[pacman-dev] [PATCH] Do not allow pkgnames to start with a hyphen

Allan McRae allan at archlinux.org
Thu Jun 11 07:42:16 EDT 2009 

Cedric Staniewski wrote:
> Commandline arguments starting with a hyphen are usally recognized as
> options by unix tools. Therefore, allowing hyphens at the beginning of a
> package name requires a different handling of pkgnames as suggested by
> rm's manpage.
> It would be possible to make the scripts 'hyphen-safe', but
> hyphen-prefixed packages will cause trouble for pacman users which do
> not know these tricks.
>
> Signed-off-by: Cedric Staniewski <cedric at gmx.ca>
> ---
>  po/pacman.pot          |    3 +++
>  scripts/makepkg.sh.in  |    4 ++++
>  scripts/repo-add.sh.in |    4 ++--
>  3 files changed, 9 insertions(+), 2 deletions(-)
>
>
> rebased to reflect latest git changes
>
>
> diff --git a/po/pacman.pot b/po/pacman.pot
> index f4cc3e1..03641c6 100644
> --- a/po/pacman.pot
> +++ b/po/pacman.pot
> @@ -1297,6 +1297,9 @@ msgstr ""
>  msgid "%s is not allowed to be empty."
>  msgstr ""
>  
> +msgid "%s is not allowed to start with a hyphen."
> +msgstr ""
> +
>  msgid "%s is not allowed to contain hyphens."
>  msgstr ""
>  
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index f46b7f8..37a60f2 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -1117,6 +1117,10 @@ check_sanity() {
>  		error "$(gettext "%s is not allowed to be empty.")" "pkgrel"
>  		return 1
>  	fi
> +	if [ "${pkgname:0:1}" == "-" ]; then
> +		error "$(gettext "%s is not allowed to start with a hyphen.")" "pkgname"
> +		return 1
> +	fi
>  	if [ "$pkgver" != "${pkgver//-/}" ]; then
>  		error "$(gettext "%s is not allowed to contain hyphens.")" "pkgver"
>  		return 1
>   

Looks good.

> diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
> index 7c12aaf..1a0bd6d 100644
> --- a/scripts/repo-add.sh.in
> +++ b/scripts/repo-add.sh.in
> @@ -216,8 +216,8 @@ db_write_entry()
>  	md5sum="$(openssl dgst -md5 "$pkgfile" | awk '{print $NF}')"
>  	csize=$(@SIZECMD@ "$pkgfile")
>  
> -	# ensure $pkgname and $pkgver variables were found
> -	if [ -z "$pkgname" -o -z "$pkgver" ]; then
> +	# ensure $pkgname and $pkgver variables were found and pkgname does not start with a minus
> +	if [ -z "$pkgname" -o "${pkgname:0:1}" == "-" -o -z "$pkgver" ]; then
>  		error "$(gettext "Invalid package file '%s'.")" "$pkgfile"
>  		return 1
>  	fi
>   
Do we really need the check here too?  I figure makepkg is enough.  I'm 
leaning towards -1 here but Dan can have final say.

Allan

More information about the pacman-dev mailing list