Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parse Windows' version correctly in post-install script #506

Merged
merged 1 commit into from
Jun 19, 2023
Merged

Parse Windows' version correctly in post-install script #506

merged 1 commit into from
Jun 19, 2023

Conversation

mataha
Copy link
Contributor

@mataha mataha commented Jun 19, 2023

The following snippet in post-install.bat attempts to parse Windows' major version number from ver builtin command output:

@FOR /F "tokens=4 delims=.[XP " %%i IN ('ver') DO @SET ver=%%i
@IF 10 LEQ %ver% @...

However, that code has numerous problems:

  • ver listing varies between major Windows releases (though Git for Windows' support for these has most likely phased out already) and may not necessarily yield the same amount of tokens, thus it's better to perform a two-step tokenization - string, then version
  • while the output of ver hasn't been found to contain 'poisonous' Batch characters (e.g. <>|&), it's preferred to wrap it in double quotes to prevent the contents 'escaping' into another command and use ~ during assignment should it contain double quotes itself
  • the code won't run if ver encounters an error, yielding an empty variable or inheriting a value from the environment the script happened to be running in, introducing potential security issues (PR note: especially when a buggy AutoRun command is executed in that subshell before)
  • numeric comparison will fail should ver contain an empty string, thus the variable needs to be pre-initialized with a numeric value
  • a number as the left operand obscures error messages from if

This can result in the following, rather cryptic error:

Line 3444: Unable to run post-install scripts:

C:\Program Files\Git>   @IF 10 LEQ  @(

Echoed due to %ver% being empty because of the problems listed above.

Fixes git-for-windows/git#1585 and git-for-windows/git#4019; maybe more.

Ran into this while looking for clues related to git-for-windows/git#4466...

@mataha
Parse Windows' version correctly in post-install script
305dbeb 
The following snippet in `post-install.bat` attempts to parse Windows'
major version number from `ver` builtin command output:

    @for /F "tokens=4 delims=.[XP " %%i IN ('ver') DO @set ver=%%i
    @if 10 LEQ %ver% @...

However, that code has numerous problems:

  - `ver` listing varies between major Windows releases (though Git
    for Windows' support for these has most likely phased out already)
    and may not necessarily yield the same amount of tokens, thus it's
    better to perform a two-step tokenization - string, *then* version
  - while the output of `ver` hasn't been found to contain 'poisonous'
    Batch characters (e.g. <>|&), it's preferred to wrap it in double
    quotes to prevent the contents 'escaping' into another command and
    use `~` during assignment should it contain double quotes itself
  - the code won't run if `ver` encounters an error, yielding an empty
    variable **or** inheriting a value from the environment the script
    happened to be running in, introducing potential security issues
  - numeric comparison will fail should `ver` contain an empty string,
    thus the variable needs to be pre-initialized with a numeric value
  - a number as the left operand obscures error messages from `if`

This can result in the following, rather cryptic error:

    Line 3444: Unable to run post-install scripts:

    C:\Program Files\Git>   @if 10 LEQ  @(

Echoed due to `%ver%` being empty because of the problems listed above.

Fixes git-for-windows/git#1585 and git-for-windows/git#4019; maybe more.

Signed-off-by: Mateusz Kazimierczuk <mataha@users.noreply.github.com>
dscho
dscho approved these changes Jun 19, 2023
View reviewed changes
Copy link
Member

@dscho dscho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is awesome, what a well written PR! Thank you!

@dscho dscho merged commit fb01664 into git-for-windows:main Jun 19, 2023
@dscho
Copy link
Member

dscho commented Jun 19, 2023
edited by gitforwindowshelper bot
Loading

/add release note bug Portable Git: The Windows version is now parsed more robustly in the post-install script.

The workflow run was started

github-actions bot pushed a commit that referenced this pull request Jun 19, 2023
Add a release note (bug)
65e306c 
Portable Git: The Windows version is now parsed [more
robustly](#506) in
the post-install script.

Signed-off-by: gitforwindowshelper[bot] <gitforwindowshelper-bot@users.noreply.github.com>
@mataha
Copy link
Contributor Author

mataha commented Jun 20, 2023

Was a mismatched Signed-off-by fine? Asking because I never put my real name in user.name.

@dscho
Copy link
Member

dscho commented Jun 20, 2023

Was a mismatched Signed-off-by fine? Asking because I never put my real name in user.name.

@mataha for this repository, it's preferred but not mandatory to use the real name and real email address. For git-for-windows/git, it is mandatory because all patches should be (at least theoretically) upstreamable to the Git project, which requires this.

@mataha mataha deleted the fix/post-install-windows-version branch June 21, 2023 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dscho dscho dscho approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

GfW 2.16.2 installer has problems with the post-install scripts
2 participants
@mataha @dscho