[pacman-dev] [PATCH 1/1] makepkg: Handle dependencies that contain spaces

Morgan Adamiec morganamilo at gmail.com
Fri Feb 23 02:38:38 UTC 2018


On 23 February 2018 at 01:59, Eli Schwartz <eschwartz at archlinux.org> wrote:
> On 02/22/2018 07:45 PM, morganamilo wrote:
>> In {,opt,check,make}depends makepkg treats packages that contain
>> whitespace as separate packages. For example:
>>       depends=('foo bar')
>> Would be treated as two seperate packages instead of a single package.
>>
>> Packages should not contain whitespace in their name. Pkgbuilds that
>> lists depends like the example above have probably done so in error.
>> Now we correctly error instead of ignoring the improper pkgbuild.
>>
>> Signed-off-by: morganamilo <morganamilo at gmail.com>
>> ---
>>  scripts/makepkg.sh.in | 12 ++++++------
>>  1 file changed, 6 insertions(+), 6 deletions(-)
>>
>> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
>> index 63b6c3e1..d695c09f 100644
>> --- a/scripts/makepkg.sh.in
>> +++ b/scripts/makepkg.sh.in
>> @@ -290,19 +290,19 @@ resolve_deps() {
>>       # deplist cannot be declared like this: local deplist=$(foo)
>>       # Otherwise, the return value will depend on the assignment.
>>       local deplist
>> -     deplist=($(check_deps "$@")) || exit $E_INSTALL_DEPS_FAILED
>> +     deplist=("$(check_deps "$@")") || exit $E_INSTALL_DEPS_FAILED
>
> This won't work. Quoting the stdout of a subprocess guarantees that this
> will be a single-element array, where
>
> declare -a deplist=([0]=$'dep1\ndep2\ndep3')
>
> This *needs* to be unquoted. You can, however, temporarily supply a
> non-default IFS that only splits on \n, or use mapfile.
>
>
>>       [[ -z $deplist ]] && return $R_DEPS_SATISFIED
>>
>>       if handle_deps "${deplist[@]}"; then
>>               # check deps again to make sure they were resolved
>> -             deplist=$(check_deps "$@") || exit $E_INSTALL_DEPS_FAILED
>> +             deplist=("$(check_deps "$@")") || exit $E_INSTALL_DEPS_FAILED
>>               [[ -z $deplist ]] && return $R_DEPS_SATISFIED
>>       fi
>
> I suppose this would probably make more sense as an array, yes.
>
>>       msg "$(gettext "Missing dependencies:")"
>>       local dep
>> -     for dep in $deplist; do
>> -             msg2 "$dep"
>> +     for ((i = 0; i < ${#deplist[@]}; i++)); do
>> +             msg2 "${deplist[$i]}"
>>       done
>
> What on earth is wrong with
>
> for dep in "${deplist[@]}"
>
> like every other "iterate over an array" instance uses? Doing explicit
> lookup of the actual key, is extremely ugly and I'm not even sure where
> this came from.
>
>>       return $R_DEPS_MISSING
>> @@ -328,7 +328,7 @@ remove_deps() {
>>
>>       msg "Removing installed dependencies..."
>>       # exit cleanly on failure to remove deps as package has been built successfully
>> -     if ! run_pacman -Rn ${deplist[@]}; then
>> +     if ! run_pacman -Rn "${deplist[@]}"; then
>>               warning "$(gettext "Failed to remove installed dependencies.")"
>>               return $E_REMOVE_DEPS_FAILED
>>       fi
>> @@ -1612,7 +1612,7 @@ else
>>       deperr=0
>>
>>       msg "$(gettext "Checking runtime dependencies...")"
>> -     resolve_deps ${depends[@]} || deperr=1
>> +     resolve_deps "${depends[@]}" || deperr=1
>>
>>       if (( RMDEPS && INSTALL )); then
>>               original_pkglist=($(run_pacman -Qq))    # required by remove_dep
>>
>
> Overall the whole patch seems to be misguided. If we want to properly
> forbid the keys in *depends=() from containing spaces, then rather than
> relying on check_deps to handle it via pacman, we should provide a
> proper linting function in lint_pkgbuild.
>
> Linting runs before anything else, and you can just do
>
> for i in "${depends[@]}"; do
>     if [[ $i = *[[:space:]]* ]]; then
>         error "depends cannot contain spaces"
>     fi
> done
>
> Extend this suitably to lint all relevant arrays for all disallowed
> characters.
>
> To go one step further, maybe we should see if we can run lint_pkgname
> on each of them. I'm not positive how we would manage dependencies on
> another linting function though.
>
> --
> Eli Schwartz
> Bug Wrangler and Trusted User
>

I do apologise for the bad patch. I'm not proficient in bash at all. I
basically wrote this patch out of frustration after having spent an
hour trying to figure out why a package on the AUR would not install
and it ended up being this exact problem. I looked through the code
and saw sometimes depends are quoted and sometimes they are not.
Adding the quotes fixed the problem so that was that.

I probably should have submitted a bug report instead of trying my
hand at this myself but seeing the backlog it does sometimes feel
pointless. That said I can program fine, maybe I should look up some
bash and try my hand at this properly. I tend to find it hacky for
extended use which is why I've always shied away from it.

And I do agree linting the depends is probably a way better solution,
maybe slit it on =|>|<|>=|<= and use lint_pkgname on the name and
lint_pkgver on the version. I'll have to take a look.

Thanks for the feedback though I greatly appreciate it.


More information about the pacman-dev mailing list