FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 03-09-2012, 01:01 PM
Dave Reisner
 
Default makepkg: prevent issues with files starting with a hyphen

On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
> Most places in makepkg deal with full file paths, but a few use the
> file name only. Protect from potential issues when a file name
> starts with a hyphen.

How sure are we that these will always be relative paths and never ever
absolute?

> Signed-off-by: Allan McRae <allan@archlinux.org>
> ---
> scripts/makepkg.sh.in | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index 384e142..8dd2d39 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -833,7 +833,7 @@ extract_sources() {
> esac ;;
> *)
> # See if bsdtar can recognize the file
> - if bsdtar -tf "$file" -q '*' &>/dev/null; then
> + if bsdtar -tf "./$file" -q '*' &>/dev/null; then

not necessary. "$file" is an argument to the -f flag, so we don't need
to work around this:

$ bsdtar -czf --foo.tar.gz ~/.bash*
$ ls -l -- --foo.tar.gz
-rw-r--r-- 1 noclaf users 57856 Mar 9 08:52 --foo.tar.gz

> cmd="bsdtar"
> else
> continue
> @@ -843,10 +843,10 @@ extract_sources() {
> local ret=0
> msg2 "$(gettext "Extracting %s with %s")" "$file" "$cmd"
> if [[ $cmd = "bsdtar" ]]; then
> - $cmd -xf "$file" || ret=$?
> + $cmd -xf "./$file" || ret=$?

same here.

> else
> - rm -f "${file%.*}"
> - $cmd -dcf "$file" > "${file%.*}" || ret=$?
> + rm -f -- "${file%.*}"
> + $cmd -dcf "./$file" > "${file%.*}" || ret=$?

same here (the rm wants it, though)

> fi
> if (( ret )); then
> error "$(gettext "Failed to extract %s")" "$file"
> @@ -974,7 +974,7 @@ tidy_install() {
>
> if [[ $(check_option docs) = "n" && -n ${DOC_DIRS[*]} ]]; then
> msg2 "$(gettext "Removing doc files...")"
> - rm -rf ${DOC_DIRS[@]}
> + rm -rf -- ${DOC_DIRS[@]}

i hate that we can't quote this.

> fi
>
> if [[ $(check_option purge) = "y" && -n ${PURGE_TARGETS[*]} ]]; then
> @@ -1001,7 +1001,7 @@ tidy_install() {
> find ${MAN_DIRS[@]} -lname "$file" 2>/dev/null |
> while read link ; do
> rm -f "$link" "${link}.gz"
> - ln -s "${file}.gz" "${link}.gz"
> + ln -s -- "${file}.gz" "${link}.gz"

No love for the rm? I admit it would be an extremely nonstandard case,
but the same applies for the ln call.

> done
>
> # check file still exists (potentially already compressed due to hardlink)
> --
> 1.7.9.3
>
>
 
Old 03-09-2012, 10:32 PM
Allan McRae
 
Default makepkg: prevent issues with files starting with a hyphen

On 10/03/12 00:01, Dave Reisner wrote:
> On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
>> Most places in makepkg deal with full file paths, but a few use the
>> file name only. Protect from potential issues when a file name
>> starts with a hyphen.
>
> How sure are we that these will always be relative paths and never ever
> absolute?

I'm not sure what you are meaning there? Are you asking why I did not
fix the ones I determined to use the absolute path? In all other cases
the files are either prefixed $srcdir, $pkgdir, $startdir or are from
get_filepath which returns a full path.


>> Signed-off-by: Allan McRae <allan@archlinux.org>
>> ---
>> scripts/makepkg.sh.in | 12 ++++++------
>> 1 file changed, 6 insertions(+), 6 deletions(-)
>>
>> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
>> index 384e142..8dd2d39 100644
>> --- a/scripts/makepkg.sh.in
>> +++ b/scripts/makepkg.sh.in
>> @@ -833,7 +833,7 @@ extract_sources() {
>> esac ;;
>> *)
>> # See if bsdtar can recognize the file
>> - if bsdtar -tf "$file" -q '*' &>/dev/null; then
>> + if bsdtar -tf "./$file" -q '*' &>/dev/null; then
>
> not necessary. "$file" is an argument to the -f flag, so we don't need
> to work around this:
>
> $ bsdtar -czf --foo.tar.gz ~/.bash*
> $ ls -l -- --foo.tar.gz
> -rw-r--r-- 1 noclaf users 57856 Mar 9 08:52 --foo.tar.gz

Ah... good point...

>> cmd="bsdtar"
>> else
>> continue
>> @@ -843,10 +843,10 @@ extract_sources() {
>> local ret=0
>> msg2 "$(gettext "Extracting %s with %s")" "$file" "$cmd"
>> if [[ $cmd = "bsdtar" ]]; then
>> - $cmd -xf "$file" || ret=$?
>> + $cmd -xf "./$file" || ret=$?
>
> same here.
>
>> else
>> - rm -f "${file%.*}"
>> - $cmd -dcf "$file" > "${file%.*}" || ret=$?
>> + rm -f -- "${file%.*}"
>> + $cmd -dcf "./$file" > "${file%.*}" || ret=$?
>
> same here (the rm wants it, though)
>
>> fi
>> if (( ret )); then
>> error "$(gettext "Failed to extract %s")" "$file"
>> @@ -974,7 +974,7 @@ tidy_install() {
>>
>> if [[ $(check_option docs) = "n" && -n ${DOC_DIRS[*]} ]]; then
>> msg2 "$(gettext "Removing doc files...")"
>> - rm -rf ${DOC_DIRS[@]}
>> + rm -rf -- ${DOC_DIRS[@]}
>
> i hate that we can't quote this.
>
>> fi
>>
>> if [[ $(check_option purge) = "y" && -n ${PURGE_TARGETS[*]} ]]; then
>> @@ -1001,7 +1001,7 @@ tidy_install() {
>> find ${MAN_DIRS[@]} -lname "$file" 2>/dev/null |
>> while read link ; do
>> rm -f "$link" "${link}.gz"
>> - ln -s "${file}.gz" "${link}.gz"
>> + ln -s -- "${file}.gz" "${link}.gz"
>
> No love for the rm? I admit it would be an extremely nonstandard case,
> but the same applies for the ln call.

Look at what is being rm'ed and what is being ln'ed. One is a full path.

>> done
>>
>> # check file still exists (potentially already compressed due to hardlink)
>> --
>> 1.7.9.3
>>
>>
>
>
>
 
Old 03-12-2012, 02:24 PM
Dan McGee
 
Default makepkg: prevent issues with files starting with a hyphen

On Fri, Mar 9, 2012 at 9:01 AM, Dave Reisner <d@falconindy.com> wrote:
> On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
>> Most places in makepkg deal with full file paths, but a few use the
>> file name only. *Protect from potential issues when a file name
>> starts with a hyphen.
>
> How sure are we that these will always be relative paths and never ever
> absolute?
>
>> Signed-off-by: Allan McRae <allan@archlinux.org>
>> ---
>> *scripts/makepkg.sh.in | * 12 ++++++------
>> *1 file changed, 6 insertions(+), 6 deletions(-)
>>
>> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
>> index 384e142..8dd2d39 100644
>> --- a/scripts/makepkg.sh.in
>> +++ b/scripts/makepkg.sh.in
>> @@ -833,7 +833,7 @@ extract_sources() {
>> * * * * * * * * * * * * * * * esac ;;
>> * * * * * * * * * * * *)
>> * * * * * * * * * * * * * * * # See if bsdtar can recognize the file
>> - * * * * * * * * * * * * * * if bsdtar -tf "$file" -q '*' &>/dev/null; then
>> + * * * * * * * * * * * * * * if bsdtar -tf "./$file" -q '*' &>/dev/null; then
>
> not necessary. "$file" is an argument to the -f flag, so we don't need
> to work around this:
>
> *$ bsdtar -czf --foo.tar.gz ~/.bash*
> *$ ls -l -- --foo.tar.gz
> *-rw-r--r-- *1 noclaf users * 57856 Mar *9 08:52 --foo.tar.gz

I would definitely prefer to not have to do this, or at least use the
-- option in preference to file path manipulation. However, I don't
know that we could get away with that in all cases you fixed here. I
do agree with Dave on the -f option though- I've never seen a tar
program allow the argument for that to come anywhere except directly
after the flag.

-Dan
 
Old 03-12-2012, 02:40 PM
Thomas Bächler
 
Default makepkg: prevent issues with files starting with a hyphen

Am 09.03.2012 15:01, schrieb Dave Reisner:
>> @@ -974,7 +974,7 @@ tidy_install() {
>>
>> if [[ $(check_option docs) = "n" && -n ${DOC_DIRS[*]} ]]; then
>> msg2 "$(gettext "Removing doc files...")"
>> - rm -rf ${DOC_DIRS[@]}
>> + rm -rf -- ${DOC_DIRS[@]}
>
> i hate that we can't quote this.

We can't? Why?
 
Old 03-12-2012, 02:55 PM
Dave Reisner
 
Default makepkg: prevent issues with files starting with a hyphen

On Mon, Mar 12, 2012 at 04:40:38PM +0100, Thomas Bächler wrote:
> Am 09.03.2012 15:01, schrieb Dave Reisner:
> >> @@ -974,7 +974,7 @@ tidy_install() {
> >>
> >> if [[ $(check_option docs) = "n" && -n ${DOC_DIRS[*]} ]]; then
> >> msg2 "$(gettext "Removing doc files...")"
> >> - rm -rf ${DOC_DIRS[@]}
> >> + rm -rf -- ${DOC_DIRS[@]}
> >
> > i hate that we can't quote this.
>
> We can't? Why?
>

Check out /etc/makepkg.conf. We put globs in DOC_DIRS, and we want them
to expand when they're passed to find. It's "luck" that they don't
expand. You could definitely break this if you created the right file
hierarchy in the build directory, forcing the glob to expand at the time
when /etc/makepkg.conf is sourced.

d
 
Old 03-12-2012, 03:13 PM
Allan McRae
 
Default makepkg: prevent issues with files starting with a hyphen

On 13/03/12 01:24, Dan McGee wrote:
> On Fri, Mar 9, 2012 at 9:01 AM, Dave Reisner <d@falconindy.com> wrote:
>> On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
>>> Most places in makepkg deal with full file paths, but a few use the
>>> file name only. Protect from potential issues when a file name
>>> starts with a hyphen.
>>
>> How sure are we that these will always be relative paths and never ever
>> absolute?
>>
>>> Signed-off-by: Allan McRae <allan@archlinux.org>
>>> ---
>>> scripts/makepkg.sh.in | 12 ++++++------
>>> 1 file changed, 6 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
>>> index 384e142..8dd2d39 100644
>>> --- a/scripts/makepkg.sh.in
>>> +++ b/scripts/makepkg.sh.in
>>> @@ -833,7 +833,7 @@ extract_sources() {
>>> esac ;;
>>> *)
>>> # See if bsdtar can recognize the file
>>> - if bsdtar -tf "$file" -q '*' &>/dev/null; then
>>> + if bsdtar -tf "./$file" -q '*' &>/dev/null; then
>>
>> not necessary. "$file" is an argument to the -f flag, so we don't need
>> to work around this:
>>
>> $ bsdtar -czf --foo.tar.gz ~/.bash*
>> $ ls -l -- --foo.tar.gz
>> -rw-r--r-- 1 noclaf users 57856 Mar 9 08:52 --foo.tar.gz
>
> I would definitely prefer to not have to do this, or at least use the
> -- option in preference to file path manipulation. However, I don't
> know that we could get away with that in all cases you fixed here. I
> do agree with Dave on the -f option though- I've never seen a tar
> program allow the argument for that to come anywhere except directly
> after the flag.

Note that the "--" option is not possible there. Or at least I could
not get the -q '*' bit working if given earlier in the command.

Anyway, the ./ prefixing is killed in my working branch.

Allan
 

Thread Tools




All times are GMT. The time now is 10:53 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org