[pacman-dev] [PATCH 3/6] makepkg: prevent issues with files starting with a hyphen

Allan McRae allan at archlinux.org
Mon Mar 12 12:13:43 EDT 2012


On 13/03/12 01:24, Dan McGee wrote:
> On Fri, Mar 9, 2012 at 9:01 AM, Dave Reisner <d at falconindy.com> wrote:
>> On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
>>> Most places in makepkg deal with full file paths, but a few use the
>>> file name only.  Protect from potential issues when a file name
>>> starts with a hyphen.
>>
>> How sure are we that these will always be relative paths and never ever
>> absolute?
>>
>>> Signed-off-by: Allan McRae <allan at archlinux.org>
>>> ---
>>>  scripts/makepkg.sh.in |   12 ++++++------
>>>  1 file changed, 6 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
>>> index 384e142..8dd2d39 100644
>>> --- a/scripts/makepkg.sh.in
>>> +++ b/scripts/makepkg.sh.in
>>> @@ -833,7 +833,7 @@ extract_sources() {
>>>                               esac ;;
>>>                       *)
>>>                               # See if bsdtar can recognize the file
>>> -                             if bsdtar -tf "$file" -q '*' &>/dev/null; then
>>> +                             if bsdtar -tf "./$file" -q '*' &>/dev/null; then
>>
>> not necessary. "$file" is an argument to the -f flag, so we don't need
>> to work around this:
>>
>>  $ bsdtar -czf --foo.tar.gz ~/.bash*
>>  $ ls -l -- --foo.tar.gz
>>  -rw-r--r--  1 noclaf users   57856 Mar  9 08:52 --foo.tar.gz
> 
> I would definitely prefer to not have to do this, or at least use the
> -- option in preference to file path manipulation. However, I don't
> know that we could get away with that in all cases you fixed here. I
> do agree with Dave on the -f option though- I've never seen a tar
> program allow the argument for that to come anywhere except directly
> after the flag.

Note that the "--" option is not possible there.  Or at least I could
not get the -q '*' bit working if given earlier in the command.

Anyway, the ./ prefixing is killed in my working branch.

Allan



More information about the pacman-dev mailing list