They are not safe for spaces in paths. There might be other places to look for trouble.
I've run the following command to produce this commit: (on OS X, copy-and-pasting the below exactly)
find . -type f -name '*.sh' -print0 | # Find all .sh files
xargs -0 fgrep -H -- '`' | # See all places with backticks in them
fgrep 'cd `dirname $0' | # I deemed these problematic (variable assignments are safe)
cut -d ':' -f 1 | # Take the <file> from <file>:<line> produced by "grep -H"
tr '\n' '\0' | # Also here, spaces can be problematic - always do "xargs -0"!
xargs -0 -- sed -i '' 's/cd `dirname $0`/cd "`dirname "$0"`"/g'
The significance of adding the two levels of "'s can be verified by running the following in your Terminal:
$ node -e 'console.log(process.argv.splice(1))' -- `echo 1 2`
[ '1', '2' ]
$ node -e 'console.log(process.argv.splice(1))' -- "`echo 1 2`"
[ '1 2' ]
$ node -e 'console.log(process.argv.splice(1))' -- "`echo "1 2"`"
[ '1 2' ]
The previous version of openssl (1.0.1f) was vulnerable to the 'heartbleed'
attack, though Meteor did not use this version in a way that opened
it to attack. The build of openssl here is used only for mongod, not
node, and was used only as a client, not a server. But lets upgrade anyway.
The tool no longer uses it. Simplify webapp_server to do a dumb check
for a flag instead of using optimist.
ctl-helper still uses optimist; ideally it should use our parser from
main.js instead.
Also, remove a debugging "|| true" that was causing "LISTENING" to be
output even without --keepalive.
I am not actually planning to rebuild the dev bundle just to drop
optimist.
Also upgrade to 2.4.8 while we're at it.
(In the meteor/mongo repository, we've created an ssl-2.4.8 branch, and
also added a backported-from-Mongo-2.5 change to poll the repl set
config more often on startup.)
This will make it much easier to upgrade them and test new versions.
(They are still called from the bundler, so changes to how we access them (eg
source map support) will require modifying tools, but just "upgrade to new
version" now is much easier.)
- Dev_bundle generation: Compile mongodb binaries (mongo, mongod) with ssl
support, statically linking compiled openssl libs.
- meteor mongo website: parse mongo url and pass ssl flag to mongo shell in case
of "?ssl=true" in mongo url from mother/galaxy.
- added script to generate all mongodb binaries with ssl support on linux
platform.
Intentionally not choosing 0.10.2, which has a websocket proxying Node 0.10
semi-fix which I found to sometimes corrupt data (on Node 0.10). See my analysis
on https://github.com/nodejitsu/node-http-proxy/pull/402
I do not know whether or not the PR corrupts data on 0.8, but it isn't necessary
there, so I'm going to hold off on taking that change until the promised future
complete rewrite of http-proxy to use the new 0.10 streams API.
