[pacman-dev] [PATCH] repo-remove: Fix infinite loop when given a pkgname ending in '*'

Allan McRae allan at archlinux.org
Sun Apr 28 03:00:52 UTC 2019 

On 28/4/19 12:49 pm, Eli Schwartz wrote:
> On 4/27/19 4:38 AM, Ralph Corderoy wrote:
>> Hi Jan,
>>
>>>> This happens because find_pkgentry() fails to account the case where
>>>> globbing fails and the expression is taken literally.
>>>
>>> Maybe we should use failglob instead to provoke an error?
>>
>> Wouldn't nullglob be better to skip the loop's body?
>>
>>     $ touch foo bar
>>     $ ls
>>     bar  foo
>>     $
>>     $ shopt -u nullglob failglob
>>     $ for f in *; do echo = $f; done
>>     = bar
>>     = foo
>>     $ rm foo
>>     $ for f in *; do echo = $f; done
>>     = bar
>>     $ rm bar
>>     $ for f in *; do echo = $f; done
>>     = *
>>     $
>>     $ touch foo bar
>>     $ shopt -s nullglob
>>     $ for f in *; do echo = $f; done
>>     = bar
>>     = foo
>>     $ rm foo
>>     $ for f in *; do echo = $f; done
>>     = bar
>>     $ rm bar
>>     $ for f in *; do echo = $f; done
>>     $
> 
> All three of you are wrong, or at least missing the point. :)
> 
> [[ foo = f* ]] is defined to have pattern-matching context, and in this
> case, [[ pkgname* = pkgname** ]] matches true. If we do not want this
> behavior, we need to quote this -- and by properly quoting where we are
> supposed to quote, we don't need to stat for file existence, we don't
> need to change the way the whole script handles globs, and we still get
> the failing action we want. To be more precise, we get the exact
> behavior and method of acquiring that behavior, which was originally
> intended.
> 
> There are also other cases where this could matter, some of which are
> long shots.
> 

We probably need to work on the enforcement of pkgname rules from
makepkg into repo-add as well:

pkgname (array)
    Either the name of the package or an array of names for split
    packages. Valid characters for members of this array are
    alphanumerics, and any of the following characters: “@ . _ + -”.
    Additionally, names are not allowed to start with hyphens or dots.

Can probably link in libmakepkg into here to do so.  Although I'd like
to move repo-add to using libalpm, and we need to enforce rules here too...

Allan

More information about the pacman-dev mailing list