kfogel@collab.net wrote:
>Branko Čibej <brane@xbc.nu> writes:
>
>
>>Big surprise here, you're ignoring the exit code from verify-po.py...
>>
>>
>
>Sorry -- I assumed that when a subcommand (subprocess) exited with
>non-success, the script would too. On reflection, I don't know why I
>thought that. Too much 'make', maybe?
>
>
I guess. Or not enough "set -e". :-)
>It works now, the new hook script looks like this:
>
> #!/bin/sh
>
> LANG=en_US; export LANG
>
> REPOS=${1}
> TXN=${2}
>
> LOG=`/usr/local/bin/svnlook log ${REPOS} -t ${TXN}`
> echo "${LOG}" | grep "[a-zA-Z0-9]" > /dev/null || exit 1
>
>
You're trying to forbid empty log messages here, yes? I'd suggest not
opening an attack path by letting echo expand shell-metas in the $LOG
variable; so,
/usr/local/bin/svnlook log ${REPOS} -t ${TXN} | \
grep '[a-zA-Z0-9]' > /dev/null || exit 1
> # Check that .po files are in UTF-8 encoding.
> if ! /mysterious/super/secret/path/to/verify-po.py ${REPOS} ${TXN}; then
> exit 1
> fi
>
>
Yup. Although I'd do something similar as before:
/mysterious/super/secret/path/to/verify-po.py ${REPOS} ${TXN} || exit 1
>
> exit 0
>
>Thanks for the quick diagnosis.
>
>By the way, is there any reason not to put "#!/usr/bin/env python" at
>the top of verify-po.py?
>
>
None at all.
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri May 7 14:11:59 2004