template: allow & in arg string

[tschettervictor]

#412

The PR will make sure an escape character \ is added in front of the & character in 'arg' string ONLY if it is escaped like "\&".

It fixes #412, but I'm not sure if it will break something else down the road. It shouldn't as it only looks for \& and makes sure it stays that way.

@michael-o
@tobiastom

[tschettervictor]

As long as the "&" is escaped like \& it will treat it literally now. But if it is on its own like "&" then it will treat it like a special character.

This is the Bastille file I'm using.

ARG NAME

CMD echo "My name is ${NAME}" > /root/my-name
CMD "cat /root/my-name

With --arg NAME="me \& you"

[michael-o]

The question is how to properly document that for the user since it is not obvious that you have to pass "\&". I not 100% convinced that it is an ideal solution. How is the user supposed to know that this goes through sed?

[tschettervictor]

Good point.

I think personally it should be a general point that if we are using special characters (anywhere) we need to try to escape them.

This keeps things lined up with the rest of the BSD world/code for the most part.

The other question is, Is there ever a time when the user will want to use the "specialness" of that character? And if they do, we definitely need to have a way to do both, and escaping it is the best option. IMO.

[tschettervictor]

How so?

All it does is add one additional clans to the "parse_arg_value" function.

And that is, if it finds \&, it will make sure it stays.

[bmac2]

ok I am good with it.

[tschettervictor]

I've added docs saying that it needs to be escaped if it is to be treated literally.

The question is, does it work for you?

[michael-o]

I have now tried the following:

bastille template deblndw013x4j dw/base-complete \
  --arg LOCALE="en_GB.UTF-8" \
  --arg ROOT_FULLNAME="Michael '\\&' Osipov" \
  --arg ROOT_AUTHORIZED_KEYS=/var/tmp/deblndw013x4j/authorized_keys \
  --arg ROOT_K5LOGIN=/var/tmp/deblndw013x4j/k5login \
  --arg ROOT_FORWARD=/var/tmp/deblndw013x4j/forward \
  --arg INSTALL_SOFTWARE_FROM="packages"

It does not work:

# finger root
Login: root                             Name: Michael '' Osipov
Directory: /root                        Shell: /bin/sh
On since Thu 16 Jan 10:10 (CET) on pts/1
No Mail.
No Plan.

I also need to note that ROOT_FULLNAME is passed to another template first:
From base-complete:

...
ARG ROOT_FULLNAME
ARG ROOT_AUTHORIZED_KEYS
ARG ROOT_K5LOGIN
ARG ROOT_FORWARD
ARG INSTALL_SOFTWARE_FROM="packages"

CMD echo "Starting base jail configuration"
...
INCLUDE dw/root-config --arg FULLNAME="${ROOT_FULLNAME}" --arg AUTHORIZED_KEYS="${ROOT_AUTHORIZED_KEYS}" --arg K5LOGIN="${ROOT_K5LOGIN}" --arg FORWARD="${ROOT_FORWARD}"
CMD touch /etc/.base-complete
CMD echo "Base jail complete"

and root-config contains:

...
CMD pw usermod root -c "${FULLNAME}"
...

[tschettervictor]

You are escaping it twice there. It should only be escaped once, and without the single quotes.

[bmac2]

@michael-o @tschettervictor what is the status of this one. Looking at what can be closed out this weekend but not sure where we are. Last posting from Michael was he found an error.

@yaazkal

[michael-o]

@michael-o @tschettervictor what is the status of this one. Looking at what can be closed out this weekend but not sure where we are. Last posting from Michael was he found an error.

@yaazkal

Will do more tests on Monday.

[michael-o]

You are escaping it twice there. It should only be escaped once, and without the single quotes.

Why no single quotes? So if single quotes aren't allowed then one issue is fixed and then something else will be broken.

[tschettervictor]

Did you try with the single quotes? Perhaps it does work. I didn't try that.

[michael-o]

The only thing which works is:

  --arg ROOT_FULLNAME="Michael \\& Osipov" \

but with single quotes it does not work. It also requires two backslashes, from a user PoV the behavior is unclear and not really usable.

[bmac2]

what triggered this PR with a & in it? Is this something we are trying to code around a one off occurance, or is there a real use case behind it? Just curious since this regex is seeming to get complicated.

@tschettervictor @michael-o

[tschettervictor]

#412

[michael-o]

what triggered this PR with a & in it? Is this something we are trying to code around a one off occurance, or is there a real use case behind it? Just curious since this regex is seeming to get complicated.

@tschettervictor @michael-o

See my example by providing GECOS and have the system resolve '&' for the username.

[tschettervictor]

So, what if we would require it to be inside single quotes for it to be recognized literally?

[michael-o]

So, what if we would require it to be inside single quotes for it to be recognized literally?

Can you rephrase with an example? I don't understand the question.

[tschettervictor]

'&' will treat it literally, where not having the single quotes will treat it as a special character.

[michael-o]

'&' will treat it literally, where not having the single quotes will treat it as a special character.

Then how to combine both? Two singlequotes?

[tschettervictor]

First off, what is your suggestion? What should work and be acceptable? Then we can go from there.

[michael-o]

First off, what is your suggestion? What should work and be acceptable? Then we can go from there.

My expectation would be the following that these work:

bastille apply foo/bar --arg ME="foo & bar" --arg YOU="foo '&' bar" --arg US="foo \"&\" bar"

if any of these requires escaping then it should be properly documented.