etc: Fixes for DependencyInstaller.sh#10037
etc: Fixes for DependencyInstaller.sh#10037titan73 wants to merge 3 commits intoThe-OpenROAD-Project:masterfrom
Conversation
The eval was lost in 9273cce. Signed-off-by: Christian Costa <titan.costa@gmail.com>
…scription with them. Signed-off-by: Christian Costa <titan.costa@gmail.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request modifies etc/DependencyInstaller.sh by adjusting the logging output in the _execute function and prepending eval to several wget commands across various installation functions. The review feedback consistently identifies the use of eval as a security risk that can lead to word-splitting issues, recommending the implementation of a shell function as a safer and more robust alternative for handling command aliases or flags.
etc/DependencyInstaller.sh
Outdated
| cmake_checksum=${CMAKE_CHECKSUM_X86_64} | ||
| fi | ||
| _execute "Downloading CMake..." wget "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION_SMALL}/cmake-${CMAKE_VERSION_SMALL}-linux-${arch}.sh" | ||
| _execute "Downloading CMake..." eval wget "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION_SMALL}/cmake-${CMAKE_VERSION_SMALL}-linux-${arch}.sh" |
There was a problem hiding this comment.
Using eval to force alias expansion is discouraged in shell scripts. It introduces security risks and can cause issues with word splitting if variables contain spaces. A more robust approach is to define a shell function instead of an alias for wget when the -nocert flag is used. This allows the command to be called normally without eval. For example, in the -nocert block, you could use: wget() { command wget --no-check-certificate "$@"; }
| _execute "Downloading CMake..." eval wget "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION_SMALL}/cmake-${CMAKE_VERSION_SMALL}-linux-${arch}.sh" | |
| _execute "Downloading CMake..." wget "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION_SMALL}/cmake-${CMAKE_VERSION_SMALL}-linux-${arch}.sh" |
etc/DependencyInstaller.sh
Outdated
| local url="${mirror}/bison-${BISON_VERSION}.tar.gz" | ||
| log "Trying to download bison from: $url" | ||
| if wget "$url"; then | ||
| if eval wget "$url"; then |
There was a problem hiding this comment.
Using eval here is risky. If the $url variable contains spaces or special characters, eval will cause the shell to re-parse the command, leading to incorrect argument splitting. Using a shell function instead of an alias for wget is a safer and cleaner alternative.
| if eval wget "$url"; then | |
| if wget "$url"; then |
etc/DependencyInstaller.sh
Outdated
| ( | ||
| cd "${BASE_DIR}" | ||
| _execute "Downloading Flex..." wget https://github.com/westes/flex/releases/download/v${FLEX_VERSION}/flex-${FLEX_VERSION}.tar.gz | ||
| _execute "Downloading Flex..." eval wget https://github.com/westes/flex/releases/download/v${FLEX_VERSION}/flex-${FLEX_VERSION}.tar.gz |
There was a problem hiding this comment.
Avoid using eval to expand aliases. Use a shell function for wget instead to maintain security and avoid word-splitting issues.
| _execute "Downloading Flex..." eval wget https://github.com/westes/flex/releases/download/v${FLEX_VERSION}/flex-${FLEX_VERSION}.tar.gz | |
| _execute "Downloading Flex..." wget https://github.com/westes/flex/releases/download/v${FLEX_VERSION}/flex-${FLEX_VERSION}.tar.gz |
etc/DependencyInstaller.sh
Outdated
| cd "${BASE_DIR}" | ||
| local tar_name="v${SWIG_VERSION}.tar.gz" | ||
| _execute "Downloading SWIG..." wget "https://github.com/swig/swig/archive/${tar_name}" | ||
| _execute "Downloading SWIG..." eval wget "https://github.com/swig/swig/archive/${tar_name}" |
There was a problem hiding this comment.
Avoid using eval to expand aliases. Use a shell function for wget instead.
| _execute "Downloading SWIG..." eval wget "https://github.com/swig/swig/archive/${tar_name}" | |
| _execute "Downloading SWIG..." wget "https://github.com/swig/swig/archive/${tar_name}" |
etc/DependencyInstaller.sh
Outdated
| cd "${BASE_DIR}" | ||
| local pcre_tar_name="pcre2-${PCRE_VERSION}.tar.gz" | ||
| _execute "Downloading PCRE..." wget "https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE_VERSION}/${pcre_tar_name}" | ||
| _execute "Downloading PCRE..." eval wget "https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE_VERSION}/${pcre_tar_name}" |
There was a problem hiding this comment.
Avoid using eval to expand aliases. Use a shell function for wget instead.
| _execute "Downloading PCRE..." eval wget "https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE_VERSION}/${pcre_tar_name}" | |
| _execute "Downloading PCRE..." wget "https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE_VERSION}/${pcre_tar_name}" |
etc/DependencyInstaller.sh
Outdated
| ( | ||
| cd "${BASE_DIR}" | ||
| _execute "Downloading gtest..." wget "https://github.com/google/googletest/archive/refs/tags/v${GTEST_VERSION}.zip" | ||
| _execute "Downloading gtest..." eval wget "https://github.com/google/googletest/archive/refs/tags/v${GTEST_VERSION}.zip" |
There was a problem hiding this comment.
Avoid using eval to expand aliases. Use a shell function for wget instead.
| _execute "Downloading gtest..." eval wget "https://github.com/google/googletest/archive/refs/tags/v${GTEST_VERSION}.zip" | |
| _execute "Downloading gtest..." wget "https://github.com/google/googletest/archive/refs/tags/v${GTEST_VERSION}.zip" |
etc/DependencyInstaller.sh
Outdated
| ( | ||
| cd "${BASE_DIR}" | ||
| _execute "Downloading Abseil..." wget "https://github.com/abseil/abseil-cpp/releases/download/${ABSL_VERSION}/abseil-cpp-${ABSL_VERSION}.tar.gz" | ||
| _execute "Downloading Abseil..." eval wget "https://github.com/abseil/abseil-cpp/releases/download/${ABSL_VERSION}/abseil-cpp-${ABSL_VERSION}.tar.gz" |
There was a problem hiding this comment.
Avoid using eval to expand aliases. Use a shell function for wget instead.
| _execute "Downloading Abseil..." eval wget "https://github.com/abseil/abseil-cpp/releases/download/${ABSL_VERSION}/abseil-cpp-${ABSL_VERSION}.tar.gz" | |
| _execute "Downloading Abseil..." wget "https://github.com/abseil/abseil-cpp/releases/download/${ABSL_VERSION}/abseil-cpp-${ABSL_VERSION}.tar.gz" |
etc/DependencyInstaller.sh
Outdated
| fi | ||
| local or_tools_file="or-tools_${arch}_${os}-${os_version}_cpp_v${OR_TOOLS_VERSION_SMALL}.tar.gz" | ||
| _execute "Downloading or-tools..." wget "https://github.com/google/or-tools/releases/download/v${OR_TOOLS_VERSION_BIG}/${or_tools_file}" | ||
| _execute "Downloading or-tools..." eval wget "https://github.com/google/or-tools/releases/download/v${OR_TOOLS_VERSION_BIG}/${or_tools_file}" |
There was a problem hiding this comment.
Avoid using eval to expand aliases. Use a shell function for wget instead.
| _execute "Downloading or-tools..." eval wget "https://github.com/google/or-tools/releases/download/v${OR_TOOLS_VERSION_BIG}/${or_tools_file}" | |
| _execute "Downloading or-tools..." wget "https://github.com/google/or-tools/releases/download/v${OR_TOOLS_VERSION_BIG}/${or_tools_file}" |
etc/DependencyInstaller.sh
Outdated
| local arch=amd64 | ||
| local pandoc_version="3.1.11.1" | ||
| _execute "Downloading pandoc..." wget "https://github.com/jgm/pandoc/releases/download/${pandoc_version}/pandoc-${pandoc_version}-linux-${arch}.tar.gz" | ||
| _execute "Downloading pandoc..." eval wget "https://github.com/jgm/pandoc/releases/download/${pandoc_version}/pandoc-${pandoc_version}-linux-${arch}.tar.gz" |
There was a problem hiding this comment.
Avoid using eval to expand aliases. Use a shell function for wget instead.
| _execute "Downloading pandoc..." eval wget "https://github.com/jgm/pandoc/releases/download/${pandoc_version}/pandoc-${pandoc_version}-linux-${arch}.tar.gz" | |
| _execute "Downloading pandoc..." wget "https://github.com/jgm/pandoc/releases/download/${pandoc_version}/pandoc-${pandoc_version}-linux-${arch}.tar.gz" |
etc/DependencyInstaller.sh
Outdated
|
|
||
| if _version_compare "${1}" -lt "24.04"; then | ||
| _execute "Downloading LLVM install script..." wget https://apt.llvm.org/llvm.sh | ||
| _execute "Downloading LLVM install script..." eval wget https://apt.llvm.org/llvm.sh |
There was a problem hiding this comment.
Avoid using eval to expand aliases. Use a shell function for wget instead.
| _execute "Downloading LLVM install script..." eval wget https://apt.llvm.org/llvm.sh | |
| _execute "Downloading LLVM install script..." wget https://apt.llvm.org/llvm.sh |
|
clang-tidy review says "All clean, LGTM! 👍" |
|
The eval approach for handling |
Signed-off-by: Christian Costa <titan.costa@gmail.com>
|
clang-tidy review says "All clean, LGTM! 👍" |
|
I replaced the eval with a variable which is empty or with the nocert option |
|
Please provide a description of the problem being fixed. |
I added the -nocert option to disable certificate checks as I had issue with my company firewall with 1234ff1. The 1st patch fixes that but actually I changed the method with the 3rd patch by using a variable OPT_NOCERT instead as Gemini complained. The 2nd patch is unrelated and just cosmetic. When running the script. A message is printed with 6 dots: If needed,I can split the PR with patch 1 & 3 squashed and another for the patch 2. |
|
clang-tidy review says "All clean, LGTM! 👍" |
3 participants
No description provided.