From c13f3d30dcfa936e99fe698cd20284259469625e Mon Sep 17 00:00:00 2001
From: Solene Rapenne <solene@perso.pw>
Date: Sun, 29 Aug 2021 12:19:06 +0200
Subject: [PATCH] fix INSTALLURL detection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

reported by Alexey Proschenko
> There is unsafe use of "cat /etc/installurl" in PKG_PATH composition code
> because of man INSTALLURL(5):
> "Empty lines and lines beginning with ‘#’ in the file are ignored."

the current code was looking for the first line not starting with #
which was wrong in case the line was empty.
---
 pkgupdate | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgupdate b/pkgupdate
index 49c1f7e..53f718f 100755
--- a/pkgupdate
+++ b/pkgupdate
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-INSTALLURL=$(grep -v ^# /etc/installurl | head -n 1)
+INSTALLURL=$(awk '/^./ && ! /^#/ { print ; exit }' /etc/installurl)
 export PKG_PATH="${INSTALLURL}/$(uname -r)/packages-stable/$(machine)/"
 
 CACHE_DIR=/var/cache/pkgupdate/