Commit 71b66104 authored by ale's avatar ale

Filter out unwanted environment variables

When running commands, drop locale- and restic-related environment
variables.
parent 2e82e01d
Pipeline #2491 passed with stages
in 2 minutes and 5 seconds
...@@ -10,10 +10,37 @@ import ( ...@@ -10,10 +10,37 @@ import (
"os/exec" "os/exec"
"path/filepath" "path/filepath"
"strconv" "strconv"
"strings"
"git.autistici.org/ale/tabacco/jobs" "git.autistici.org/ale/tabacco/jobs"
) )
// Environment variables starting with any of the following strings
// are removed from the command execution environment.
var filteredEnvVars = []string{
"LANG=",
"LC_",
"RESTIC_",
}
// Return a copy of os.Environ(), with filteredEnvVars removed.
func safeEnv() []string {
var env []string
for _, s := range os.Environ() {
skip := false
for _, pfx := range filteredEnvVars {
if strings.HasPrefix(s, pfx) {
skip = true
break
}
}
if !skip {
env = append(env, s)
}
}
return env
}
// Shell runs commands, with some options (a global dry-run flag // Shell runs commands, with some options (a global dry-run flag
// preventing all executions, nice level, i/o class). As one may guess // preventing all executions, nice level, i/o class). As one may guess
// by the name, commands are run using the shell, so variable // by the name, commands are run using the shell, so variable
...@@ -22,6 +49,7 @@ type Shell struct { ...@@ -22,6 +49,7 @@ type Shell struct {
dryRun bool dryRun bool
niceLevel int niceLevel int
ioniceClass int ioniceClass int
env []string
} }
// NewShell creates a new Shell. // NewShell creates a new Shell.
...@@ -30,6 +58,7 @@ func NewShell(dryRun bool) *Shell { ...@@ -30,6 +58,7 @@ func NewShell(dryRun bool) *Shell {
dryRun: dryRun, dryRun: dryRun,
niceLevel: 10, niceLevel: 10,
ioniceClass: 2, ioniceClass: 2,
env: safeEnv(),
} }
} }
...@@ -47,8 +76,6 @@ func (s *Shell) SetIOClass(n int) { ...@@ -47,8 +76,6 @@ func (s *Shell) SetIOClass(n int) {
// context - notably it sets log output and working directory to be in // context - notably it sets log output and working directory to be in
// the working dir if the job has been wrapped in WithWorkDir(). // the working dir if the job has been wrapped in WithWorkDir().
func (s *Shell) command(ctx context.Context, arg string) *exec.Cmd { func (s *Shell) command(ctx context.Context, arg string) *exec.Cmd {
log.Printf("sh: %s", arg)
var args []string var args []string
if s.dryRun { if s.dryRun {
args = []string{"/bin/echo", arg} args = []string{"/bin/echo", arg}
...@@ -70,8 +97,14 @@ func (s *Shell) command(ctx context.Context, arg string) *exec.Cmd { ...@@ -70,8 +97,14 @@ func (s *Shell) command(ctx context.Context, arg string) *exec.Cmd {
} }
c := exec.CommandContext(ctx, args[0], args[1:]...) // #nosec c := exec.CommandContext(ctx, args[0], args[1:]...) // #nosec
var env []string
env = append(env, s.env...)
c.Env = env
c.Stderr = os.Stderr c.Stderr = os.Stderr
c.Dir = getWorkDir(ctx) c.Dir = getWorkDir(ctx)
log.Printf("sh: %s", arg)
return c return c
} }
...@@ -121,12 +154,9 @@ func (s *Shell) Run(ctx context.Context, arg string) error { ...@@ -121,12 +154,9 @@ func (s *Shell) Run(ctx context.Context, arg string) error {
// RunWithEnv runs a command with additional environment variables. // RunWithEnv runs a command with additional environment variables.
func (s *Shell) RunWithEnv(ctx context.Context, arg string, envMap map[string]string) error { func (s *Shell) RunWithEnv(ctx context.Context, arg string, envMap map[string]string) error {
c := s.command(ctx, arg) c := s.command(ctx, arg)
var env []string
copy(env, os.Environ())
for k, v := range envMap { for k, v := range envMap {
env = append(env, fmt.Sprintf("%s=%s", k, v)) c.Env = append(c.Env, fmt.Sprintf("%s=%s", k, v))
} }
c.Env = env
c.Stdout = os.Stdout c.Stdout = os.Stdout
return c.Run() return c.Run()
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment