From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id E5F96A46C; Wed, 27 May 2026 10:12:54 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id BD1F4A450; Wed, 27 May 2026 10:12:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fhigh-a6-smtp.messagingengine.com (fhigh-a6-smtp.messagingengine.com [103.168.172.157]) by atuin.qyliss.net (Postfix) with ESMTPS id 53A28A3C7 for ; Wed, 27 May 2026 10:12:49 +0000 (UTC) Received: from phl-compute-06.internal (phl-compute-06.internal [10.202.2.46]) by mailfhigh.phl.internal (Postfix) with ESMTP id 779D014000B0; Wed, 27 May 2026 06:12:47 -0400 (EDT) Received: from phl-frontend-04 ([10.202.2.163]) by phl-compute-06.internal (MEProxy); Wed, 27 May 2026 06:12:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm2; t=1779876767; x=1779963167; bh=ra 2XY2/OiFY0u066BnEop6rW1B0F66OOJ3fPGAhAanU=; b=SCB2VNOkHeC/Fc1p+L DhTN4XhSfjbQmIpk9iES+ljMNLGWqv9mlixxY/y/K4pN23gJ4VUdxAUe0pvqiYNv VE/O0wUjorfguHf7y1ImRuyDP55WiX2l0cALVybn8k8veP61kHcCwFWsFrcFM3mc YFkLkzUS2WPb8n+RtroSA3pdQKbcFxOF2quSeaTJHA9p4J4VlQfN+1UMIOH+kT/t 14r02sVe6gTnSNcd+CV+XHyt+PIcTcA3uQwKhUJpy6vZimjHJo82zBFJRhNH5goF pfQXR9kLDOqFXPXKOO8clEqbnDaIVO/Wf1SHSaQY+KSx5YNm/FxWIA1SQ4MUJ/S3 L/pA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1779876767; x=1779963167; bh=ra2XY2/OiFY0u066BnEop6rW1B0F 66OOJ3fPGAhAanU=; b=fpsrI5lwUb3paOzDFkS7vyADW76CmqQuI19RjPW6Xj0r 7Lv00SlPWzHrkMD0JMljTKHTjUerHrOPpiKZtdzmMm346G4lwhO6Rl+tr8zUu8oh QzWUT3+qCoCrCYjFt/hlc4TkmjUio+7RQMCc9VCxnUcxvnWvBWx67w1Iaj2ERR74 sACtaYbuVDPuYBOOWOOwsZdsD8nptJcUjQBjSNkJhZFqMe6EuHRGWNYi/RQnps5j ezrg8s2mdqS8da7nOU6Ip2C3hb2ZxJbBwxnRs16HpHkCvPQnfneeaPyD0z1VIuZ4 jbadvFAmQvcZjIdB9UdlHnD1vcYb8SelL4+443lSbw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: dmFkZTGXi+r4FJJky29yQ2o3PGhcEAZAjxxartxh3RU4CGAG/kktQM8tqnNEeHL10v0n8M P7RMLFmJPx9Q8eAbWYa3g0pSqk/u46oUfsf57hRgUvlf/pXktEkwf/uWRX/veVYEmGoykP kCsYjJii9emIpp5wiCQATrb0bygm/5tT0O64GK160kFGy1xGz1JfbjiZmUW4Zg/BxhBbuq AkkRyCMhNNGyyQf9PJUZO7LG/chZHjGDBgbw1cykBX/DmfWeHPhnJEEvgBvWJ3/YlawdGY 8VCxAHwmYZM4QXzOTC9B3WV14DHfxIqd30fITePrWvTwJST0SRZF+KcSs4yB4/vEeEOwcg H96tf3SqUzyQnlg81MwBCGM0IJlqqER/TMjm1XExitMZMCHo5kyNOAjNsaxsR0Xms7euD6 /Tt7Q6xuURI9H3+muxv3agucS/nuAAfQc5Mwsns8TsyzpgD9BwUC8VBdjktjWZg002zrKl 9TidW+RJc0sKtIXw/M5DVBMTnYbzpAcWNrcrpg+GjY9Z+kCUZ6JxJWof+PeWdjvH/txD28 4V+UakkeKY5I5u+7Wl1M94aloSoDCXnVkp2i5gTiw0wMr/LfGFbZV/NDKmKlItfJvMdXfo zKd08xoNWhj0sdXVcGwU65Y9P51R6JTwA++vvITD21c0TxFUAgjY0uY4sM9w X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 27 May 2026 06:12:46 -0400 (EDT) Received: by mbp.qyliss.net (Postfix, from userid 1000) id 16B64819C024; Wed, 27 May 2026 12:12:45 +0200 (CEST) From: Alyssa Ross To: devel@spectrum-os.org Subject: [PATCH] Don't rely on /bin/sh for running scripts Date: Wed, 27 May 2026 12:11:59 +0200 Message-ID: <20260527101158.52152-2-hi@alyssa.is> X-Mailer: git-send-email 2.54.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-ID-Hash: 27MI2B5LF6JCX5DNGQ4G7YLIW2I4PKZC X-Message-ID-Hash: 27MI2B5LF6JCX5DNGQ4G7YLIW2I4PKZC X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Dan Connolly X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: /bin/sh might be too old to run our scripts. We probably have a modern shell available via Nix though, so we can avoid causing problems for users of stale distros by using sh from path instead of /bin/sh. I've left the scripts with /bin/sh shebangs because I don't think there's a great alternative (using /usr/bin/env doesn't seem much better when there are features of env that might or might not be available), but those shebangs should now never be used as part of a build. Reported-by: Dan Connolly Link: https://inbox.spectrum-os.org/spectrum-discuss/CAD2YivbRwDUzgXv32A2Otetunny1MXsbuROj7VV8C7EYrAdNiw@mail.gmail.com Signed-off-by: Alyssa Ross --- Dan, thanks again for your report. I've been giving this a lot of thought in the background over the last few weeks. I don't think there's one solution that's better in every way than all the others, but I think this is the best compromise. Documentation/development/built-in-vms.adoc | 2 +- host/initramfs/Makefile | 8 ++++---- host/rootfs/Makefile | 10 +++++----- img/app/Makefile | 8 ++++---- lib/common.mk | 5 ++++- release/checks/integration/lib.c | 7 ++++--- release/checks/integration/meson.build | 2 +- release/live/Makefile | 8 ++++---- vm/sys/net/Makefile | 8 ++++---- 9 files changed, 31 insertions(+), 27 deletions(-) diff --git a/Documentation/development/built-in-vms.adoc b/Documentation/development/built-in-vms.adoc index d044e75..fb6b947 100644 --- a/Documentation/development/built-in-vms.adoc +++ b/Documentation/development/built-in-vms.adoc @@ -46,7 +46,7 @@ if the only change to the Nix files is modifying the packages installed in the VM. The list of files used for images is stored in a separate file, -file-list.mk. To update it, run scripts/genfiles.sh, which will +file-list.mk. To update it, run `sh scripts/genfiles.sh`, which will regenerate it from the output of `git ls-files`. This script uses Git's index to generate the list, so only staged changes will be reflected in its output. diff --git a/host/initramfs/Makefile b/host/initramfs/Makefile index 89f9a39..523b4b3 100644 --- a/host/initramfs/Makefile +++ b/host/initramfs/Makefile @@ -36,9 +36,9 @@ build/mountpoints: find build/mountpoints -mindepth 1 -exec touch -d @0 {} ';' build/live.img: ../../scripts/format-uuid.sh ../../scripts/make-gpt.sh ../../scripts/sfdisk-field.awk $(ROOT_FS_IMAGES) - ../../scripts/make-gpt.sh $@.tmp \ - $(ROOT_FS_VERITY):verity:$$(../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity' \ - $(ROOT_FS_IMAGE):root:$$(../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION)' + $(SHELL) ../../scripts/make-gpt.sh $@.tmp \ + $(ROOT_FS_VERITY):verity:$$($(SHELL) ../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity' \ + $(ROOT_FS_IMAGE):root:$$($(SHELL) ../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION)' mv $@.tmp $@ clean: @@ -46,7 +46,7 @@ clean: .PHONY: clean run: $(dest) $(ROOT_FS_VERITY_ROOTHASH) $(RUN_IMAGE) - @../../scripts/run-qemu.sh -m 4G \ + @$(SHELL) ../../scripts/run-qemu.sh -m 4G \ -machine virtualization=on \ -kernel $(KERNEL) \ -initrd $(dest) \ diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile index 4f01e3e..dbfe65e 100644 --- a/host/rootfs/Makefile +++ b/host/rootfs/Makefile @@ -74,7 +74,7 @@ $(ROOT_FS_IMAGE): ../../scripts/make-erofs.sh $(PACKAGES_FILE) $(FILES) $(BUILD_ for file in $(BUILD_FILES); do printf '%s\n%s\n' $$file $${file#build/}; done ;\ printf 'build/empty\n%s\n' $(DIRS) ;\ printf 'build/fifo\n%s\n' $(FIFOS) ;\ - } | ../../scripts/make-erofs.sh $@ + } | $(SHELL) ../../scripts/make-erofs.sh $@ build/etc/update-url: mkdir -p build/etc @@ -113,9 +113,9 @@ clean: .PHONY: clean build/live.img: ../../scripts/format-uuid.sh ../../scripts/make-gpt.sh ../../scripts/sfdisk-field.awk build/verity-timestamp $(ROOT_FS_IMAGES) - ../../scripts/make-gpt.sh $@.tmp \ - $(ROOT_FS_VERITY):verity:$$(../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity' \ - $(ROOT_FS_IMAGE):root:$$(../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION)' + $(SHELL) ../../scripts/make-gpt.sh $@.tmp \ + $(ROOT_FS_VERITY):verity:$$($(SHELL) ../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity' \ + $(ROOT_FS_IMAGE):root:$$($(SHELL) ../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION)' mv $@.tmp $@ debug: @@ -133,7 +133,7 @@ run: build/empty build/live.img $(ROOTFS_VERITY_ROOTHASH) exec 3<>"$$ext" && \ rm -f "$$ext" && \ set +x && \ - exec ../../scripts/run-qemu.sh -cpu max -m 4G \ + exec $(SHELL) ../../scripts/run-qemu.sh -cpu max -m 4G \ -machine virtualization=on \ -kernel $(KERNEL) \ -initrd $(INITRAMFS) \ diff --git a/img/app/Makefile b/img/app/Makefile index 1de1b04..db453d4 100644 --- a/img/app/Makefile +++ b/img/app/Makefile @@ -26,7 +26,7 @@ $(imgdir)/appvm/vmlinux: $(KERNEL) $(imgdir)/appvm/blk/root.img: ../../scripts/make-gpt.sh ../../scripts/sfdisk-field.awk build/rootfs.erofs mkdir -p $$(dirname $@) - ../../scripts/make-gpt.sh $@.tmp \ + $(SHELL) ../../scripts/make-gpt.sh $@.tmp \ build/rootfs.erofs:root:5460386f-2203-4911-8694-91400125c604:root mv $@.tmp $@ @@ -54,7 +54,7 @@ build/rootfs.erofs: ../../scripts/make-erofs.sh $(PACKAGES_FILE) $(FILES) $(BUIL for file in $(BUILD_FILES); do printf '%s\n%s\n' $$file $${file#build/}; done ;\ printf 'build/empty\n%s\n' $(DIRS) ;\ printf 'build/fifo\n%s\n' $(FIFOS) ;\ - } | ../../scripts/make-erofs.sh $@ + } | $(SHELL) ../../scripts/make-erofs.sh $@ build/etc/s6-rc: $(S6_RC_FILES) file-list.mk @@ -91,7 +91,7 @@ start-virtiofsd: scripts/start-virtiofsd.elb .PHONY: start-virtiofsd run-qemu: $(imgdir)/appvm/blk/root.img start-vhost-user-net start-virtiofsd - @../../scripts/run-qemu.sh -m 256 -cpu max -kernel $(KERNEL) -vga none \ + @$(SHELL) ../../scripts/run-qemu.sh -m 256 -cpu max -kernel $(KERNEL) -vga none \ -drive file=$(imgdir)/appvm/blk/root.img,if=virtio,format=raw,readonly=on \ -append "root=PARTLABEL=root nokaslr" \ -gdb unix:build/gdb.sock,server,nowait \ @@ -113,7 +113,7 @@ run-qemu: $(imgdir)/appvm/blk/root.img start-vhost-user-net start-virtiofsd run-cloud-hypervisor: $(imgdir)/appvm/blk/root.img start-vhost-user-gpu start-vhost-user-net start-virtiofsd rm -f build/vmm.sock build/vsock.sock - @../../scripts/run-cloud-hypervisor.sh \ + @$(SHELL) ../../scripts/run-cloud-hypervisor.sh \ --api-socket path=build/vmm.sock \ --memory size=1G,shared=on \ --disk path=$(imgdir)/appvm/blk/root.img,readonly=on \ diff --git a/lib/common.mk b/lib/common.mk index 84091a8..9896efe 100644 --- a/lib/common.mk +++ b/lib/common.mk @@ -1,5 +1,8 @@ # SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2021, 2023, 2025 Alyssa Ross +# SPDX-FileCopyrightText: 2021, 2023, 2025-2026 Alyssa Ross + +# Use sh from path — easier to make sure it's up to date than /bin/sh. +SHELL = sh BACKGROUND = background CPIO = cpio diff --git a/release/checks/integration/lib.c b/release/checks/integration/lib.c index 3a7ecdf..0f898f4 100644 --- a/release/checks/integration/lib.c +++ b/release/checks/integration/lib.c @@ -190,6 +190,7 @@ struct vm *start_qemu(struct config c) struct utsname u; int console_listener, console_conn; char *arch, *args[] = { + "sh", (char *)c.run_qemu, "-drive", nullptr, "-drive", nullptr, @@ -214,8 +215,8 @@ struct vm *start_qemu(struct config c) c.serial.optval ? (char *)c.serial.optval : "chardev:socket", nullptr, }; - char **efi_arg = &args[2], **img_arg = &args[4], - **user_data_arg = &args[6], **console_arg = &args[8]; + char **efi_arg = &args[3], **img_arg = &args[5], + **user_data_arg = &args[7], **console_arg = &args[9]; struct vm *r = malloc(sizeof *r); if (!r) { @@ -252,7 +253,7 @@ struct vm *start_qemu(struct config c) exit(EXIT_FAILURE); } - execv(c.run_qemu, args); + execvp(args[0], args); perror("execv"); exit(EXIT_FAILURE); } diff --git a/release/checks/integration/meson.build b/release/checks/integration/meson.build index 7bf8f51..f0ef334 100644 --- a/release/checks/integration/meson.build +++ b/release/checks/integration/meson.build @@ -7,7 +7,7 @@ project('spectrum-integration-tests', 'c', add_project_arguments('-D_GNU_SOURCE', language : 'c') -run_qemu = find_program('../../../scripts/run-qemu.sh') +run_qemu = files('../../../scripts/run-qemu.sh') lib = static_library('spectrum-integration-test', 'lib.c') diff --git a/release/live/Makefile b/release/live/Makefile index 85319d0..4bf38a0 100644 --- a/release/live/Makefile +++ b/release/live/Makefile @@ -8,10 +8,10 @@ include ../../lib/common.mk dest = build/live.img $(dest): ../../scripts/format-uuid.sh ../../scripts/make-gpt.sh ../../scripts/sfdisk-field.awk build/boot.fat $(ROOT_FS_IMAGES) - ../../scripts/make-gpt.sh $@.tmp \ + $(SHELL) ../../scripts/make-gpt.sh $@.tmp \ build/boot.fat:c12a7328-f81f-11d2-ba4b-00a0c93ec93b \ - $(ROOT_FS_VERITY):verity:$$(../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity:162' \ - $(ROOT_FS_IMAGE):root:$$(../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION):20000' \ + $(ROOT_FS_VERITY):verity:$$($(SHELL) ../../scripts/format-uuid.sh "$$(dd if=$(ROOT_FS_VERITY_ROOTHASH) bs=32 skip=1 count=1 status=none)"):Spectrum_'$(VERSION).verity:162' \ + $(ROOT_FS_IMAGE):root:$$($(SHELL) ../../scripts/format-uuid.sh "$$(head -c 32 $(ROOT_FS_VERITY_ROOTHASH))"):Spectrum_'$(VERSION):20000' \ /dev/null:verity:18f2ccff-92f1-4bb1-a80e-24f76ecda90c:_empty:162 \ /dev/null:root:ec0c5ff3-f6b1-4adf-82b4-61336c4d135f:_empty:20000 mv $@.tmp $@ @@ -43,7 +43,7 @@ run: build/empty $(dest) exec 4<>"$$userdata" && \ rm -f "$$userdata" && \ set +x && \ - exec ../../scripts/run-qemu.sh -m 4G \ + exec $(SHELL) ../../scripts/run-qemu.sh -m 4G \ -machine virtualization=on \ -cpu max \ -smbios type=11,value=io.systemd.stub.kernel-cmdline-extra=console=hvc0 \ diff --git a/vm/sys/net/Makefile b/vm/sys/net/Makefile index 7ad5e5c..e080954 100644 --- a/vm/sys/net/Makefile +++ b/vm/sys/net/Makefile @@ -25,7 +25,7 @@ $(vmdir)/netvm/vmlinux: $(KERNEL) $(vmdir)/netvm/blk/root.img: ../../../scripts/make-gpt.sh ../../../scripts/sfdisk-field.awk build/rootfs.erofs mkdir -p $$(dirname $@) - ../../../scripts/make-gpt.sh $@.tmp \ + $(SHELL) ../../../scripts/make-gpt.sh $@.tmp \ build/rootfs.erofs:root:ea21da27-0391-48da-9235-9d2ab2ca7844:root mv $@.tmp $@ @@ -43,7 +43,7 @@ build/rootfs.erofs: ../../../scripts/make-erofs.sh $(PACKAGES_FILE) $(FILES) $(B for file in $(FILES) $(LINKS); do printf '%s\n%s\n' $$file "$${file#image/}"; done ;\ for file in $(BUILD_FILES); do printf '%s\n%s\n' $$file $${file#build/}; done ;\ printf 'build/empty\n%s\n' $(DIRS) ;\ - } | ../../../scripts/make-erofs.sh $@ + } | $(SHELL) ../../../scripts/make-erofs.sh $@ build/etc/s6-rc: $(S6_RC_FILES) file-list.mk mkdir -p $$(dirname $@) @@ -65,7 +65,7 @@ start-vhost-user-net: ../../../scripts/start-passt.elb run-qemu: $(vmdir)/netvm/blk/root.img - @../../../scripts/run-qemu.sh -m 256 -cpu max -kernel $(KERNEL) -vga none \ + @$(SHELL)../../../scripts/run-qemu.sh -m 256 -cpu max -kernel $(KERNEL) -vga none \ -drive file=$(vmdir)/netvm/blk/root.img,if=virtio,format=raw,readonly=on \ -append "root=PARTLABEL=root nokaslr" \ -gdb unix:build/gdb.sock,server,nowait \ @@ -82,7 +82,7 @@ run-qemu: $(vmdir)/netvm/blk/root.img run-cloud-hypervisor: $(vmdir)/netvm/blk/root.img start-vhost-user-net rm -f build/vmm.sock @../../../scripts/with-taps.elb \ - ../../../scripts/run-cloud-hypervisor.sh \ + $(SHELL) ../../../scripts/run-cloud-hypervisor.sh \ --api-socket path=build/vmm.sock \ --memory size=256M,shared=on \ --disk path=$(vmdir)/netvm/blk/root.img,readonly=on \ base-commit: 5b3151fd08d1f1e3e166a328449fe6fe5092f316 -- 2.54.0