[pacman-dev] [PATCH] makepkg: guard against undefined git pinned sources

Eli Schwartz eschwartz at archlinux.org
Thu Jun 11 01:35:59 UTC 2020


On 6/10/20 8:51 PM, Allan McRae wrote:
> On 26/5/20 1:52 pm, Eli Schwartz wrote:
>> If something like source=(..."#commit=") is used, e.g. due to failed
>> variable expansion, we try to check out an empty refspec as nothing at
>> all, and end up just running "git checkout". This happens because we
>> fail at variable expansion too -- so let's quote our variables properly
>> and make sure git sees this as an empty refspec, so it can error out.
>>
>> Also make sure it is interpreted as a ref instead of a path.
>>
>> Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
>> ---
>>
>> This ensures that something like https://bugs.archlinux.org/task/66729
>> cannot happen again.
>>
> 
> Patch good.
> 
> Worth checking if this can happen with other VCS too.

Ironically (considering git is the primary VCS which we use and test) it
seems like all the other VCSes quote their args.

Except for svn, which runs

svn update -r ${ref}

and the -r requires an argument and fails if it is not provided.

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20200610/4b593a1f/attachment.sig>


More information about the pacman-dev mailing list