[pacman-dev] [PATCH] repo-remove: Fix infinite loop when given a pkgname ending in '*'

Eli Schwartz eschwartz at archlinux.org
Sun Apr 28 03:22:40 UTC 2019 

On 4/27/19 11:00 PM, Allan McRae wrote:
> On 28/4/19 12:49 pm, Eli Schwartz wrote:
>> On 4/27/19 4:38 AM, Ralph Corderoy wrote:
>>> Hi Jan,
>>>
>>>>> This happens because find_pkgentry() fails to account the case where
>>>>> globbing fails and the expression is taken literally.
>>>>
>>>> Maybe we should use failglob instead to provoke an error?
>>>
>>> Wouldn't nullglob be better to skip the loop's body?
>>>
>>>     $ touch foo bar
>>>     $ ls
>>>     bar  foo
>>>     $
>>>     $ shopt -u nullglob failglob
>>>     $ for f in *; do echo = $f; done
>>>     = bar
>>>     = foo
>>>     $ rm foo
>>>     $ for f in *; do echo = $f; done
>>>     = bar
>>>     $ rm bar
>>>     $ for f in *; do echo = $f; done
>>>     = *
>>>     $
>>>     $ touch foo bar
>>>     $ shopt -s nullglob
>>>     $ for f in *; do echo = $f; done
>>>     = bar
>>>     = foo
>>>     $ rm foo
>>>     $ for f in *; do echo = $f; done
>>>     = bar
>>>     $ rm bar
>>>     $ for f in *; do echo = $f; done
>>>     $
>>
>> All three of you are wrong, or at least missing the point. :)
>>
>> [[ foo = f* ]] is defined to have pattern-matching context, and in this
>> case, [[ pkgname* = pkgname** ]] matches true. If we do not want this
>> behavior, we need to quote this -- and by properly quoting where we are
>> supposed to quote, we don't need to stat for file existence, we don't
>> need to change the way the whole script handles globs, and we still get
>> the failing action we want. To be more precise, we get the exact
>> behavior and method of acquiring that behavior, which was originally
>> intended.
>>
>> There are also other cases where this could matter, some of which are
>> long shots.
>>
> 
> We probably need to work on the enforcement of pkgname rules from
> makepkg into repo-add as well:
> 
> pkgname (array)
>     Either the name of the package or an array of names for split
>     packages. Valid characters for members of this array are
>     alphanumerics, and any of the following characters: “@ . _ + -”.
>     Additionally, names are not allowed to start with hyphens or dots.
> 
> Can probably link in libmakepkg into here to do so.  Although I'd like
> to move repo-add to using libalpm, and we need to enforce rules here too...

Moving to libalpm would be nice, also because repo-add is some hairy
code and I'm almost afraid to touch it. :p

I'm unsure what some of the logic in there is doing. Spent like 15
minutes trying to figure out why db_remove_entry is even an infinite
loop at all (but then Andrew pointed out even if we don't support
multiple versions of a pkgname in a database, it probably makes sense to
not fail to remove them if they get created some other way).

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20190427/0f475ab4/attachment-0001.sig>

More information about the pacman-dev mailing list