[pacman-dev] [PATCH] libmakepkg: add lint_config to validate SRCEXT/PKGEXT

newer
[pacman-dev] [PATCH 1/2] makepkg:...

Eli Schwartz

22 May 2019 22 May '19

12:13 a.m.

These variables must begin with .src.tar / .pkg.tar respectively, so fail early if those expectations are not matched. This prevents makepkg from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64" which are actually uncompressed tarballs. Signed-off-by: Eli Schwartz --- scripts/Makefile.am | 1 + scripts/libmakepkg/lint_config/ext.sh.in | 45 ++++++++++++++++++++++ scripts/libmakepkg/lint_config/meson.build | 1 + 3 files changed, 47 insertions(+) create mode 100644 scripts/libmakepkg/lint_config/ext.sh.in diff --git a/scripts/Makefile.am b/scripts/Makefile.am index 00e0c038..0597a0e5 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -72,6 +72,7 @@ LIBMAKEPKG_IN = \ libmakepkg/integrity/verify_checksum.sh \ libmakepkg/integrity/verify_signature.sh \ libmakepkg/lint_config.sh \ + libmakepkg/lint_config/ext.sh \ libmakepkg/lint_config/paths.sh \ libmakepkg/lint_config/source_date_epoch.sh \ libmakepkg/lint_config/variable.sh \ diff --git a/scripts/libmakepkg/lint_config/ext.sh.in b/scripts/libmakepkg/lint_config/ext.sh.in new file mode 100644 index 00000000..20aaf6ab --- /dev/null +++ b/scripts/libmakepkg/lint_config/ext.sh.in @@ -0,0 +1,45 @@ +#!/bin/bash +# +# ext.sh - Check that source/package extensions have valid prefixes +# +# Copyright (c) 2019 Pacman Development Team +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +[[ -n "$LIBMAKEPKG_LINT_CONFIG_EXT_SH" ]] && return +LIBMAKEPKG_LINT_CONFIG_EXT_SH=1 + +LIBRARY=${LIBRARY:-'@libmakepkgdir@'} + +source "$LIBRARY/util/message.sh" + +lint_config_functions+=('lint_ext') + + +lint_ext() { + local i var val ret=0 + + for i in 'SRCEXT/.src.tar' 'PKGEXT/.pkg.tar'; do + IFS='/' read -r var val < <(printf '%s\n' "$i") + + if [[ ${!var} != ${val}* ]]; then + error "$(gettext "%s does not contain a valid prefix (needs '%s', got '%s')")" \ + "\$${var}" "${val}*" "${!var}" + ret=1 + fi + done + + return $ret +} diff --git a/scripts/libmakepkg/lint_config/meson.build b/scripts/libmakepkg/lint_config/meson.build index 144705f9..2262ad45 100644 --- a/scripts/libmakepkg/lint_config/meson.build +++ b/scripts/libmakepkg/lint_config/meson.build @@ -1,6 +1,7 @@ libmakepkg_module = 'lint_config' sources = [ + 'ext.sh.in', 'paths.sh.in', 'source_date_epoch.sh.in', 'variable.sh.in', -- 2.21.0

Show replies by date

Eli Schwartz

22 May 22 May

12:41 a.m.

New subject: [pacman-dev] [PATCH 2/2] doc: update SRCEXT/PKGEXT to reduce needlessly scary warnings

Currently this tells people that the settings should not be touched, but we should just rely on the description of what it should be set to, and leave it up to the user. Also, the previous patch allows makepkg to abort if an invalid value is set, greatly reducing the danger of it being badly configured anyway. Also make this clearer by indicating when it would be useful to change the settings -- i.e. disable compression -- and ensure their described defaults are based on the ones established during ./configure or meson setup. Reported-by: Jouke Witteveen Signed-off-by: Eli Schwartz --- doc/Makefile.am | 2 ++ doc/makepkg.conf.5.asciidoc | 9 +++++---- doc/meson.build | 2 ++ 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/doc/Makefile.am b/doc/Makefile.am index 3c4a329f..5c575832 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -108,6 +108,8 @@ ASCIIDOC_OPTS = \ -f $(srcdir)/asciidoc.conf \ -a pacman_version="$(REAL_PACKAGE_VERSION)" \ -a pacman_date="`date +%Y-%m-%d`" \ + -a srcext="$(SRCEXT)" \ + -a pkgext="$(PKGEXT)" \ -a pkgdatadir=$(pkgdatadir) \ -a localstatedir=$(localstatedir) \ -a sysconfdir=$(sysconfdir) \ diff --git a/doc/makepkg.conf.5.asciidoc b/doc/makepkg.conf.5.asciidoc index 34810f51..9292b2a6 100644 --- a/doc/makepkg.conf.5.asciidoc +++ b/doc/makepkg.conf.5.asciidoc @@ -258,11 +258,12 @@ Options Sets the command and options used when compressing compiled or source packages in the named format. -**PKGEXT=**".pkg.tar.gz", **SRCEXT=**".src.tar.gz":: +**PKGEXT=**"{pkgext}", **SRCEXT=**"{srcext}":: Sets the compression used when making compiled or source packages. - Valid suffixes are `.tar`, `.tar.gz`, `.tar.bz2`, `.tar.xz`, `.tar.zst`, - `.tar.lzo`, `.tar.lrz`, `.tar.lz4`, `.tar.lz` and `.tar.Z`. - Do not touch these unless you know what you are doing. + Valid suffixes are `.tar.gz`, `.tar.bz2`, `.tar.xz`, `.tar.zst`, + `.tar.lzo`, `.tar.lrz`, `.tar.lz4`, `.tar.lz` and `.tar.Z`, or + simply `.tar` to disable compression entirely. + See Also diff --git a/doc/meson.build b/doc/meson.build index 85b95c80..6e74377d 100644 --- a/doc/meson.build +++ b/doc/meson.build @@ -27,6 +27,8 @@ asciidoc_opts = [ '-f', asciidoc_conf, '-a', 'pacman_version="@0@"'.format(PACKAGE_VERSION), '-a', 'pacman_date=@0@'.format(run_command('date', '+%Y-%m-%d').stdout().strip()), + '-a', 'srcext=@0@'.format(get_option('src-ext')), + '-a', 'pkgext=@0@'.format(get_option('pkg-ext')), '-a', 'pkgdatadir=@0@'.format(PKGDATADIR), '-a', 'localstatedir=@0@'.format(LOCALSTATEDIR), '-a', 'sysconfdir=@0@'.format(SYSCONFDIR), -- 2.21.0

Eli Schwartz

1:05 a.m.

On 5/21/19 6:13 PM, Eli Schwartz wrote:

...

These variables must begin with .src.tar / .pkg.tar respectively, so fail early if those expectations are not matched. This prevents makepkg from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64" which are actually uncompressed tarballs.

Do we want to just check that it is non-null and matches *.tar*, and allow people to potentially name things whatever they want?

...

scripts/Makefile.am | 1 + scripts/libmakepkg/lint_config/ext.sh.in | 45 ++++++++++++++++++++++ scripts/libmakepkg/lint_config/meson.build | 1 + 3 files changed, 47 insertions(+) create mode 100644 scripts/libmakepkg/lint_config/ext.sh.in

diff --git a/scripts/Makefile.am b/scripts/Makefile.am index 00e0c038..0597a0e5 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -72,6 +72,7 @@ LIBMAKEPKG_IN = \ libmakepkg/integrity/verify_checksum.sh \ libmakepkg/integrity/verify_signature.sh \ libmakepkg/lint_config.sh \ + libmakepkg/lint_config/ext.sh \ libmakepkg/lint_config/paths.sh \ libmakepkg/lint_config/source_date_epoch.sh \ libmakepkg/lint_config/variable.sh \ diff --git a/scripts/libmakepkg/lint_config/ext.sh.in b/scripts/libmakepkg/lint_config/ext.sh.in new file mode 100644 index 00000000..20aaf6ab --- /dev/null +++ b/scripts/libmakepkg/lint_config/ext.sh.in @@ -0,0 +1,45 @@ +#!/bin/bash +# +# ext.sh - Check that source/package extensions have valid prefixes +# +# Copyright (c) 2019 Pacman Development Team +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +[[ -n "$LIBMAKEPKG_LINT_CONFIG_EXT_SH" ]] && return +LIBMAKEPKG_LINT_CONFIG_EXT_SH=1 + +LIBRARY=${LIBRARY:-'@libmakepkgdir@'} + +source "$LIBRARY/util/message.sh" + +lint_config_functions+=('lint_ext') + + +lint_ext() { + local i var val ret=0 + + for i in 'SRCEXT/.src.tar' 'PKGEXT/.pkg.tar'; do + IFS='/' read -r var val < <(printf '%s\n' "$i") + + if [[ ${!var} != ${val}* ]]; then + error "$(gettext "%s does not contain a valid prefix (needs '%s', got '%s')")" \ + "\$${var}" "${val}*" "${!var}"

Time to get to the main part of any patch -- bikeshedding message strings!

...

+ ret=1 + fi + done + + return $ret +} diff --git a/scripts/libmakepkg/lint_config/meson.build b/scripts/libmakepkg/lint_config/meson.build index 144705f9..2262ad45 100644 --- a/scripts/libmakepkg/lint_config/meson.build +++ b/scripts/libmakepkg/lint_config/meson.build @@ -1,6 +1,7 @@ libmakepkg_module = 'lint_config'

sources = [ + 'ext.sh.in', 'paths.sh.in', 'source_date_epoch.sh.in', 'variable.sh.in',

-- Eli Schwartz Bug Wrangler and Trusted User

Eli Schwartz

4:39 p.m.

New subject: [pacman-dev] [PATCH v2 1/2] libmakepkg: add lint_config to validate SRCEXT/PKGEXT

These variables must begin with .src.tar / .pkg.tar respectively, so fail early if those expectations are not matched. This prevents makepkg from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64" which are actually uncompressed tarballs. Signed-off-by: Eli Schwartz --- v2: tweaked the error message a bit scripts/Makefile.am | 1 + scripts/libmakepkg/lint_config/ext.sh.in | 45 ++++++++++++++++++++++ scripts/libmakepkg/lint_config/meson.build | 1 + 3 files changed, 47 insertions(+) create mode 100644 scripts/libmakepkg/lint_config/ext.sh.in diff --git a/scripts/Makefile.am b/scripts/Makefile.am index 00e0c038..0597a0e5 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -72,6 +72,7 @@ LIBMAKEPKG_IN = \ libmakepkg/integrity/verify_checksum.sh \ libmakepkg/integrity/verify_signature.sh \ libmakepkg/lint_config.sh \ + libmakepkg/lint_config/ext.sh \ libmakepkg/lint_config/paths.sh \ libmakepkg/lint_config/source_date_epoch.sh \ libmakepkg/lint_config/variable.sh \ diff --git a/scripts/libmakepkg/lint_config/ext.sh.in b/scripts/libmakepkg/lint_config/ext.sh.in new file mode 100644 index 00000000..8f830ef9 --- /dev/null +++ b/scripts/libmakepkg/lint_config/ext.sh.in @@ -0,0 +1,45 @@ +#!/bin/bash +# +# ext.sh - Check that source/package extensions have valid prefixes +# +# Copyright (c) 2019 Pacman Development Team +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +[[ -n "$LIBMAKEPKG_LINT_CONFIG_EXT_SH" ]] && return +LIBMAKEPKG_LINT_CONFIG_EXT_SH=1 + +LIBRARY=${LIBRARY:-'@libmakepkgdir@'} + +source "$LIBRARY/util/message.sh" + +lint_config_functions+=('lint_ext') + + +lint_ext() { + local i var val ret=0 + + for i in 'SRCEXT/.src.tar' 'PKGEXT/.pkg.tar'; do + IFS='/' read -r var val < <(printf '%s\n' "$i") + + if [[ ${!var} != ${val}* ]]; then + error "$(gettext "%s does not contain a valid package suffix (needs '%s', got '%s')")" \ + "\$${var}" "${val}*" "${!var}" + ret=1 + fi + done + + return $ret +} diff --git a/scripts/libmakepkg/lint_config/meson.build b/scripts/libmakepkg/lint_config/meson.build index 144705f9..2262ad45 100644 --- a/scripts/libmakepkg/lint_config/meson.build +++ b/scripts/libmakepkg/lint_config/meson.build @@ -1,6 +1,7 @@ libmakepkg_module = 'lint_config' sources = [ + 'ext.sh.in', 'paths.sh.in', 'source_date_epoch.sh.in', 'variable.sh.in', -- 2.21.0

Eli Schwartz

4:39 p.m.

New subject: [pacman-dev] [PATCH v2 2/2] doc: update SRCEXT/PKGEXT to reduce needlessly scary warnings

Currently this tells people that the settings should not be touched, but we should just rely on the description of what it should be set to, and leave it up to the user. Also, the previous patch allows makepkg to abort if an invalid value is set, greatly reducing the danger of it being badly configured anyway. Also make this clearer by indicating when it would be useful to change the settings -- i.e. disable compression -- and ensure their described defaults are based on the ones established during ./configure or meson setup. Reported-by: Jouke Witteveen Signed-off-by: Eli Schwartz --- v2: also remove warning from makepkg.conf.in doc/Makefile.am | 2 ++ doc/makepkg.conf.5.asciidoc | 9 +++++---- doc/meson.build | 2 ++ etc/makepkg.conf.in | 3 --- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/doc/Makefile.am b/doc/Makefile.am index 3c4a329f..5c575832 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -108,6 +108,8 @@ ASCIIDOC_OPTS = \ -f $(srcdir)/asciidoc.conf \ -a pacman_version="$(REAL_PACKAGE_VERSION)" \ -a pacman_date="`date +%Y-%m-%d`" \ + -a srcext="$(SRCEXT)" \ + -a pkgext="$(PKGEXT)" \ -a pkgdatadir=$(pkgdatadir) \ -a localstatedir=$(localstatedir) \ -a sysconfdir=$(sysconfdir) \ diff --git a/doc/makepkg.conf.5.asciidoc b/doc/makepkg.conf.5.asciidoc index 34810f51..9292b2a6 100644 --- a/doc/makepkg.conf.5.asciidoc +++ b/doc/makepkg.conf.5.asciidoc @@ -258,11 +258,12 @@ Options Sets the command and options used when compressing compiled or source packages in the named format. -**PKGEXT=**".pkg.tar.gz", **SRCEXT=**".src.tar.gz":: +**PKGEXT=**"{pkgext}", **SRCEXT=**"{srcext}":: Sets the compression used when making compiled or source packages. - Valid suffixes are `.tar`, `.tar.gz`, `.tar.bz2`, `.tar.xz`, `.tar.zst`, - `.tar.lzo`, `.tar.lrz`, `.tar.lz4`, `.tar.lz` and `.tar.Z`. - Do not touch these unless you know what you are doing. + Valid suffixes are `.tar.gz`, `.tar.bz2`, `.tar.xz`, `.tar.zst`, + `.tar.lzo`, `.tar.lrz`, `.tar.lz4`, `.tar.lz` and `.tar.Z`, or + simply `.tar` to disable compression entirely. + See Also diff --git a/doc/meson.build b/doc/meson.build index 85b95c80..6e74377d 100644 --- a/doc/meson.build +++ b/doc/meson.build @@ -27,6 +27,8 @@ asciidoc_opts = [ '-f', asciidoc_conf, '-a', 'pacman_version="@0@"'.format(PACKAGE_VERSION), '-a', 'pacman_date=@0@'.format(run_command('date', '+%Y-%m-%d').stdout().strip()), + '-a', 'srcext=@0@'.format(get_option('src-ext')), + '-a', 'pkgext=@0@'.format(get_option('pkg-ext')), '-a', 'pkgdatadir=@0@'.format(PKGDATADIR), '-a', 'localstatedir=@0@'.format(LOCALSTATEDIR), '-a', 'sysconfdir=@0@'.format(SYSCONFDIR), diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in index f914684f..7e5da993 100644 --- a/etc/makepkg.conf.in +++ b/etc/makepkg.conf.in @@ -141,8 +141,5 @@ COMPRESSLZ=(lzip -c -f) # EXTENSION DEFAULTS ######################################################################### # -# WARNING: Do NOT modify these variables unless you know what you are -# doing. -# PKGEXT='@PKGEXT@' SRCEXT='@SRCEXT@' -- 2.21.0

Allan McRae

28 May 28 May

3:15 a.m.

New subject: [pacman-dev] [PATCH v2 1/2] libmakepkg: add lint_config to validate SRCEXT/PKGEXT

On 23/5/19 12:39 am, Eli Schwartz wrote:

...

These variables must begin with .src.tar / .pkg.tar respectively, so fail early if those expectations are not matched. This prevents makepkg from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64" which are actually uncompressed tarballs.

Signed-off-by: Eli Schwartz ---

v2: tweaked the error message a bit

OK. While reviewing this I noticed our --with-pkg-ext configure flag lets anything through... A

1795

Age (days ago)

1802

Last active (days ago)

List overview

Download

5 comments

2 participants

participants (2)

Allan McRae
Eli Schwartz