[install] Use file argument for actions, not template substitution

[jwnimmer-tri]

Towards #7331.

---

This change is 

[jwnimmer-tri]

@drake-jenkins-bot mac-big-sur-clang-bazel-experimental-release please

[jwnimmer-tri]

+@rpoyner-tri for feature review, please.

[rpoyner-tri]

Reviewed 5 of 5 files at r1, all commit messages.
Reviewable status: 3 unresolved discussions, LGTM missing from assignee rpoyner-tri(platform), needs at least two assigned reviewers (waiting on @jwnimmer-tri)

---

CMakeLists.txt, line 446 at r1 (raw file):

endif()

# N.B. If you are testing the CMake API and making changes to `install.py`,

s/install.py/installer.py/

---

tools/install/test/install_meta_test.py, line 1 at r1 (raw file):

"""Tests the behavior of targets that use `install.py`."""

s/install.py/installer.py/

---

tools/install/installer.py, line 454 at r1 (raw file):

    with open(args.actions, "r", encoding="utf-8") as f:
        actions = f.read()
    exec(actions)

I'd like to see some harm reduction here, like input validation (currently only 2 operations need be supported), or values of global or local dictionaries that would limit arbitrary execution.

[jwnimmer-tri]

Reviewable status: 3 unresolved discussions, LGTM missing from assignee rpoyner-tri(platform), needs at least two assigned reviewers (waiting on @rpoyner-tri)

---

CMakeLists.txt, line 446 at r1 (raw file):

Previously, rpoyner-tri (Rick Poyner (rico)) wrote…

s/install.py/installer.py/

Done.

---

tools/install/test/install_meta_test.py, line 1 at r1 (raw file):

Previously, rpoyner-tri (Rick Poyner (rico)) wrote…

s/install.py/installer.py/

Done.

---

tools/install/installer.py, line 454 at r1 (raw file):

Previously, rpoyner-tri (Rick Poyner (rico)) wrote…

I'd like to see some harm reduction here, like input validation (currently only 2 operations need be supported), or values of global or local dictionaries that would limit arbitrary execution.

Done via TODO. I'm on the same page as you here, but I wanted to keep the template-vs-argument change small. I agree that we should rework the actions file specification in the future.

[jwnimmer-tri]

+@ggould-tri for platform review per schedule, please.

[ggould-tri]

; one nit.

Reviewed 3 of 3 files at r2, all commit messages.
Reviewable status: 4 unresolved discussions, LGTM missing from assignee rpoyner-tri(platform) (waiting on @jwnimmer-tri and @rpoyner-tri)

---

tools/install/install.bzl, line 499 at r2 (raw file):

            "#!/bin/bash",
            "tools/install/installer --actions {} \"$@\"".format(
                actions_file.short_path,

minor: shlex.quote(actions_file.short_path) would be safer.
For extremely relative definitions of "safer".

If skylark doesn't have shlex then as a fallback quoting the {} would get most of the benefit.

[ggould-tri]

Reviewed 1 of 1 files at r3, all commit messages.
Reviewable status: 3 unresolved discussions, LGTM missing from assignee rpoyner-tri(platform) (waiting on @rpoyner-tri)

[jwnimmer-tri]

Reviewable status: 3 unresolved discussions, LGTM missing from assignee rpoyner-tri(platform) (waiting on @rpoyner-tri)

---

tools/install/install.bzl, line 499 at r2 (raw file):

Previously, ggould-tri wrote…

minor: shlex.quote(actions_file.short_path) would be safer.
For extremely relative definitions of "safer".

If skylark doesn't have shlex then as a fallback quoting the {} would get most of the benefit.

Done.

If someone puts a shell character into their bazel target name, I'll let them keep the pieces.

[rpoyner-tri]

Reviewed all commit messages.
Reviewable status: LGTM missing from assignee rpoyner-tri(platform) (waiting on @jwnimmer-tri)

[jwnimmer-tri]

@rpoyner-tri this PR still needs your emoji, when you're ready.

[rpoyner-tri]

Reviewable status: complete! all discussions resolved, LGTM from assignees rpoyner-tri(platform),ggould-tri(platform) (waiting on @jwnimmer-tri)