Keysat
1e1e1cb568
hf-download.sh shells out to uvx (the uv installer drops it in ~/.local/bin), but the non-interactive SSH session doesn't source the user's profile, so ~/.local/bin was off PATH and downloads died with "uvx: command not found". build_download_command now prepends $HOME/.local/bin. Adds test_download.py.
36 lines
1.4 KiB
Python
36 lines
1.4 KiB
Python
"""build_download_command: the ~/.local/bin PATH fix + shell-injection quoting.
|
|
|
|
hf-download.sh on the Spark shells out to `uvx`, which the uv installer puts in
|
|
~/.local/bin — off the PATH of our non-interactive SSH session. The command must
|
|
prepend ~/.local/bin (via $HOME, expanded server-side) or the download dies with
|
|
"uvx: command not found". The repo value must also be shlex-quoted at the sink so
|
|
a crafted value can't break out of the command (validate_repo gates it upstream).
|
|
"""
|
|
import shlex
|
|
|
|
from app.download import build_download_command
|
|
|
|
|
|
def test_prepends_local_bin_to_path():
|
|
cmd = build_download_command("org/name")
|
|
assert cmd.startswith('export PATH="$HOME/.local/bin:$PATH" && ')
|
|
assert "cd ~/spark-vllm-docker" in cmd
|
|
assert "./hf-download.sh org/name" in cmd
|
|
|
|
|
|
def test_no_trailing_space_without_flags():
|
|
assert build_download_command("org/name", "").endswith("./hf-download.sh org/name")
|
|
|
|
|
|
def test_cluster_flags_appended():
|
|
cmd = build_download_command("org/name", "-c --copy-parallel")
|
|
assert cmd.endswith("./hf-download.sh org/name -c --copy-parallel")
|
|
|
|
|
|
def test_repo_is_shlex_quoted():
|
|
# Everything after the script name must shlex-split back to the exact repo,
|
|
# the same round-trip invariant build_launch_command relies on.
|
|
cmd = build_download_command("org/na;me")
|
|
after = cmd.split("./hf-download.sh ", 1)[1]
|
|
assert shlex.split(after) == ["org/na;me"]
|