crypt/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-01-26 07:41:33 +03:00
Code Activity
Files
a2951b4db1e8bbcac4ee4471c62c270b0628024f
certbot/certbot.wrapper
alexzorin a2951b4db1 snap: Fix "stack smashing" error in wrapper (#8249) 
* snap: Fix "stack smashing" error in wrapper

certbot.wrapper had implicit dependencies on sed, awk and coreutils,
which were being accidentally provided through the host system. Because
certbot.wrapper modifies LD_LIBRARY_PATH, this was causing some systems
to load an incompatible combination of shared libraries, resulting sed
crashing.

This commit reduces the dependencies of this script to just gawk, and
explicitly stages it as part of the Certbot snap.

It additionally moves invocations of all host system programs to a
moment prior to the modification of LD_LIBRARY_PATH, and the invocation
of snapped programs to after the modification.

Fixes #8245

* snap: Don't modify LD_LIBRARY_PATH

* leftover tracing

* snap: revert curl/jq in wrapper, use gawk for now
2020-09-04 20:51:01 +02:00

36 lines
1.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
set -e
# This code is based on snapcraft's own patch to work around this problem at
# https://github.com/snapcore/snapcraft/blob/a97fb5c7ea553a1bd20f4887a7c3393e75761890/patches/ctypes_init.diff.
# We may not build the Certbot snap for all of these architectures (and as of
# writing this we do not), but we keep the code for them to avoid having to
# solve this problem again in the future if we add support for new
# architectures.
case "${SNAP_ARCH}" in
'arm64')
ARCH_TRIPLET='aarch64-linux-gnu';;
'armhf')
ARCH_TRIPLET='arm-linux-gnueabihf';;
'i386')
ARCH_TRIPLET='i386-linux-gnu';;
'ppc64el')
ARCH_TRIPLET='powerpc64le-linux-gnu';;
'powerpc')
ARCH_TRIPLET='powerpc-linux-gnu';;
'amd64')
ARCH_TRIPLET='x86_64-linux-gnu';;
's390x')
ARCH_TRIPLET='s390x-linux-gnu';;
*)
echo "Unrecongized value of SNAP_ARCH: ${SNAP_ARCH}" >&2
exit 1
esac
export CERTBOT_AUGEAS_PATH="${SNAP}/usr/lib/${ARCH_TRIPLET}/libaugeas.so.0"
CERTBOT_PLUGIN_PATH="$(snap connections certbot | gawk 'BEGIN {ORS=""} NR>1 { if ($1 == "content[certbot-1]") { split($3,a,":"); PLUGINS=PLUGINS":/snap/"a[1]"/current/lib/python3.8/site-packages/"; next; } } END { print substr(PLUGINS, 2) }')"
export CERTBOT_PLUGIN_PATH
exec certbot "$@"
View Git Blame Copy Permalink