This provides a reliable and portable way to
test whether an environment variable is defined.
(Of course, if you are using glibc you may get
false positives if you include a = in the query.)
Signed-off-by: Mattias Andrée <maandree@kth.se>
We've already seen the issue with echo(1): Before we changed it to
ignore "--", the command
$ echo --
did not work as expected. Given POSIX mandated this and makes most
sense, in the interest of consistency the other tools need to be
streamlined for that as well.
Looking at yes(1) for instance, there's no reason to skip "--" in
the argument list.
We do not have long options like GNU does and there's no reason to
tinker with that here.
The majority of tools changed are ones taking lists of arguments
or only a single one. There's no reason why dirname should "fail"
on "--". In the end, this is a valid name.
The practice of hand-holding the user was established with the GNU
coreutils. "--help" and "--version" long-options are a disgrace to
what could've been done properly with manpages.
This has been a known issue for a long time. Example:
printf "word" > /dev/full
wouldn't report there's not enough space on the device.
This is due to the fact that every libc has internal buffers
for stdout which store fragments of written data until they reach
a certain size or on some callback to flush them all at once to the
kernel.
You can force the libc to flush them with fflush(). In case flushing
fails, you can check the return value of fflush() and report an error.
However, previously, sbase didn't have such checks and without fflush(),
the libc silently flushes the buffers on exit without checking the errors.
No offense, but there's no way for the libc to report errors in the exit-
condition.
GNU coreutils solve this by having onexit-callbacks to handle the flushing
and report issues, but they have obvious deficiencies.
After long discussions on IRC, we came to the conclusion that checking the
return value of every io-function would be a bit too much, and having a
general-purpose fclose-wrapper would be the best way to go.
It turned out that fclose() alone is not enough to detect errors. The right
way to do it is to fflush() + check ferror on the fp and then to a fclose().
This is what fshut does and that's how it's done before each return.
The return value is obviously affected, reporting an error in case a flush
or close failed, but also when reading failed for some reason, the error-
state is caught.
the !!( ... + ...) construction is used to call all functions inside the
brackets and not "terminating" on the first.
We want errors to be reported, but there's no reason to stop flushing buffers
when one other file buffer has issues.
Obviously, functionales come before the flush and ret-logic comes after to
prevent early exits as well without reporting warnings if there are any.
One more advantage of fshut() is that it is even able to report errors
on obscure NFS-setups which the other coreutils are unable to detect,
because they only check the return-value of fflush() and fclose(),
not ferror() as well.
This has already been suggested by Evan Gates <evan.gates@gmail.com>
and he's totally right about it.
So, what's the problem?
I wrote a testing program asshole.c with
int
main(void)
{
execl("/path/to/sbase/echo", "echo", "test");
return 0;
}
and checked the results with glibc and musl. Note that the
sentinel NULL is missing from the end of the argument list.
glibc calculates an argc of 5, musl 4 (instead of 2) and thus
mess up things anyway.
The powerful arg.h also focuses on argv instead of argc as well,
but ignoring argc completely is also the wrong way to go.
Instead, a more idiomatic approach is to check *argv only and
decrement argc on the go.
While at it, I rewrote yes(1) in an argv-centric way as well.
All audited tools have been "fixed" and each following audited
tool will receive the same treatment.
Michael Forney
Laslo Hunhold
Mattias Andrée
sin
Christoph Lohmann