[pacman-dev] [PATCH] libmakepkg: add lint_config to validate SRCEXT/PKGEXT
These variables must begin with .src.tar / .pkg.tar respectively, so
fail early if those expectations are not matched. This prevents makepkg
from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64"
which are actually uncompressed tarballs.
Signed-off-by: Eli Schwartz
Currently this tells people that the settings should not be touched, but
we should just rely on the description of what it should be set to, and
leave it up to the user.
Also, the previous patch allows makepkg to abort if an invalid value is
set, greatly reducing the danger of it being badly configured anyway.
Also make this clearer by indicating when it would be useful to change
the settings -- i.e. disable compression -- and ensure their described
defaults are based on the ones established during ./configure or meson
setup.
Reported-by: Jouke Witteveen
On 5/21/19 6:13 PM, Eli Schwartz wrote:
These variables must begin with .src.tar / .pkg.tar respectively, so fail early if those expectations are not matched. This prevents makepkg from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64" which are actually uncompressed tarballs.
Do we want to just check that it is non-null and matches *.tar*, and allow people to potentially name things whatever they want?
scripts/Makefile.am | 1 + scripts/libmakepkg/lint_config/ext.sh.in | 45 ++++++++++++++++++++++ scripts/libmakepkg/lint_config/meson.build | 1 + 3 files changed, 47 insertions(+) create mode 100644 scripts/libmakepkg/lint_config/ext.sh.in
diff --git a/scripts/Makefile.am b/scripts/Makefile.am index 00e0c038..0597a0e5 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -72,6 +72,7 @@ LIBMAKEPKG_IN = \ libmakepkg/integrity/verify_checksum.sh \ libmakepkg/integrity/verify_signature.sh \ libmakepkg/lint_config.sh \ + libmakepkg/lint_config/ext.sh \ libmakepkg/lint_config/paths.sh \ libmakepkg/lint_config/source_date_epoch.sh \ libmakepkg/lint_config/variable.sh \ diff --git a/scripts/libmakepkg/lint_config/ext.sh.in b/scripts/libmakepkg/lint_config/ext.sh.in new file mode 100644 index 00000000..20aaf6ab --- /dev/null +++ b/scripts/libmakepkg/lint_config/ext.sh.in @@ -0,0 +1,45 @@ +#!/bin/bash +# +# ext.sh - Check that source/package extensions have valid prefixes +# +# Copyright (c) 2019 Pacman Development Team
+# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +[[ -n "$LIBMAKEPKG_LINT_CONFIG_EXT_SH" ]] && return +LIBMAKEPKG_LINT_CONFIG_EXT_SH=1 + +LIBRARY=${LIBRARY:-'@libmakepkgdir@'} + +source "$LIBRARY/util/message.sh" + +lint_config_functions+=('lint_ext') + + +lint_ext() { + local i var val ret=0 + + for i in 'SRCEXT/.src.tar' 'PKGEXT/.pkg.tar'; do + IFS='/' read -r var val < <(printf '%s\n' "$i") + + if [[ ${!var} != ${val}* ]]; then + error "$(gettext "%s does not contain a valid prefix (needs '%s', got '%s')")" \ + "\$${var}" "${val}*" "${!var}"
Time to get to the main part of any patch -- bikeshedding message strings!
+ ret=1 + fi + done + + return $ret +} diff --git a/scripts/libmakepkg/lint_config/meson.build b/scripts/libmakepkg/lint_config/meson.build index 144705f9..2262ad45 100644 --- a/scripts/libmakepkg/lint_config/meson.build +++ b/scripts/libmakepkg/lint_config/meson.build @@ -1,6 +1,7 @@ libmakepkg_module = 'lint_config'
sources = [ + 'ext.sh.in', 'paths.sh.in', 'source_date_epoch.sh.in', 'variable.sh.in',
-- Eli Schwartz Bug Wrangler and Trusted User
These variables must begin with .src.tar / .pkg.tar respectively, so
fail early if those expectations are not matched. This prevents makepkg
from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64"
which are actually uncompressed tarballs.
Signed-off-by: Eli Schwartz
Currently this tells people that the settings should not be touched, but
we should just rely on the description of what it should be set to, and
leave it up to the user.
Also, the previous patch allows makepkg to abort if an invalid value is
set, greatly reducing the danger of it being badly configured anyway.
Also make this clearer by indicating when it would be useful to change
the settings -- i.e. disable compression -- and ensure their described
defaults are based on the ones established during ./configure or meson
setup.
Reported-by: Jouke Witteveen
On 23/5/19 12:39 am, Eli Schwartz wrote:
These variables must begin with .src.tar / .pkg.tar respectively, so fail early if those expectations are not matched. This prevents makepkg from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64" which are actually uncompressed tarballs.
Signed-off-by: Eli Schwartz
--- v2: tweaked the error message a bit
OK. While reviewing this I noticed our --with-pkg-ext configure flag lets anything through... A
participants (2)
-
Allan McRae
-
Eli Schwartz