[aur-dev] Safe and relatively reliable PKGBUILD parser.
Jim Pryor
lists+aur-dev at jimpryor.net
Mon Jan 11 21:49:43 EST 2010
On Tue, Jan 12, 2010 at 07:52:54AM +0800, Sebastian Nowicki wrote:
> >Bash simply parses the file and stores the code itself in the
> >"pkgbuild" function, which itself contains other variables and
> >functions (e.g. package_foo, build). Because the code has not been
> >executed, the variables have not been expanded/interpolated and thus
> >still contain things such s "http://example.com/$pkgname-$pkgver.tar",
> >which is why it must still be intepolated by the parser.
>
> It seems I did understand it, I just forgot assignments don't get
> interpreted. I suppose there's no way to get bash to execute the
> assignments but not the code? Perhaps filtering the function
> definitions from set output. I havn't looked at the output of set
> so, again, I'm shooting in the dark here.
If you're willing to trust the variable declaration part of the
PKGBUILD, then yeah it'd be easy to execute just that part. You don't
even need to cut out the build() function, since executing the whole
thing would only declare and not run that function. All you'd need to do
is to add some "echo"s at the end of the wrapper function you've
constructed, and execute the wrapper function.
But this would essentially be the same as making a temp copy of the PKGBUILD,
and adding some "echo"s at the end of the file, then sourcing the file.
Xyne doesn't want to trust the PKGBUILDs that far, he's only using bash
to format the code canonically, then he's regexping the canonical form
instead of executing any of it.
--
Jim Pryor
profjim at jimpryor.net
More information about the aur-dev
mailing list