fix: add error handling when sourcing profile scripts

[wineee]

Suppress stderr and emit a warning to stderr when sourcing /etc/profile, /etc/xprofile, /usr/local/etc/xprofile, $HOME/.profile, $HOME/.xprofile, $HOME/.xsessionrc, or $HOME/.xsession fails, preventing broken user configs from crashing the session startup.

Summary by Sourcery

Handle failures when sourcing user and system profile scripts during X session startup to avoid crashing the session.

Bug Fixes:

• Suppress stderr and emit explicit warnings when sourcing /etc/profile and user profile files fails in Xsession.
• Prevent failures in sourcing X-specific profile and session rc scripts from aborting X session startup.

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: wineee

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds defensive error handling around sourcing profile and session scripts in Xsession, suppressing stderr and printing explicit warnings instead of letting failing user configs abort session startup.

Sequence diagram for updated error handling when sourcing profile scripts

sequenceDiagram
    actor User
    participant Xsession
    participant Profile_script

    User->>Xsession: start_session
    Xsession->>Profile_script: source_/etc/profile
    alt source succeeds
        Profile_script-->>Xsession: environment_loaded
    else source fails
        Xsession->>Xsession: echo_warning
        Xsession->>Xsession: [continue startup]
    end

    Xsession->>Profile_script: source_user_xsession
    alt source succeeds
        Profile_script-->>Xsession: session_config_loaded
    else source fails
        Xsession->>Xsession: echo_warning
        Xsession->>Xsession: [continue startup]
    end

Loading

File-Level Changes

Change	Details	Files
Wrap sourcing of profile scripts with stderr suppression and explicit warning messages to avoid aborting session startup on failures.	For fish shells, wrap sourcing of /etc/profile and $HOME/.profile in blocks that redirect stderr to /dev/null and echo a warning to stderr on failure For generic shells, apply the same guarded sourcing pattern around /etc/profile and $HOME/.profile For xprofile scripts, guard sourcing of /etc/xprofile, /usr/local/etc/xprofile, and $HOME/.xprofile with stderr redirection and warnings on failure	data/scripts/Xsession
Add guarded sourcing with warnings for per-user X session rc and session scripts.	Wrap sourcing of $USERXSESSIONRC with stderr redirection and a warning emitted to stderr when sourcing fails Wrap sourcing of $USERXSESSION with stderr redirection and a warning emitted to stderr when sourcing fails	data/scripts/Xsession

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[deepin-ci-robot]

deepin pr auto review

你好！我是CodeGeeX。我已仔细审查了你提供的 git diff 输出。本次修改主要针对 X Session 和 Wayland Session 的启动脚本，核心变更为：在 source（.）各种配置文件时，增加了错误重定向（2>/dev/null）和失败时的警告输出。

以下是我从语法逻辑、代码质量、代码性能和代码安全四个维度提出的详细审查意见和改进建议：

1. 语法逻辑

• 静默错误与警告提示的逻辑冲突：
  修改后的代码模式为：. file 2>/dev/null || echo "Warning..." >&2。
  这里存在一个逻辑矛盾：2>/dev/null 会将 source 过程中的所有标准错误输出（包括语法错误、命令未找到等有用信息）全部丢弃。如果 source 失败，用户只能看到一个笼统的 "Warning: Failed to source..."，而无法得知为什么失败（比如是权限问题、语法错误还是命令不存在）。这会给用户排查配置文件问题带来极大困难。

  • 建议：不要吞没 stderr，而是让 stderr 正常输出到屏幕或日志，仅捕获退出状态码。
  • 改进代码：

    [ -f /etc/profile ] && { . /etc/profile; rc=$?; } || true
    [ "$rc" -ne 0 ] && echo "Warning: Failed to source /etc/profile (exit code: $rc)" >&2

    或者更简洁的 POSIX 兼容写法：

    if ! . /etc/profile 2>&1; then
        echo "Warning: Failed to source /etc/profile" >&2
    fi

    (注意：原代码的 [ -f file ] && . file 模式中，如果文件存在但不可读，-f 为真但 . 会报错。使用 if 或直接 . 捕获返回值更严谨)

• Fish Shell 块中的临时文件竞争条件：
  在 */fish) 分支中，mktemp 创建临时文件后，使用 $SHELL --login -c ... > $xsess_tmp 写入，然后 . $xsess_tmp 加载。
  如果 mktemp 失败（虽然极少见），$xsess_tmp 可能为空或包含非法路径，导致后续逻辑异常。此外，如果系统崩溃，rm -f $xsess_tmp 可能不会执行。

  • 建议：使用 trap 确保临时文件被清理，并验证 mktemp 的执行结果。

2. 代码质量

• 代码冗余（DRY原则）：
  修改后，{ . file 2>/dev/null || echo "Warning: Failed to source file" >&2; } 这个长字符串在 diff 中出现了 10 次以上。这严重违反了 DRY (Don't Repeat Yourself) 原则，使得代码变得臃肿，且未来如果需要修改提示格式，需要改动多处。

  • 建议：封装一个辅助函数来处理 source 逻辑。
  • 改进代码：

    # 在脚本开头定义辅助函数
    source_safe() {
        # 尝试 source 文件，如果失败则输出警告
        if ! . "$1"; then
            echo "Warning: Failed to source $1" >&2
        fi
    }
    
    # 后续调用改为：
    [ -f /etc/profile ] && source_safe /etc/profile
    [ -f $HOME/.profile ] && source_safe $HOME/.profile

    这样不仅代码更清晰，而且保留了原始的 stderr 输出，方便调试。

• 变量未加引号：
  原代码和修改后的代码中，$HOME/.profile 等路径没有加双引号。如果用户的 $HOME 路径中包含空格（如 /home/my user/），会导致语法拆分错误。

  • 建议：对所有可能包含空格的变量使用双引号包裹。
  • 改进代码：[ -f "$HOME/.profile" ] && source_safe "$HOME/.profile"

3. 代码性能

• 性能影响极小，但逻辑可优化：
  增加 || echo ... 对启动性能的影响微乎其微。但是，当前逻辑是先检查 [ -f ... ] 再执行 .。对于 Shell 内建命令 .，如果文件不存在，Shell 本身就会报错并返回非零状态。
  • 建议：如果为了代码简洁和性能极致，可以直接调用 . 并依赖其返回值，省去 [ -f ] 的磁盘 I/O 检查（虽然只多一次 stat 调用）。但在系统级脚本中，显式检查 -f 是个好习惯，可以避免 stderr 中出现 "No such file or directory" 的噪音。因此，保留 -f 检查是合理的。

4. 代码安全

• 临时文件的不安全使用：
  在 */fish) 块中，mktemp /tmp/xsess-env-XXXXXX 创建了临时文件，但随后直接使用重定向 > $xsess_tmp 覆盖写入。

  • 风险：在 mktemp 创建文件和 > $xsess_tmp 写入之间，存在极小的 TOCTOU（Time of Check to Time of Use）竞争窗口。如果攻击者在该窗口期将 $xsess_tmp 替换为指向敏感文件的符号链接，可能会导致敏感文件被清空。
  • 建议：虽然此类本地提权攻击难度较高，但在系统级脚本中仍需注意。可以使用 mktemp 的默认行为（在 $TMPDIR 或 /tmp 下创建），并确保写入时文件的权限是安全的（mktemp 默认创建 600 权限，相对安全）。更好的做法是不使用中间文件，但这受限于 Fish 和 POSIX sh 之间的环境桥接需求，目前属于无奈之举。保持现状即可，但需意识到此风险。

• 路径遍历/注入风险：
  $USERXSESSIONRC 和 $USERXSESSION 如果被恶意设置，可能会执行任意代码。这是 XSession 脚本的固有设计，本次修改没有引入新风险，但 source_safe "$USERXSESSIONRC" 必须加上双引号，防止路径中有空格或分号导致命令注入。

---

综合改进后的代码示例

结合以上分析，我为你重构了这部分代码，使其更健壮、更安全、更易维护：

#!/bin/sh

# 定义安全的 source 函数，避免代码冗余，同时保留原始错误输出
source_safe() {
    if ! . "$1"; then
        echo "Warning: Failed to source $1" >&2
    fi
}

case $SHELL in
  */bash)
    # bash 不需要 source profile，它作为 login shell 会自动处理
    ;;
  */zsh)
    # zsh 也不需要，它有自己的 ZDOTDIR 机制
    ;;
  */csh|*/tcsh)
    # ... (保持原样)
    ;;
  */fish)
    [ -f /etc/profile ] && source_safe /etc/profile
    [ -f "$HOME/.profile" ] && source_safe "$HOME/.profile"
    
    # 改进临时文件处理：使用 trap 确保清理，变量加引号
    xsess_tmp=$(mktemp) || { echo "Error: Failed to create temp file" >&2; exit 1; }
    trap 'rm -f "$xsess_tmp"' EXIT INT TERM
    
    # 注意：此处 fish 输出重定向到 $xsess_tmp 是安全的，因为文件由当前用户创建
    if ! $SHELL --login -c "/bin/sh -c 'export -p'" > "$xsess_tmp" 2>/dev/null; then
        echo "Warning: Failed to export fish environment" >&2
    else
        source_safe "$xsess_tmp"
    fi
    
    rm -f "$xsess_tmp"
    trap - EXIT INT TERM
    ;;
  *) # Plain sh, ksh, and anything we do not know.
    [ -f /etc/profile ] && source_safe /etc/profile
    [ -f "$HOME/.profile" ] && source_safe "$HOME/.profile"
    ;;
esac

[ -f /etc/xprofile ] && source_safe /etc/xprofile
[ -f /usr/local/etc/xprofile ] && source_safe /usr/local/etc/xprofile
[ -f "$HOME/.xprofile" ] && source_safe "$HOME/.xprofile"

# run all system xinitrc shell scripts.
if [ -d /etc/X11/xinit/xinitrc.d ]; then
    # ... (保持原样)
fi

[ -f "$HOME/.Xresources" ] && xrdb -merge "$HOME/.Xresources"

if [ -f "$USERXSESSIONRC" ]; then
  source_safe "$USERXSESSIONRC"
fi
if [ -f "$USERXSESSION" ]; then
  source_safe "$USERXSESSION"
fi

# ... (后续代码)

总结：
你最初的修改意图（增加容错和警告）是非常好的，但 2>/dev/null 吞没错误详情的做法不利于排查问题。建议采用上述 source_safe 函数的方式，既实现了警告功能，保留了错误详情，又大幅提升了代码的可读性和可维护性，同时修复了潜在的变量未加引号的安全隐患。

[sourcery-ai]

Hey - I've found 2 issues, and left some high level feedback:

• File paths like $HOME/.profile, $HOME/.xprofile, and /usr/local/etc/xprofile should be consistently quoted in the -f tests (e.g., [ -f "$HOME/.profile" ]) to avoid issues if any part of the path contains spaces or special characters.
• The repeated source + suppress stderr + warn pattern could be wrapped in a small helper function (e.g., safe_source <path>) to centralize the behavior and avoid duplicating the same logic in multiple places.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- File paths like `$HOME/.profile`, `$HOME/.xprofile`, and `/usr/local/etc/xprofile` should be consistently quoted in the `-f` tests (e.g., `[ -f "$HOME/.profile" ]`) to avoid issues if any part of the path contains spaces or special characters.
- The repeated `source + suppress stderr + warn` pattern could be wrapped in a small helper function (e.g., `safe_source <path>`) to centralize the behavior and avoid duplicating the same logic in multiple places.

## Individual Comments

### Comment 1
<location path="data/scripts/Xsession" line_range="29" />
<code_context>
   */fish)
-    [ -f /etc/profile ] && . /etc/profile
-    [ -f $HOME/.profile ] && . $HOME/.profile
+    [ -f /etc/profile ] && { . /etc/profile 2>/dev/null || echo "Warning: Failed to source /etc/profile" >&2; }
+    [ -f $HOME/.profile ] && { . $HOME/.profile 2>/dev/null || echo "Warning: Failed to source $HOME/.profile" >&2; }
     xsess_tmp=`mktemp /tmp/xsess-env-XXXXXX`
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Quoting file paths would make these conditionals more robust

Since these lines are already being changed, please quote the paths in the `-f` tests and when sourcing, to avoid issues if any path ever contains whitespace or glob characters. For example:

```sh
[ -f "/etc/profile" ] && { . "/etc/profile" 2>/dev/null || echo "Warning: Failed to source /etc/profile" >&2; }
[ -f "$HOME/.profile" ] && { . "$HOME/.profile" 2>/dev/null || echo "Warning: Failed to source $HOME/.profile" >&2; }
```
The same adjustment applies to the other similar conditionals in this file.

Suggested implementation:

```
  */fish)
    [ -f "/etc/profile" ] && { . "/etc/profile" 2>/dev/null || echo "Warning: Failed to source /etc/profile" >&2; }
    [ -f "$HOME/.profile" ] && { . "$HOME/.profile" 2>/dev/null || echo "Warning: Failed to source $HOME/.profile" >&2; }
    xsess_tmp=`mktemp /tmp/xsess-env-XXXXXX`
    $SHELL --login -c "/bin/sh -c 'export -p' > $xsess_tmp"
    . $xsess_tmp
    rm -f $xsess_tmp
    ;;
  *) # Plain sh, ksh, and anything we do not know.
    [ -f "/etc/profile" ] && { . "/etc/profile" 2>/dev/null || echo "Warning: Failed to source /etc/profile" >&2; }
    [ -f "$HOME/.profile" ] && { . "$HOME/.profile" 2>/dev/null || echo "Warning: Failed to source $HOME/.profile" >&2; }
    ;;

```

Search the rest of `data/scripts/Xsession` for other `[ -f ... ] && . ...` patterns (e.g. for other shells or configuration files) and apply the same quoting convention: quote the path in the `-f` test and in the `.` (source) command, e.g. `[ -f "/path" ] && . "/path"`.
</issue_to_address>

### Comment 2
<location path="data/scripts/Xsession" line_range="84-87" />
<code_context>

 if [ -f "$USERXSESSIONRC" ]; then
-  . "$USERXSESSIONRC"
+  { . "$USERXSESSIONRC" 2>/dev/null || echo "Warning: Failed to source $USERXSESSIONRC" >&2; }
 fi
 if [ -f "$USERXSESSION" ]; then
-  . "$USERXSESSION"
+  { . "$USERXSESSION" 2>/dev/null || echo "Warning: Failed to source $USERXSESSION" >&2; }
 fi

</code_context>
<issue_to_address>
**question (bug_risk):** Treating any non-zero exit from user session scripts as a failure may be too strict

Previously, these scripts’ exit codes were simply propagated. With the new `|| echo` wrapper, any non-zero exit (including intentional early `return/exit` used by users) now emits a warning, which may introduce noisy logs or surprise users who rely on non-zero exits for control flow. Consider limiting warnings to specific failure modes (e.g., file-not-found, permission denied) or clarifying in documentation that user session scripts should exit 0 for expected early termination.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion (bug_risk): Quoting file paths would make these conditionals more robust

Since these lines are already being changed, please quote the paths in the -f tests and when sourcing, to avoid issues if any path ever contains whitespace or glob characters. For example:

[ -f "/etc/profile" ] && { . "/etc/profile" 2>/dev/null || echo "Warning: Failed to source /etc/profile" >&2; }
[ -f "$HOME/.profile" ] && { . "$HOME/.profile" 2>/dev/null || echo "Warning: Failed to source $HOME/.profile" >&2; }

The same adjustment applies to the other similar conditionals in this file.

Suggested implementation:

  */fish)
    [ -f "/etc/profile" ] && { . "/etc/profile" 2>/dev/null || echo "Warning: Failed to source /etc/profile" >&2; }
    [ -f "$HOME/.profile" ] && { . "$HOME/.profile" 2>/dev/null || echo "Warning: Failed to source $HOME/.profile" >&2; }
    xsess_tmp=`mktemp /tmp/xsess-env-XXXXXX`
    $SHELL --login -c "/bin/sh -c 'export -p' > $xsess_tmp"
    . $xsess_tmp
    rm -f $xsess_tmp
    ;;
  *) # Plain sh, ksh, and anything we do not know.
    [ -f "/etc/profile" ] && { . "/etc/profile" 2>/dev/null || echo "Warning: Failed to source /etc/profile" >&2; }
    [ -f "$HOME/.profile" ] && { . "$HOME/.profile" 2>/dev/null || echo "Warning: Failed to source $HOME/.profile" >&2; }
    ;;

Search the rest of data/scripts/Xsession for other [ -f ... ] && . ... patterns (e.g. for other shells or configuration files) and apply the same quoting convention: quote the path in the -f test and in the . (source) command, e.g. [ -f "/path" ] && . "/path".

[sourcery-ai]

question (bug_risk): Treating any non-zero exit from user session scripts as a failure may be too strict

Previously, these scripts’ exit codes were simply propagated. With the new || echo wrapper, any non-zero exit (including intentional early return/exit used by users) now emits a warning, which may introduce noisy logs or surprise users who rely on non-zero exits for control flow. Consider limiting warnings to specific failure modes (e.g., file-not-found, permission denied) or clarifying in documentation that user session scripts should exit 0 for expected early termination.

[Copilot]

Pull request overview

This PR updates the session startup scripts to make sourcing of system/user profile files non-fatal by suppressing stderr and emitting a warning when sourcing “fails”, so that broken user configs don’t disrupt session startup.

Changes:

• Wrap sourcing of /etc/profile and $HOME/.profile in both data/scripts/Xsession and data/scripts/wayland-session to silence stderr and print a warning on failure.
• Wrap sourcing of X-specific profile/session scripts in data/scripts/Xsession (e.g., /etc/xprofile, $HOME/.xprofile, $HOME/.xsessionrc, $HOME/.xsession) with the same warning behavior.

中文概述

此 PR 修改会话启动脚本，使 source 系统/用户 profile 文件在失败时不再影响会话启动：通过抑制 stderr，并在检测到“失败”时向 stderr 输出告警，从而避免用户配置问题干扰会话启动流程。

变更：

• 在 data/scripts/Xsession 与 data/scripts/wayland-session 中为 /etc/profile 与 $HOME/.profile 的 source 增加 stderr 抑制与失败告警。
• 在 data/scripts/Xsession 中为 X 相关 profile/会话脚本（如 /etc/xprofile、$HOME/.xprofile、$HOME/.xsessionrc、$HOME/.xsession）增加同样的容错告警逻辑。

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.

File	Description
data/scripts/Xsession	Add guarded sourcing + stderr suppression + warning messages for multiple profile/session scripts / 为多个 profile/会话脚本增加容错 source 与告警
data/scripts/wayland-session	Add guarded sourcing + stderr suppression + warning messages for /etc/profile and $HOME/.profile / 为 /etc/profile 与 $HOME/.profile 增加容错 source 与告警