[pacman-dev] [PATCH] Do not allow pkgnames to start with a hyphen

Cedric Staniewski cedric at gmx.ca
Tue Jun 9 15:33:12 EDT 2009 

Commandline arguments starting with a hyphen are usally recognized as
options by unix tools. Therefore, allowing hyphens at the beginning of a
package name requires a different handling of pkgnames as suggested by
rm's manpage.
It would be possible to make the scripts 'hyphen-safe', but
hyphen-prefixed packages will cause trouble for pacman users which do
not know these tricks.

Signed-off-by: Cedric Staniewski <cedric at gmx.ca>
---
 po/pacman.pot          |    3 +++
 scripts/makepkg.sh.in  |    4 ++++
 scripts/repo-add.sh.in |    4 ++--
 3 files changed, 9 insertions(+), 2 deletions(-)


rebased to reflect latest git changes


diff --git a/po/pacman.pot b/po/pacman.pot
index f4cc3e1..03641c6 100644
--- a/po/pacman.pot
+++ b/po/pacman.pot
@@ -1297,6 +1297,9 @@ msgstr ""
 msgid "%s is not allowed to be empty."
 msgstr ""
 
+msgid "%s is not allowed to start with a hyphen."
+msgstr ""
+
 msgid "%s is not allowed to contain hyphens."
 msgstr ""
 
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index f46b7f8..37a60f2 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1117,6 +1117,10 @@ check_sanity() {
 		error "$(gettext "%s is not allowed to be empty.")" "pkgrel"
 		return 1
 	fi
+	if [ "${pkgname:0:1}" == "-" ]; then
+		error "$(gettext "%s is not allowed to start with a hyphen.")" "pkgname"
+		return 1
+	fi
 	if [ "$pkgver" != "${pkgver//-/}" ]; then
 		error "$(gettext "%s is not allowed to contain hyphens.")" "pkgver"
 		return 1
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 7c12aaf..1a0bd6d 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -216,8 +216,8 @@ db_write_entry()
 	md5sum="$(openssl dgst -md5 "$pkgfile" | awk '{print $NF}')"
 	csize=$(@SIZECMD@ "$pkgfile")
 
-	# ensure $pkgname and $pkgver variables were found
-	if [ -z "$pkgname" -o -z "$pkgver" ]; then
+	# ensure $pkgname and $pkgver variables were found and pkgname does not start with a minus
+	if [ -z "$pkgname" -o "${pkgname:0:1}" == "-" -o -z "$pkgver" ]; then
 		error "$(gettext "Invalid package file '%s'.")" "$pkgfile"
 		return 1
 	fi
-- 
1.6.3.2

More information about the pacman-dev mailing list