[pacman-dev] [PATCH] Do not allow pkgnames to start with a hyphen
Dan McGee
dpmcgee at gmail.com
Wed Jul 1 00:58:19 EDT 2009
On Thu, Jun 11, 2009 at 6:42 AM, Allan McRae<allan at archlinux.org> wrote:
> Cedric Staniewski wrote:
>>
>> Commandline arguments starting with a hyphen are usally recognized as
>> options by unix tools. Therefore, allowing hyphens at the beginning of a
>> package name requires a different handling of pkgnames as suggested by
>> rm's manpage.
>> It would be possible to make the scripts 'hyphen-safe', but
>> hyphen-prefixed packages will cause trouble for pacman users which do
>> not know these tricks.
>>
>> Signed-off-by: Cedric Staniewski <cedric at gmx.ca>
>> ---
>> po/pacman.pot | 3 +++
>> scripts/makepkg.sh.in | 4 ++++
>> scripts/repo-add.sh.in | 4 ++--
>> 3 files changed, 9 insertions(+), 2 deletions(-)
>>
>>
>> rebased to reflect latest git changes
>>
>>
>> diff --git a/po/pacman.pot b/po/pacman.pot
>> index f4cc3e1..03641c6 100644
>> --- a/po/pacman.pot
>> +++ b/po/pacman.pot
>> @@ -1297,6 +1297,9 @@ msgstr ""
>> msgid "%s is not allowed to be empty."
>> msgstr ""
>> +msgid "%s is not allowed to start with a hyphen."
>> +msgstr ""
>> +
>> msgid "%s is not allowed to contain hyphens."
>> msgstr ""
>> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
>> index f46b7f8..37a60f2 100644
>> --- a/scripts/makepkg.sh.in
>> +++ b/scripts/makepkg.sh.in
>> @@ -1117,6 +1117,10 @@ check_sanity() {
>> error "$(gettext "%s is not allowed to be empty.")"
>> "pkgrel"
>> return 1
>> fi
>> + if [ "${pkgname:0:1}" == "-" ]; then
>> + error "$(gettext "%s is not allowed to start with a
>> hyphen.")" "pkgname"
>> + return 1
>> + fi
>> if [ "$pkgver" != "${pkgver//-/}" ]; then
>> error "$(gettext "%s is not allowed to contain hyphens.")"
>> "pkgver"
>> return 1
>>
>
> Looks good.
>
>> diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
>> index 7c12aaf..1a0bd6d 100644
>> --- a/scripts/repo-add.sh.in
>> +++ b/scripts/repo-add.sh.in
>> @@ -216,8 +216,8 @@ db_write_entry()
>> md5sum="$(openssl dgst -md5 "$pkgfile" | awk '{print $NF}')"
>> csize=$(@SIZECMD@ "$pkgfile")
>> - # ensure $pkgname and $pkgver variables were found
>> - if [ -z "$pkgname" -o -z "$pkgver" ]; then
>> + # ensure $pkgname and $pkgver variables were found and pkgname
>> does not start with a minus
>> + if [ -z "$pkgname" -o "${pkgname:0:1}" == "-" -o -z "$pkgver" ];
>> then
>> error "$(gettext "Invalid package file '%s'.")" "$pkgfile"
>> return 1
>> fi
>>
>
> Do we really need the check here too? I figure makepkg is enough. I'm
> leaning towards -1 here but Dan can have final say.
I think I'm with Allan here. I'll keep the makepkg check and drop this
one in the patch I apply.
-Dan
More information about the pacman-dev
mailing list