On 10/03/12 00:01, Dave Reisner wrote:
On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
Most places in makepkg deal with full file paths, but a few use the file name only. Protect from potential issues when a file name starts with a hyphen.
How sure are we that these will always be relative paths and never ever absolute?
I'm not sure what you are meaning there? Are you asking why I did not fix the ones I determined to use the absolute path? In all other cases the files are either prefixed $srcdir, $pkgdir, $startdir or are from get_filepath which returns a full path.
Signed-off-by: Allan McRae <allan@archlinux.org> --- scripts/makepkg.sh.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 384e142..8dd2d39 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -833,7 +833,7 @@ extract_sources() { esac ;; *) # See if bsdtar can recognize the file - if bsdtar -tf "$file" -q '*' &>/dev/null; then + if bsdtar -tf "./$file" -q '*' &>/dev/null; then
not necessary. "$file" is an argument to the -f flag, so we don't need to work around this:
$ bsdtar -czf --foo.tar.gz ~/.bash* $ ls -l -- --foo.tar.gz -rw-r--r-- 1 noclaf users 57856 Mar 9 08:52 --foo.tar.gz
Ah... good point...
cmd="bsdtar" else continue @@ -843,10 +843,10 @@ extract_sources() { local ret=0 msg2 "$(gettext "Extracting %s with %s")" "$file" "$cmd" if [[ $cmd = "bsdtar" ]]; then - $cmd -xf "$file" || ret=$? + $cmd -xf "./$file" || ret=$?
same here.
else - rm -f "${file%.*}" - $cmd -dcf "$file" > "${file%.*}" || ret=$? + rm -f -- "${file%.*}" + $cmd -dcf "./$file" > "${file%.*}" || ret=$?
same here (the rm wants it, though)
fi if (( ret )); then error "$(gettext "Failed to extract %s")" "$file" @@ -974,7 +974,7 @@ tidy_install() {
if [[ $(check_option docs) = "n" && -n ${DOC_DIRS[*]} ]]; then msg2 "$(gettext "Removing doc files...")" - rm -rf ${DOC_DIRS[@]} + rm -rf -- ${DOC_DIRS[@]}
i hate that we can't quote this.
fi
if [[ $(check_option purge) = "y" && -n ${PURGE_TARGETS[*]} ]]; then @@ -1001,7 +1001,7 @@ tidy_install() { find ${MAN_DIRS[@]} -lname "$file" 2>/dev/null | while read link ; do rm -f "$link" "${link}.gz" - ln -s "${file}.gz" "${link}.gz" + ln -s -- "${file}.gz" "${link}.gz"
No love for the rm? I admit it would be an extremely nonstandard case, but the same applies for the ln call.
Look at what is being rm'ed and what is being ln'ed. One is a full path.
done
# check file still exists (potentially already compressed due to hardlink) -- 1.7.9.3