[pacman-dev] [PATCH 3/6] makepkg: prevent issues with files starting with a hyphen
Dan McGee
dpmcgee at gmail.com
Mon Mar 12 11:24:45 EDT 2012
On Fri, Mar 9, 2012 at 9:01 AM, Dave Reisner <d at falconindy.com> wrote:
> On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
>> Most places in makepkg deal with full file paths, but a few use the
>> file name only. Protect from potential issues when a file name
>> starts with a hyphen.
>
> How sure are we that these will always be relative paths and never ever
> absolute?
>
>> Signed-off-by: Allan McRae <allan at archlinux.org>
>> ---
>> scripts/makepkg.sh.in | 12 ++++++------
>> 1 file changed, 6 insertions(+), 6 deletions(-)
>>
>> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
>> index 384e142..8dd2d39 100644
>> --- a/scripts/makepkg.sh.in
>> +++ b/scripts/makepkg.sh.in
>> @@ -833,7 +833,7 @@ extract_sources() {
>> esac ;;
>> *)
>> # See if bsdtar can recognize the file
>> - if bsdtar -tf "$file" -q '*' &>/dev/null; then
>> + if bsdtar -tf "./$file" -q '*' &>/dev/null; then
>
> not necessary. "$file" is an argument to the -f flag, so we don't need
> to work around this:
>
> $ bsdtar -czf --foo.tar.gz ~/.bash*
> $ ls -l -- --foo.tar.gz
> -rw-r--r-- 1 noclaf users 57856 Mar 9 08:52 --foo.tar.gz
I would definitely prefer to not have to do this, or at least use the
-- option in preference to file path manipulation. However, I don't
know that we could get away with that in all cases you fixed here. I
do agree with Dave on the -f option though- I've never seen a tar
program allow the argument for that to come anywhere except directly
after the flag.
-Dan
More information about the pacman-dev
mailing list