's
document the option a bit.
Signed-off-by: Jeff King <peff@xxxxxxxx>
---
run-command.h | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/run-command.h b/run-command.h
index 6472b38bde..d08414a92e 100644
--- a/run-command.h
+++ b/run-command.h
@@ -126,8 +126,15 @@ struct child_process {
*/
unsigned silent_exec_failure:1;
- unsigned stdout_to_stderr:1;
+ /**
+ * Run the command from argv[0] using a shell (but note that we may
+ * still optimize out the shell call if the command contains no
+ * metacharacters). Note that further arguments to the command in
+ * argv[1], etc, do not need to be shell-quoted.
+ */
unsigned use_shell:1;
+
+ unsigned stdout_to_stderr:1;
unsigned clean_on_exit:1;
unsigned wait_after_clean:1;
void (*clean_on_exit_handler)(struct child_process *process);
--
2.30.0.664.g35e6628185
