[pacman-dev] [PATCH 3/6] makepkg: prevent issues with files starting with a hyphen

Dave Reisner d at falconindy.com
Fri Mar 9 09:01:07 EST 2012 

On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
> Most places in makepkg deal with full file paths, but a few use the
> file name only.  Protect from potential issues when a file name
> starts with a hyphen.

How sure are we that these will always be relative paths and never ever
absolute?

> Signed-off-by: Allan McRae <allan at archlinux.org>
> ---
>  scripts/makepkg.sh.in |   12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index 384e142..8dd2d39 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -833,7 +833,7 @@ extract_sources() {
>  				esac ;;
>  			*)
>  				# See if bsdtar can recognize the file
> -				if bsdtar -tf "$file" -q '*' &>/dev/null; then
> +				if bsdtar -tf "./$file" -q '*' &>/dev/null; then

not necessary. "$file" is an argument to the -f flag, so we don't need
to work around this:

  $ bsdtar -czf --foo.tar.gz ~/.bash*
  $ ls -l -- --foo.tar.gz
  -rw-r--r--  1 noclaf users   57856 Mar  9 08:52 --foo.tar.gz

>  					cmd="bsdtar"
>  				else
>  					continue
> @@ -843,10 +843,10 @@ extract_sources() {
>  		local ret=0
>  		msg2 "$(gettext "Extracting %s with %s")" "$file" "$cmd"
>  		if [[ $cmd = "bsdtar" ]]; then
> -			$cmd -xf "$file" || ret=$?
> +			$cmd -xf "./$file" || ret=$?

same here.

>  		else
> -			rm -f "${file%.*}"
> -			$cmd -dcf "$file" > "${file%.*}" || ret=$?
> +			rm -f -- "${file%.*}"
> +			$cmd -dcf "./$file" > "${file%.*}" || ret=$?

same here (the rm wants it, though)

>  		fi
>  		if (( ret )); then
>  			error "$(gettext "Failed to extract %s")" "$file"
> @@ -974,7 +974,7 @@ tidy_install() {
>  
>  	if [[ $(check_option docs) = "n" && -n ${DOC_DIRS[*]} ]]; then
>  		msg2 "$(gettext "Removing doc files...")"
> -		rm -rf ${DOC_DIRS[@]}
> +		rm -rf -- ${DOC_DIRS[@]}

i hate that we can't quote this.

>  	fi
>  
>  	if [[ $(check_option purge) = "y" && -n ${PURGE_TARGETS[*]} ]]; then
> @@ -1001,7 +1001,7 @@ tidy_install() {
>  				find ${MAN_DIRS[@]} -lname "$file" 2>/dev/null |
>  				while read link ; do
>  					rm -f "$link" "${link}.gz"
> -					ln -s "${file}.gz" "${link}.gz"
> +					ln -s -- "${file}.gz" "${link}.gz"

No love for the rm? I admit it would be an extremely nonstandard case,
but the same applies for the ln call.

>  				done
>  
>  				# check file still exists (potentially already compressed due to hardlink)
> -- 
> 1.7.9.3
> 
>

More information about the pacman-dev mailing list