Am Sonntag, 1. Oktober 2006 18:04 schrieb Benoit Chesneau: > In fact it launch a bash environnement then get the variables after > sourced the PKGBUILD (thanks to set command). So it get only value after > they are interpreted :)
I got some time to think about how I could create a central package-database. My problem is the parsing of the PKGBUILDs. Writing my own parser is a lot of work because it has to be a nearly complete bash-interpreter. Some PKGBUILDs inclide for-loops or even sed-commands in its header. Using bash to do this (like you are doing it) will solve this. But this is a security-nightmere: We are fetching Bash-Scripts from another Server ans execute them without ans limitations? Well even the official archlinux.org-site is doing this; but I think this is a risk. (Esspecially when Parsing AUR-PKGBUILDs) How can we solve this? * We may ask Judd to publish the db of archlinux.org * We run the parser in a vm or chroot * We do not care about security ;-) * We wrote our own Parser which will not work with every PKGBUILD out there What do you think? Any better ideas to solve this? -- http://www.archlinux.de _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
