systemd: Execute timer commands via the shell

This is what people probably expect anyway, and it allows us to dig
the verbatim command out of the ExecStart D-Bus property.

Author: mvollmer

pkg/systemd/service-details.jsx

@@ -40,7 +40,7 @@ import './service-details.scss';
 import { KebabDropdown } from "cockpit-components-dropdown";
 
 import { TimerDialog } from "./timer-dialog.jsx";
-import { from_boot_usec, from_on_calendar, join_command_arguments } from "./timer-dialog-helpers.js";
+import { from_boot_usec, from_on_calendar } from "./timer-dialog-helpers.js";
 
 const _ = cockpit.gettext;
 const METRICS_POLL_DELAY = 30000; // 30s
@@ -385,15 +385,20 @@ export class ServiceDetails extends React.Component {
             const serviceProperties = await bus.call(serviceDbusPath[0], s_bus.I_PROPS, "GetAll", [s_bus.I_SERVICE]);
             const exec = serviceProperties[0].ExecStart.v;
 
-            // ensure there is exactly one ExecStart= in the unit file
-            if (exec.length === 1) {
-                const execCommand = exec[0][0];
-                const execArguments = exec[0][1];
-                return await join_command_arguments(execCommand, execArguments);
-            } else {
+            // ensure there is exactly one ExecStart= in the unit file that matches "/bin/sh -c CMD"
+
+            if (exec.length !== 1) {
                 console.warn(`${exec.length} ExecStart= entries were found for ${serviceUnitName} instead of 1`);
                 return null;
             }
+
+            const [cmd, args] = exec[0];
+            if (cmd !== "/bin/sh" || args.length !== 3 || args[1] != "-c") {
+                console.warn(`ExecStart= entry is not of the form "/bin/sh -c CMD"`);
+                return null;
+            }
+
+            return args[2];
         }
 
         const Dialogs = this.context;

pkg/systemd/timer-dialog-helpers.js

@@ -4,25 +4,10 @@
  */
 
 import cockpit from "cockpit";
-import * as python from "python";
 import s_bus from "./busnames.js";
 import { systemd_client, clock_realtime_now } from "./services.jsx";
 import { CockpitManagedMarker } from "./service-details.jsx";
 
-export async function join_command_arguments(command, args) {
-    const exec = [command].concat(args.slice(1));
-    const shlex = python.spawn(
-        "from json import loads; from shlex import join; from sys import stdin;" +
-        "out = join(loads(stdin.read())); print(out, end='');"
-    );
-
-    shlex.input(JSON.stringify(exec));
-    shlex.input();
-    const output = await shlex;
-
-    return output;
-}
-
 export function from_boot_usec(value) {
     const result = { delay: "system-boot" };
     const seconds = Math.floor(value / 1e6); // Convert from microseconds
@@ -141,12 +126,29 @@ export function from_on_calendar(patterns) {
     }
 }
 
+/* Escape STR so that it is parsed as a single argument in a
+   ExecStart= line.  We need to escape spaces, newlines, quotes, and
+   backslashes by prepending a backslash.  We also need to escape
+   specifiers by prepending a "%" character.
+ */
+
+function escape_systemd_exec_arg(str) {
+    return str
+            .replaceAll("\\", "\\\\")
+            .replaceAll(" ", "\\s")
+            .replaceAll("\t", "\\t")
+            .replaceAll("\n", "\\n")
+            .replaceAll("\"", "\\\"")
+            .replaceAll("'", "\\'")
+            .replaceAll("%", "%%");
+}
+
 export function create_timer({ name, description, command, delay, delayUnit, delayNumber, repeat, repeatPatterns, specificTime, owner }) {
     const timer_unit = {};
     const repeat_array = repeatPatterns;
     timer_unit.name = name.replace(/\s/g, '');
     timer_unit.Description = description;
-    timer_unit.Command = command;
+    timer_unit.Command = "/bin/sh -c " + escape_systemd_exec_arg(command);
     timer_unit.boot_time = delayNumber;
     timer_unit.boot_time_unit = delayUnit;
 

pkg/systemd/timer-dialog.jsx

@@ -63,14 +63,13 @@ export const TimerDialog = ({ owner, timer }) => {
     const [specificTime, setSpecificTime] = useState(timer?.specificTime || "00:00");
     const [isSpecificTimeOpen, setSpecificTimeOpen] = useState(false);
     const [submitted, setSubmitted] = useState(false);
-    const [commandNotFound, setCommandNotFound] = useState(false);
     const validationFailed = {};
 
     if (!name.trim().length || !/^[a-zA-Z0-9:_.@-]+$/.test(name))
         validationFailed.name = true;
     if (!description.trim().length)
         validationFailed.description = true;
-    if (!command.trim().length || commandNotFound)
+    if (!command.trim().length)
         validationFailed.command = true;
     if (!/^[0-9]+$/.test(delayNumber))
         validationFailed.delayNumber = true;
@@ -103,20 +102,9 @@ export const TimerDialog = ({ owner, timer }) => {
         if (Object.keys(validationFailed).length)
             return false;
 
-        setInProgress(true);
-
-        // Verify if the command exists
-        const command_parts = command.split(" ");
-        cockpit.spawn(["test", "-f", command_parts[0]], { err: "ignore" })
-                .then(() => {
-                    create_timer({ name, description, command, delay, delayUnit, delayNumber, repeat, specificTime, repeatPatterns, owner })
-                            .then(Dialogs.close, exc => {
-                                setDialogError(exc.message);
-                                setInProgress(false);
-                            });
-                })
-                .catch(() => {
-                    setCommandNotFound(true);
+        create_timer({ name, description, command, delay, delayUnit, delayNumber, repeat, specificTime, repeatPatterns, owner })
+                .then(Dialogs.close, exc => {
+                    setDialogError(exc.message);
                     setInProgress(false);
                 });
 
@@ -156,14 +144,15 @@ export const TimerDialog = ({ owner, timer }) => {
                                    onChange={(_event, value) => setDescription(value)} />
                         <FormHelper fieldId="description" helperTextInvalid={submitted && validationFailed.description && _("This field cannot be empty")} />
                     </FormGroup>
-                    <FormGroup label={_("Command")}
+                    <FormGroup label={_("Shell command")}
                                fieldId="command">
                         <TextInput id='command'
                                    value={command}
                                    validated={submitted && validationFailed.command ? "error" : "default"}
-                                   onChange={(_event, str) => { setCommandNotFound(false); setCommand(str) }} />
+                                   onChange={(_event, str) => { setCommand(str) }} />
                         <FormHelper fieldId="command"
-                                    helperTextInvalid={submitted && validationFailed.command && (commandNotFound ? _("Command not found") : _("This field cannot be empty"))} />
+                                    helperText={_("This command will be executed by /bin/sh.")}
+                                    helperTextInvalid={submitted && validationFailed.command && _("This field cannot be empty")} />
                     </FormGroup>
                     <FormGroup label={_("Trigger")} hasNoPaddingTop>
                         <Flex>
@@ -379,7 +368,7 @@ export const TimerDialog = ({ owner, timer }) => {
                 <Button variant='primary'
                         id="timer-save-button"
                         isLoading={inProgress}
-                        isDisabled={inProgress || commandNotFound}
+                        isDisabled={inProgress}
                         onClick={onSubmit}>
                     {_("Save")}
                 </Button>

test/verify/check-system-services

@@ -1485,7 +1485,7 @@ class TestTimers(testlib.MachineCase):
         b.wait_visible("#timer-dialog")
         b.set_input_text("#servicename", "yearly_timer")
         b.set_input_text("#description", "Yearly timer")
-        b.set_input_text("#command", "/bin/sh -c '/bin/date >> /tmp/date'")
+        b.set_input_text("#command", "/bin/date >> /tmp/date")
         b.select_from_dropdown("#drop-repeat", "yearly")
         b.click("[data-index='0'] [aria-label='Add']")
         b.set_input_text("[data-index='0'] .pf-v6-c-date-picker:nth-child(1) input", "2036-01-01")
@@ -1502,7 +1502,7 @@ class TestTimers(testlib.MachineCase):
         b.wait_visible("#timer-dialog")
         b.set_input_text("#servicename", "monthly_timer")
         b.set_input_text("#description", "Monthly timer")
-        b.set_input_text("#command", "/bin/sh -c '/bin/date >> /tmp/date'")
+        b.set_input_text("#command", "/bin/date >> /tmp/date")
         b.click("input[value=specific-time]")
         b.select_from_dropdown("#drop-repeat", "monthly")
         b.select_from_dropdown("[data-index='0'] .month-days select", "6")
@@ -1520,7 +1520,7 @@ class TestTimers(testlib.MachineCase):
         b.wait_visible("#timer-dialog")
         b.set_input_text("#servicename", "weekly_timer")
         b.set_input_text("#description", "Weekly timer")
-        b.set_input_text("#command", "/bin/sh -c '/bin/date >> /tmp/date'")
+        b.set_input_text("#command", "/bin/date >> /tmp/date")
         b.click("input[value=specific-time]")
         b.select_from_dropdown("#drop-repeat", "weekly")
         b.wait_visible("[data-index='0'] .week-days")
@@ -1541,7 +1541,7 @@ class TestTimers(testlib.MachineCase):
         b.wait_visible("#timer-dialog")
         b.set_input_text("#servicename", "daily_timer")
         b.set_input_text("#description", "Daily timer")
-        b.set_input_text("#command", "/bin/sh -c '/bin/date >> /tmp/date'")
+        b.set_input_text("#command", "/bin/date >> /tmp/date")
         b.click("input[value=specific-time]")
         b.select_from_dropdown("#drop-repeat", "daily")
         b.click("[data-index='0'] [aria-label='Add']")
@@ -1557,7 +1557,7 @@ class TestTimers(testlib.MachineCase):
         b.wait_visible("#timer-dialog")
         b.set_input_text("#servicename", "hourly_timer")
         b.set_input_text("#description", "Hourly timer")
-        b.set_input_text("#command", "/bin/sh -c '/bin/date >> /tmp/date'")
+        b.set_input_text("#command", "/bin/date >> /tmp/date")
         b.click("input[value=specific-time]")
         b.select_from_dropdown("#drop-repeat", "hourly")
         b.click("[data-index='0'] [aria-label='Add']")
@@ -1573,7 +1573,7 @@ class TestTimers(testlib.MachineCase):
         b.wait_visible("#timer-dialog")
         b.set_input_text("#servicename", "minutely_timer")
         b.set_input_text("#description", "Minutely timer")
-        b.set_input_text("#command", "/bin/sh -c '/bin/date >> /tmp/date'")
+        b.set_input_text("#command", "/bin/date >> /tmp/date")
         b.select_from_dropdown("#drop-repeat", "minutely")
         b.click("[data-index='0'] [aria-label='Add']")
         b.set_input_text("[data-index='0'] input", "05")
@@ -1589,7 +1589,7 @@ class TestTimers(testlib.MachineCase):
         b.wait_visible("#timer-dialog")
         b.set_input_text("#servicename", "no_repeat_timer")
         b.set_input_text("#description", "No repeat timer")
-        b.set_input_text("#command", "/bin/sh -c '/bin/date >> /tmp/date'")
+        b.set_input_text("#command", "/bin/date >> /tmp/date")
         b.click("input[value=specific-time]")
         b.set_input_text(".create-timer-time-picker input", "23:59")
         b.click("#timer-save-button")
@@ -1602,7 +1602,7 @@ class TestTimers(testlib.MachineCase):
         b.wait_visible("#timer-dialog")
         b.set_input_text("#servicename", "boot_timer")
         b.set_input_text("#description", "Boot timer")
-        b.set_input_text("#command", "/bin/sh -c 'echo hello >> /tmp/hello'")
+        b.set_input_text("#command", "echo hello >> /tmp/hello")
         b.click("input[value=system-boot]")
         b.set_input_text(".delay-group input", "2")
         b.click("#timer-save-button")
@@ -1650,7 +1650,7 @@ class TestTimers(testlib.MachineCase):
         b.wait_visible("#timer-dialog")
         b.set_input_text("#servicename", "testing timer")
         m.execute("rm -f /tmp/date")
-        b.set_input_text("#command", "/bin/sh -c '/bin/date >> /tmp/date'")
+        b.set_input_text("#command", "/bin/date >> /tmp/date")
         b.click("input[value=specific-time]")
         b.set_input_text(".create-timer-time-picker input", "24:6s")
         b.click("#timer-save-button")
@@ -1660,16 +1660,13 @@ class TestTimers(testlib.MachineCase):
         b.wait_text("#description-helper", "This field cannot be empty")
         b.wait_text(".pf-v6-c-date-picker__helper-text", "Invalid time format")
 
-        # checks for command not found
+        # correct input
         b.set_input_text("#servicename", "testing")
         b.set_input_text("#description", "desc")
-        b.set_input_text("#command", "this is not found")
         b.set_input_text(".create-timer-time-picker input", "14:12")
-        b.click("#timer-save-button")
-        b.wait_text("#command-helper", "Command not found")
 
         # shows creation errors
-        b.set_input_text("#command", "/bin/sh -c '/bin/date >> /tmp/date'")
+        b.set_input_text("#command", "/bin/date >> /tmp/date")
         b.click("input[value=specific-time]")
         b.set_input_text(".create-timer-time-picker input", "23:59")
         m.execute("chattr +i /etc/systemd/system")
@@ -1814,7 +1811,7 @@ OnCalendar=weekly
         b.click("#services-page .pf-v6-c-menu__list-item:contains('Edit') button")
         self.assertEqual(b.val("#servicename"), "yearly_timer")
         self.assertEqual(b.val("#description"), "Yearly timer")
-        self.assertEqual(b.val("#command"), "/bin/sh -c '/bin/date >> /tmp/date'")
+        self.assertEqual(b.val("#command"), "/bin/date >> /tmp/date")
         for index in range(2):
             date = b.val(f"[data-index='{index}'] .pf-v6-c-date-picker:nth-child(1) input")
             time_ = b.val(f"[data-index='{index}'] .pf-v6-c-date-picker:nth-child(2) input")