[pacman-dev] [PATCH 3/6] makepkg: prevent issues with files starting with a hyphen
Allan McRae
allan at archlinux.org
Mon Mar 12 12:13:43 EDT 2012
On 13/03/12 01:24, Dan McGee wrote:
> On Fri, Mar 9, 2012 at 9:01 AM, Dave Reisner <d at falconindy.com> wrote:
>> On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
>>> Most places in makepkg deal with full file paths, but a few use the
>>> file name only. Protect from potential issues when a file name
>>> starts with a hyphen.
>>
>> How sure are we that these will always be relative paths and never ever
>> absolute?
>>
>>> Signed-off-by: Allan McRae <allan at archlinux.org>
>>> ---
>>> scripts/makepkg.sh.in | 12 ++++++------
>>> 1 file changed, 6 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
>>> index 384e142..8dd2d39 100644
>>> --- a/scripts/makepkg.sh.in
>>> +++ b/scripts/makepkg.sh.in
>>> @@ -833,7 +833,7 @@ extract_sources() {
>>> esac ;;
>>> *)
>>> # See if bsdtar can recognize the file
>>> - if bsdtar -tf "$file" -q '*' &>/dev/null; then
>>> + if bsdtar -tf "./$file" -q '*' &>/dev/null; then
>>
>> not necessary. "$file" is an argument to the -f flag, so we don't need
>> to work around this:
>>
>> $ bsdtar -czf --foo.tar.gz ~/.bash*
>> $ ls -l -- --foo.tar.gz
>> -rw-r--r-- 1 noclaf users 57856 Mar 9 08:52 --foo.tar.gz
>
> I would definitely prefer to not have to do this, or at least use the
> -- option in preference to file path manipulation. However, I don't
> know that we could get away with that in all cases you fixed here. I
> do agree with Dave on the -f option though- I've never seen a tar
> program allow the argument for that to come anywhere except directly
> after the flag.
Note that the "--" option is not possible there. Or at least I could
not get the -q '*' bit working if given earlier in the command.
Anyway, the ./ prefixing is killed in my working branch.
Allan
More information about the pacman-dev
mailing list