On Fri, Mar 9, 2012 at 9:01 AM, Dave Reisner <d@falconindy.com> wrote:
On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
Most places in makepkg deal with full file paths, but a few use the file name only. Protect from potential issues when a file name starts with a hyphen.
How sure are we that these will always be relative paths and never ever absolute?
Signed-off-by: Allan McRae <allan@archlinux.org> --- scripts/makepkg.sh.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 384e142..8dd2d39 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -833,7 +833,7 @@ extract_sources() { esac ;; *) # See if bsdtar can recognize the file - if bsdtar -tf "$file" -q '*' &>/dev/null; then + if bsdtar -tf "./$file" -q '*' &>/dev/null; then
not necessary. "$file" is an argument to the -f flag, so we don't need to work around this:
$ bsdtar -czf --foo.tar.gz ~/.bash* $ ls -l -- --foo.tar.gz -rw-r--r-- 1 noclaf users 57856 Mar 9 08:52 --foo.tar.gz
I would definitely prefer to not have to do this, or at least use the -- option in preference to file path manipulation. However, I don't know that we could get away with that in all cases you fixed here. I do agree with Dave on the -f option though- I've never seen a tar program allow the argument for that to come anywhere except directly after the flag. -Dan