From: Alyssa Ross <hi@alyssa.is>
To: devel@spectrum-os.org
Cc: Dan Connolly <dckc@madmode.com>
Subject: [PATCH] Don't rely on /bin/sh for running scripts
Date: Wed, 27 May 2026 12:11:59 +0200 [thread overview]
Message-ID: <20260527101158.52152-2-hi@alyssa.is> (raw)
/bin/sh might be too old to run our scripts. We probably have a
modern shell available via Nix though, so we can avoid causing
problems for users of stale distros by using sh from path instead of
/bin/sh. I've left the scripts with /bin/sh shebangs because I don't
think there's a great alternative (using /usr/bin/env doesn't seem
much better when there are features of env that might or might not be
available), but those shebangs should now never be used as part of a
build.
Reported-by: Dan Connolly <dckc@madmode.com>
Link: https://inbox.spectrum-os.org/spectrum-discuss/CAD2YivbRwDUzgXv32A2Otetunny1MXsbuROj7VV8C7EYrAdNiw@mail.gmail.com
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
Dan, thanks again for your report. I've been giving this a lot of
thought in the background over the last few weeks. I don't think
there's one solution that's better in every way than all the others,
but I think this is the best compromise.
Documentation/development/built-in-vms.adoc | 2 +-
host/initramfs/Makefile | 8 ++++----
host/rootfs/Makefile | 10 +++++-----
img/app/Makefile | 8 ++++----
lib/common.mk | 5 ++++-
release/checks/integration/lib.c | 7 ++++---
release/checks/integration/meson.build | 2 +-
release/live/Makefile | 8 ++++----
vm/sys/net/Makefile | 8 ++++----
9 files changed, 31 insertions(+), 27 deletions(-)
diff --git a/Documentation/development/built-in-vms.adoc b/Documentation/development/built-in-vms.adoc
index d044e75..fb6b947 100644
--- a/Documentation/development/built-in-vms.adoc
+++ b/Documentation/development/built-in-vms.adoc
@@ -46,7 +46,7 @@ if the only change to the Nix files is modifying the packages
installed in the VM.
The list of files used for images is stored in a separate file,
-file-list.mk. To update it, run scripts/genfiles.sh, which will
+file-list.mk. To update it, run `sh scripts/genfiles.sh`, which will
regenerate it from the output of `git ls-files`. This script uses
Git's index to generate the list, so only staged changes will be
reflected in its output.
diff --git a/host/initramfs/Makefile b/host/initramfs/Makefile
index 89f9a39..523b4b3 100644
--- a/host/initramfs/Makefile
+++ b/host/initramfs/Makefile
@@ -36,9 +36,9 @@ build/mountpoints:
find build/mountpoints -mindepth 1 -exec touch -d @0 {} ';'
build/live.img: ../../scripts/format-uuid.sh ../../scripts/make-gpt.sh ../../scripts/sfdisk-field.awk $(ROOT_FS_IMAGES)
- ../../scripts/make-gpt.sh $@.tmp \
- $(ROOT_FS_VERITY):verity:$$(../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity' \
- $(ROOT_FS_IMAGE):root:$$(../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION)'
+ $(SHELL) ../../scripts/make-gpt.sh $@.tmp \
+ $(ROOT_FS_VERITY):verity:$$($(SHELL) ../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity' \
+ $(ROOT_FS_IMAGE):root:$$($(SHELL) ../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION)'
mv $@.tmp $@
clean:
@@ -46,7 +46,7 @@ clean:
.PHONY: clean
run: $(dest) $(ROOT_FS_VERITY_ROOTHASH) $(RUN_IMAGE)
- @../../scripts/run-qemu.sh -m 4G \
+ @$(SHELL) ../../scripts/run-qemu.sh -m 4G \
-machine virtualization=on \
-kernel $(KERNEL) \
-initrd $(dest) \
diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile
index 4f01e3e..dbfe65e 100644
--- a/host/rootfs/Makefile
+++ b/host/rootfs/Makefile
@@ -74,7 +74,7 @@ $(ROOT_FS_IMAGE): ../../scripts/make-erofs.sh $(PACKAGES_FILE) $(FILES) $(BUILD_
for file in $(BUILD_FILES); do printf '%s\n%s\n' $$file $${file#build/}; done ;\
printf 'build/empty\n%s\n' $(DIRS) ;\
printf 'build/fifo\n%s\n' $(FIFOS) ;\
- } | ../../scripts/make-erofs.sh $@
+ } | $(SHELL) ../../scripts/make-erofs.sh $@
build/etc/update-url:
mkdir -p build/etc
@@ -113,9 +113,9 @@ clean:
.PHONY: clean
build/live.img: ../../scripts/format-uuid.sh ../../scripts/make-gpt.sh ../../scripts/sfdisk-field.awk build/verity-timestamp $(ROOT_FS_IMAGES)
- ../../scripts/make-gpt.sh $@.tmp \
- $(ROOT_FS_VERITY):verity:$$(../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity' \
- $(ROOT_FS_IMAGE):root:$$(../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION)'
+ $(SHELL) ../../scripts/make-gpt.sh $@.tmp \
+ $(ROOT_FS_VERITY):verity:$$($(SHELL) ../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity' \
+ $(ROOT_FS_IMAGE):root:$$($(SHELL) ../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION)'
mv $@.tmp $@
debug:
@@ -133,7 +133,7 @@ run: build/empty build/live.img $(ROOTFS_VERITY_ROOTHASH)
exec 3<>"$$ext" && \
rm -f "$$ext" && \
set +x && \
- exec ../../scripts/run-qemu.sh -cpu max -m 4G \
+ exec $(SHELL) ../../scripts/run-qemu.sh -cpu max -m 4G \
-machine virtualization=on \
-kernel $(KERNEL) \
-initrd $(INITRAMFS) \
diff --git a/img/app/Makefile b/img/app/Makefile
index 1de1b04..db453d4 100644
--- a/img/app/Makefile
+++ b/img/app/Makefile
@@ -26,7 +26,7 @@ $(imgdir)/appvm/vmlinux: $(KERNEL)
$(imgdir)/appvm/blk/root.img: ../../scripts/make-gpt.sh ../../scripts/sfdisk-field.awk build/rootfs.erofs
mkdir -p $$(dirname $@)
- ../../scripts/make-gpt.sh $@.tmp \
+ $(SHELL) ../../scripts/make-gpt.sh $@.tmp \
build/rootfs.erofs:root:5460386f-2203-4911-8694-91400125c604:root
mv $@.tmp $@
@@ -54,7 +54,7 @@ build/rootfs.erofs: ../../scripts/make-erofs.sh $(PACKAGES_FILE) $(FILES) $(BUIL
for file in $(BUILD_FILES); do printf '%s\n%s\n' $$file $${file#build/}; done ;\
printf 'build/empty\n%s\n' $(DIRS) ;\
printf 'build/fifo\n%s\n' $(FIFOS) ;\
- } | ../../scripts/make-erofs.sh $@
+ } | $(SHELL) ../../scripts/make-erofs.sh $@
build/etc/s6-rc: $(S6_RC_FILES) file-list.mk
@@ -91,7 +91,7 @@ start-virtiofsd: scripts/start-virtiofsd.elb
.PHONY: start-virtiofsd
run-qemu: $(imgdir)/appvm/blk/root.img start-vhost-user-net start-virtiofsd
- @../../scripts/run-qemu.sh -m 256 -cpu max -kernel $(KERNEL) -vga none \
+ @$(SHELL) ../../scripts/run-qemu.sh -m 256 -cpu max -kernel $(KERNEL) -vga none \
-drive file=$(imgdir)/appvm/blk/root.img,if=virtio,format=raw,readonly=on \
-append "root=PARTLABEL=root nokaslr" \
-gdb unix:build/gdb.sock,server,nowait \
@@ -113,7 +113,7 @@ run-qemu: $(imgdir)/appvm/blk/root.img start-vhost-user-net start-virtiofsd
run-cloud-hypervisor: $(imgdir)/appvm/blk/root.img start-vhost-user-gpu start-vhost-user-net start-virtiofsd
rm -f build/vmm.sock build/vsock.sock
- @../../scripts/run-cloud-hypervisor.sh \
+ @$(SHELL) ../../scripts/run-cloud-hypervisor.sh \
--api-socket path=build/vmm.sock \
--memory size=1G,shared=on \
--disk path=$(imgdir)/appvm/blk/root.img,readonly=on \
diff --git a/lib/common.mk b/lib/common.mk
index 84091a8..9896efe 100644
--- a/lib/common.mk
+++ b/lib/common.mk
@@ -1,5 +1,8 @@
# SPDX-License-Identifier: EUPL-1.2+
-# SPDX-FileCopyrightText: 2021, 2023, 2025 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2021, 2023, 2025-2026 Alyssa Ross <hi@alyssa.is>
+
+# Use sh from path — easier to make sure it's up to date than /bin/sh.
+SHELL = sh
BACKGROUND = background
CPIO = cpio
diff --git a/release/checks/integration/lib.c b/release/checks/integration/lib.c
index 3a7ecdf..0f898f4 100644
--- a/release/checks/integration/lib.c
+++ b/release/checks/integration/lib.c
@@ -190,6 +190,7 @@ struct vm *start_qemu(struct config c)
struct utsname u;
int console_listener, console_conn;
char *arch, *args[] = {
+ "sh",
(char *)c.run_qemu,
"-drive", nullptr,
"-drive", nullptr,
@@ -214,8 +215,8 @@ struct vm *start_qemu(struct config c)
c.serial.optval ? (char *)c.serial.optval : "chardev:socket",
nullptr,
};
- char **efi_arg = &args[2], **img_arg = &args[4],
- **user_data_arg = &args[6], **console_arg = &args[8];
+ char **efi_arg = &args[3], **img_arg = &args[5],
+ **user_data_arg = &args[7], **console_arg = &args[9];
struct vm *r = malloc(sizeof *r);
if (!r) {
@@ -252,7 +253,7 @@ struct vm *start_qemu(struct config c)
exit(EXIT_FAILURE);
}
- execv(c.run_qemu, args);
+ execvp(args[0], args);
perror("execv");
exit(EXIT_FAILURE);
}
diff --git a/release/checks/integration/meson.build b/release/checks/integration/meson.build
index 7bf8f51..f0ef334 100644
--- a/release/checks/integration/meson.build
+++ b/release/checks/integration/meson.build
@@ -7,7 +7,7 @@ project('spectrum-integration-tests', 'c',
add_project_arguments('-D_GNU_SOURCE', language : 'c')
-run_qemu = find_program('../../../scripts/run-qemu.sh')
+run_qemu = files('../../../scripts/run-qemu.sh')
lib = static_library('spectrum-integration-test', 'lib.c')
diff --git a/release/live/Makefile b/release/live/Makefile
index 85319d0..4bf38a0 100644
--- a/release/live/Makefile
+++ b/release/live/Makefile
@@ -8,10 +8,10 @@ include ../../lib/common.mk
dest = build/live.img
$(dest): ../../scripts/format-uuid.sh ../../scripts/make-gpt.sh ../../scripts/sfdisk-field.awk build/boot.fat $(ROOT_FS_IMAGES)
- ../../scripts/make-gpt.sh $@.tmp \
+ $(SHELL) ../../scripts/make-gpt.sh $@.tmp \
build/boot.fat:c12a7328-f81f-11d2-ba4b-00a0c93ec93b \
- $(ROOT_FS_VERITY):verity:$$(../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity:162' \
- $(ROOT_FS_IMAGE):root:$$(../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION):20000' \
+ $(ROOT_FS_VERITY):verity:$$($(SHELL) ../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity:162' \
+ $(ROOT_FS_IMAGE):root:$$($(SHELL) ../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION):20000' \
/dev/null:verity:18f2ccff-92f1-4bb1-a80e-24f76ecda90c:_empty:162 \
/dev/null:root:ec0c5ff3-f6b1-4adf-82b4-61336c4d135f:_empty:20000
mv $@.tmp $@
@@ -43,7 +43,7 @@ run: build/empty $(dest)
exec 4<>"$$userdata" && \
rm -f "$$userdata" && \
set +x && \
- exec ../../scripts/run-qemu.sh -m 4G \
+ exec $(SHELL) ../../scripts/run-qemu.sh -m 4G \
-machine virtualization=on \
-cpu max \
-smbios type=11,value=io.systemd.stub.kernel-cmdline-extra=console=hvc0 \
diff --git a/vm/sys/net/Makefile b/vm/sys/net/Makefile
index 7ad5e5c..e080954 100644
--- a/vm/sys/net/Makefile
+++ b/vm/sys/net/Makefile
@@ -25,7 +25,7 @@ $(vmdir)/netvm/vmlinux: $(KERNEL)
$(vmdir)/netvm/blk/root.img: ../../../scripts/make-gpt.sh ../../../scripts/sfdisk-field.awk build/rootfs.erofs
mkdir -p $$(dirname $@)
- ../../../scripts/make-gpt.sh $@.tmp \
+ $(SHELL) ../../../scripts/make-gpt.sh $@.tmp \
build/rootfs.erofs:root:ea21da27-0391-48da-9235-9d2ab2ca7844:root
mv $@.tmp $@
@@ -43,7 +43,7 @@ build/rootfs.erofs: ../../../scripts/make-erofs.sh $(PACKAGES_FILE) $(FILES) $(B
for file in $(FILES) $(LINKS); do printf '%s\n%s\n' $$file "$${file#image/}"; done ;\
for file in $(BUILD_FILES); do printf '%s\n%s\n' $$file $${file#build/}; done ;\
printf 'build/empty\n%s\n' $(DIRS) ;\
- } | ../../../scripts/make-erofs.sh $@
+ } | $(SHELL) ../../../scripts/make-erofs.sh $@
build/etc/s6-rc: $(S6_RC_FILES) file-list.mk
mkdir -p $$(dirname $@)
@@ -65,7 +65,7 @@ start-vhost-user-net:
../../../scripts/start-passt.elb
run-qemu: $(vmdir)/netvm/blk/root.img
- @../../../scripts/run-qemu.sh -m 256 -cpu max -kernel $(KERNEL) -vga none \
+ @$(SHELL)../../../scripts/run-qemu.sh -m 256 -cpu max -kernel $(KERNEL) -vga none \
-drive file=$(vmdir)/netvm/blk/root.img,if=virtio,format=raw,readonly=on \
-append "root=PARTLABEL=root nokaslr" \
-gdb unix:build/gdb.sock,server,nowait \
@@ -82,7 +82,7 @@ run-qemu: $(vmdir)/netvm/blk/root.img
run-cloud-hypervisor: $(vmdir)/netvm/blk/root.img start-vhost-user-net
rm -f build/vmm.sock
@../../../scripts/with-taps.elb \
- ../../../scripts/run-cloud-hypervisor.sh \
+ $(SHELL) ../../../scripts/run-cloud-hypervisor.sh \
--api-socket path=build/vmm.sock \
--memory size=256M,shared=on \
--disk path=$(vmdir)/netvm/blk/root.img,readonly=on \
base-commit: 5b3151fd08d1f1e3e166a328449fe6fe5092f316
--
2.54.0
reply other threads:[~2026-05-27 10:12 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260527101158.52152-2-hi@alyssa.is \
--to=hi@alyssa.is \
--cc=dckc@madmode.com \
--cc=devel@spectrum-os.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).