export: simplify distro_binary
script
#697
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In Vanilla OS, I have installed
git
throughapx install git
. Then, a script file~/.local/bin/git
is generated. The script file seems to be created by distrobox, specifically, by the shell functiongenerate_script
in this file (distrobox-export
).In the script file, I noticed that it creates at least
1 + 6 x (number of arguments)
extra processes just to quote the arguments and then unquote them, which seems redundant. If the arguments contain'
or"
, the number of processes would increase further. We can simply pass the arguments to the command instead of quoting the arguments by external commands and then again unquoting them byeval
.Or is there any particular background to redundantly quote and unquote the arguments? I noticed #448, which introduced this quoting/unquoting in
distrobox-export
, but I think the change todistrobox-enter
was sufficient in #448. Whiledistrobox-enter
needs to generate a command string for later use, distrobox_binary generated bydistrobox-export
evaluates the quoted arguments in the same place so actually does not need to quote them in the first place.Even when there is a reason to first quote and then unquote the arguments,
eval ${command}
is vulnerable because when an argument containing'*'
is passed, it can pick up an arbitrary string from the filenames in the current directory through pathname expansions and execute it. Even when this PR would be rejected, at least, theeval
should be quoted aseval "${command}"
. For example,Also, we can use exec to run
distribox-enter
in order to reduce the number of forks.