GitHub Action: POSIX "command" command unavailable in ubuntu-latest?

I have a workflow action implemented in Clojure (i.e. running on the JVM) that, as part of its processing, forks a command -v [something] command to check whether a given binary executable is available or not. However the result is ENOENT (errno 2 - file not found). The runs-on is ubuntu-latest.

You can see an example of this in this build output.

I also tried fully qualifying it with /usr/bin/command, but that failed with much the same error.

I have a hard time believing this is a limitation of the GitHub Action ubuntu environment, given that command is a basic element of POSIX, but I’m stumped as to what I’ve done wrong to make it unavailable. Any ideas or suggestions?

command is a built-in function of the POSIX shell, so there is no binary. You can call a shell to run your command:

sh -c "command -v [something]"

Warning: If the “something” is user-provided or from another untrusted source that would be vulnerable to shell injection. :warning:

Not necessarily. There’s a /usr/bin/command binary on many POSIX systems (most BSD derivatives, for example, as well as Solaris). Shame Linux doesn’t follow suit… Anyhoo, thanks for the tip.

And yes, [something] is a hardcoded string literal that is not constructed in whole or part from user input or data from the environment.

1 Like