[arch-general] PKGBUILD parser
Xavier Chantry
chantry.xavier at gmail.com
Sun May 9 10:21:24 EDT 2010
On Sun, May 9, 2010 at 2:44 PM, Allan McRae <allan at archlinux.org> wrote:
>
> Sourcing is dangerous if the PKGBUILD is from an untrusted source. It also
> fails with package splitting...
>
Makes me wonder why pkgbuilds are written in bash. Sounds like a big
design flaw.
But it depends on what our needs are :
1) we don't care about untrusted source or security, we always trust
the source, then bash sourcing is very convenient (original idea
behind that design)
2) we care about security and dealing with untrusted source in a
secure way : the existing format sucks
Currently we are neither in 1), nor in 2), we are somewhere in the
middle with the inconvenient of both sides. We lost the convenience of
1) bash sourcing with package splitting. (I've been meaning to fix
this for one year or so, just never got to it).
And we don't have any ideas about how we could ever suit 2).
Changing pkgbuild format doesn't sound really doable and realistic, it
might be the most important characterization of what Arch is, changing
it would make a new distrib.
But I just had an idea now, if we're thinking about AUR use case :
makepkg --source could generate a suitable and parsable file providing
all information that AUR needs, and ships that next to the PKGBUILD in
the source tarball. Does that sound crazy ?
This would not fix the problem now, but it could fix it eventually,
when most pkgbuilds are re-submitted. Or this parsable file could be
generated for all pkgbuilds in a row, just for the conversion, in a
chroot/jail on a machine not in production.
To re-iterate : PKGBUILD format was meant to be easy to parse by using
bash source. The moment you stop using bash source, it's just all
wrong, and it's the format you have to change.
More information about the arch-general
mailing list