[checkmk-commits] Fixed bash versionitis, unbreaking cached check results.

Module: check_mk Branch: master Commit: d1e67c5b628f08a6943d7e9c315accc63d705b10 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d1e67c5b628f08… Author: Sven Panne <sp(a)mathias-kettner.de> Date: Tue Oct 18 15:06:06 2016 +0200 Fixed bash versionitis, unbreaking cached check results. Our shebang lines in scripts explicitly state which bash they want, and the bash instances we start from the script should better use the exact same version. If there is a version mismatch, lots of funny things can happen, the most prominent being that caching check results doesn't work anymore (e.g. when using MRPE). This is caused by the bash fixes for the Shellshock vulnerability which change (among other things) how functions are exported to sub-shells. The consequence is that a pre-Shellshock bash doesn't see the functions exported by a post-Shellshock bash, and vice versa. This setup can happen when the shebang and the user's PATH have different ideas about which bash to use. To fix this, we use the same absolute path for starting the bash sub-processes as the one stated in the corresponding shebang. This is all a bit ugly and fragile, but by far the easiest way to fix this for now. --- agents/check_mk_agent.freebsd | 2 +- agents/check_mk_agent.linux | 4 ++-- agents/check_mk_agent.openwrt | 1 + agents/check_mk_agent.solaris | 4 ++-- agents/plugins/mk_oracle | 4 ++-- agents/plugins/mk_oracle.aix | 4 ++-- agents/plugins/mk_oracle.solaris | 2 +- 7 files changed, 11 insertions(+), 10 deletions(-) diff --git a/agents/check_mk_agent.freebsd b/agents/check_mk_agent.freebsd index 9a00794..a2c7ae2 100755 --- a/agents/check_mk_agent.freebsd +++ b/agents/check_mk_agent.freebsd @@ -100,7 +100,7 @@ function run_cached() { # Cache file outdated and new job not yet running? Start it if [ -z "$USE_CACHEFILE" -a ! -e "$CACHEFILE.new" ] ; then - echo "$CMDLINE" | daemon bash -o noclobber > $CACHEFILE.new && mv $CACHEFILE.new $CACHEFILE || rm -f $CACHEFILE $CACHEFILE.new & + echo "$CMDLINE" | daemon /usr/local/bin/bash -o noclobber > $CACHEFILE.new && mv $CACHEFILE.new $CACHEFILE || rm -f $CACHEFILE $CACHEFILE.new & fi } diff --git a/agents/check_mk_agent.linux b/agents/check_mk_agent.linux index 6a5eaeb..6c2a38c 100755 --- a/agents/check_mk_agent.linux +++ b/agents/check_mk_agent.linux @@ -182,9 +182,9 @@ function run_cached () { if [ -z "$USE_CACHEFILE" ] && [ ! -e "$CACHEFILE.new" ] ; then # When the command fails, the output is throws away ignored if [ $mrpe -eq 1 ] ; then - echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; run_mrpe $NAME $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup bash >/dev/null 2>&1 & + echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; run_mrpe $NAME $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup /bin/bash >/dev/null 2>&1 & else - echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup bash >/dev/null 2>&1 & + echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup /bin/bash >/dev/null 2>&1 & fi fi } diff --git a/agents/check_mk_agent.openwrt b/agents/check_mk_agent.openwrt index e28e65d..f0670a0 100755 --- a/agents/check_mk_agent.openwrt +++ b/agents/check_mk_agent.openwrt @@ -166,6 +166,7 @@ run_cached () { if [ -z "$USE_CACHEFILE" ] && [ ! -e "$CACHEFILE.new" ] ; then # When the command fails, the output is throws away ignored if [ $mrpe -eq 1 ] ; then + # TODO: This won't work: run_mrpe is not exported. And do we have bash at all? echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; run_mrpe $NAME $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup bash >/dev/null 2>&1 & else echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup bash >/dev/null 2>&1 & diff --git a/agents/check_mk_agent.solaris b/agents/check_mk_agent.solaris index c071fbf..8a6f1fd 100755 --- a/agents/check_mk_agent.solaris +++ b/agents/check_mk_agent.solaris @@ -115,9 +115,9 @@ function run_cached () { # Cache file outdated and new job not yet running? Start it if [ -z "$USE_CACHEFILE" ] && [ ! -e "$CACHEFILE.new" ] ; then if [ $mrpe -eq 1 ] ; then - echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; run_mrpe $NAME $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup bash >/dev/null 2>&1 & + echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; run_mrpe $NAME $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup /usr/bin/bash >/dev/null 2>&1 & else - echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup bash >/dev/null 2>&1 & + echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup /usr/bin/bash >/dev/null 2>&1 & fi fi } diff --git a/agents/plugins/mk_oracle b/agents/plugins/mk_oracle index f873d02..1cc30ae 100755 --- a/agents/plugins/mk_oracle +++ b/agents/plugins/mk_oracle @@ -1104,10 +1104,10 @@ function run_cached () { # Cache file outdated and new job not yet running? Start it if [ -z "$USE_CACHEFILE" -a ! -e "$CACHEFILE.new" ] ; then if [ "$DEBUG" ] ; then - echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | bash + echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | /bin/bash else # When the command fails, the output is throws away ignored - echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup bash >/dev/null 2>&1 & + echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup /bin/bash >/dev/null 2>&1 & fi fi } diff --git a/agents/plugins/mk_oracle.aix b/agents/plugins/mk_oracle.aix index 1259aff..9d30acb 100755 --- a/agents/plugins/mk_oracle.aix +++ b/agents/plugins/mk_oracle.aix @@ -989,10 +989,10 @@ function run_cached_local () { # Cache file outdated and new job not yet running? Start it if [ -z "$USE_CACHEFILE" -a ! -e "$CACHEFILE.new" ] ; then if [ "$DEBUG" ] ; then - echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | bash + echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | /bin/bash else # When the command fails, the output is throws away ignored - echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup bash >/dev/null 2>&1 & + echo "set -o noclobber ; exec > \"$CACHEFILE.new\" || exit 1 ; $CMDLINE && mv \"$CACHEFILE.new\" \"$CACHEFILE\" || rm -f \"$CACHEFILE\" \"$CACHEFILE.new\"" | nohup /bin/bash >/dev/null 2>&1 & fi fi } diff --git a/agents/plugins/mk_oracle.solaris b/agents/plugins/mk_oracle.solaris index 8915a63..2bc2ec8 100755 --- a/agents/plugins/mk_oracle.solaris +++ b/agents/plugins/mk_oracle.solaris @@ -147,7 +147,7 @@ for SID in $SIDS; do # to update the information for this instance. if [ -z "$CACHE_FILE_UPTODATE" -a ! -e "$CACHE_FILE.new" ] then - nohup bash -c " + nohup /bin/bash -c " set -o noclobber function sqlplus () {