[pacman-dev] [PATCH] [RFC] repo-add: don't create links if archive extension is invalid

[Dan McGee]

Not sure what to do here, if we should be proceeding at all. The current
situation:

    dmcgee at galway ~/projects/pacman (master)
    $ ./scripts/repo-add /tmp/invalid.xxx /var/cache/pacman/pkg/apr-1.4.5-1-x86_64.pkg.tar.xz
    ==> Adding package '/var/cache/pacman/pkg/apr-1.4.5-1-x86_64.pkg.tar.xz'
      -> Computing checksums...
      -> Creating 'desc' db entry...
      -> Creating 'depends' db entry...
    ==> Creating updated database file '/tmp/invalid.xxx'
    ==> WARNING: '/tmp/invalid.xxx' does not have a valid archive extension.

    dmcgee at galway ~/projects/pacman (master)
    $ ll /tmp/invalid.xxx
    lrwxrwxrwx 1 dmcgee users 11 Jun 20 11:08 /tmp/invalid.xxx -> invalid.xxx

So we get a symlink to ourself, and overwrite the originally generated
repo database. This patch prevents this behavior, and writes out a
non-compressed database to invalid.xxx and generates no links.

Thoughts? Pacman has a requirement that the db file end in '.db', and
the only other extension out there in the wild is '.files' as far as I
know. Should we have strict enforcement of one of these two types in
repo-add? Doing this could also make the --files flag a bit less
necessary as one could auto-detect the correct setting based on the DB
extension.
---
 scripts/repo-add.sh.in |   24 ++++++++++++++----------
 1 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 0ea8e5b..b29ff92 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -582,8 +582,10 @@ if (( success )); then
 		*.tar.bz2) TAR_OPT="j" ;;
 		*.tar.xz)  TAR_OPT="J" ;;
 		*.tar)     TAR_OPT="" ;;
-		*) warning "$(gettext "'%s' does not have a valid archive extension.")" \
-		"$REPO_DB_FILE" ;;
+		*)
+			warning "$(gettext "'%s' does not have a valid archive extension.")" \
+				"$REPO_DB_FILE"
+			TAR_OPT="" ;;
 	esac
 
 	filename=${REPO_DB_FILE##*/}
@@ -605,14 +607,16 @@ if (( success )); then
 	[[ -f $tmpdir/$filename ]] && mv "$tmpdir/$filename" "$REPO_DB_FILE"
 	[[ -f $tmpdir/$filename.sig ]] && mv "$tmpdir/$filename.sig" "$REPO_DB_FILE.sig"
 	dblink="${REPO_DB_FILE%.tar*}"
-	target=${REPO_DB_FILE##*/}
-	ln -sf "$target" "$dblink" 2>/dev/null || \
-		ln -f "$target" "$dblink" 2>/dev/null || \
-		cp "$REPO_DB_FILE" "$dblink"
-	if [[ -f "$target.sig" ]]; then
-		ln -sf "$target.sig" "$dblink.sig" 2>/dev/null || \
-			ln -f "$target.sig" "$dblink.sig" 2>/dev/null || \
-			cp "$REPO_DB_FILE.sig" "$dblink.sig"
+	if [[ $dblink != $REPO_DB_FILE ]]; then
+		target=${REPO_DB_FILE##*/}
+		ln -sf "$target" "$dblink" 2>/dev/null || \
+			ln -f "$target" "$dblink" 2>/dev/null || \
+			cp "$REPO_DB_FILE" "$dblink"
+		if [[ -f "$target.sig" ]]; then
+			ln -sf "$target.sig" "$dblink.sig" 2>/dev/null || \
+				ln -f "$target.sig" "$dblink.sig" 2>/dev/null || \
+				cp "$REPO_DB_FILE.sig" "$dblink.sig"
+		fi
 	fi
 else
 	msg "$(gettext "No packages modified, nothing to do.")"
-- 
1.7.5.4