Package: python-stdeb Version: 0.6.0+20100620-1.1 Severity: normal Tags: patch
Python package index contains packages where the sources are compressed with something other than tar+gz. Currently stdeb fails to install these. Attached is a preliminary patch which adds support for source archives compressed with zip. According to the 'zipfile' module documentatation, uncompressing a zip-archive can result in overwriting of arbitrary files, so the file names should be filtered before extracting. Other than this, the patch works for me. Best, Teemu -- System Information: Debian Release: 6.0 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-stdeb depends on: ii debhelper 8.0.0 helper programs for debian/rules ii python 2.6.6-3+squeeze6 interactive high-level object-orie ii python-setuptools 0.6.14-4 Python Distutils Enhancements (set ii python2.5 2.5.5-11 An interactive high-level object-o ii python2.6 2.6.6-8+b1 An interactive high-level object-o Versions of packages python-stdeb recommends: ii apt-file 2.4.0 search for files within Debian pac ii dpkg-dev 1.15.8.10 Debian package development tools ii python-all 2.6.6-3+squeeze6 package depending on all supported Versions of packages python-stdeb suggests: ii python-all-dev 2.6.6-3+squeeze6 package depending on all supported -- no debconf information
From 60f5ff5a66281258e1fd92b85bd0c2318c9521e6 Mon Sep 17 00:00:00 2001 From: Teemu Ikonen <[email protected]> Date: Mon, 28 Feb 2011 14:15:37 +0100 Subject: [PATCH] Support zip-compressed source archives in pypi-install. --- scripts/pypi-install | 20 ++++++++++++++------ 1 files changed, 14 insertions(+), 6 deletions(-) diff --git a/scripts/pypi-install b/scripts/pypi-install index 5bac8bd..3970564 100755 --- a/scripts/pypi-install +++ b/scripts/pypi-install @@ -7,6 +7,7 @@ import warnings from optparse import OptionParser import tempfile import subprocess +import zipfile def myprint(mystr,fd=None): if fd is None: @@ -56,7 +57,7 @@ def find_tar_gz(package_name, pypi_url = 'http://python.org/pypi',verbose=0): raise ValueError('no package "%s" was found'%package_name) return download_url, expected_md5_digest -def get_source_tarball(package_name,verbose=0): +def get_source_package(package_name,verbose=0): download_url, expected_md5_digest = find_tar_gz(package_name, verbose=verbose) if verbose >= 1: @@ -107,11 +108,18 @@ def main(): if options.verbose >= 2: myprint('downloading to %s'%tmpdir) os.chdir( tmpdir ) - tarball_fname = get_source_tarball(package_name,verbose=options.verbose) - cmd = 'tar xzf %s' % tarball_fname - if options.verbose >= 2: - myprint('executing: %s'%cmd) - subprocess.check_call(cmd, shell=True) + source_fname = get_source_package(package_name,verbose=options.verbose) + if source_fname.endswith('.tar.gz') or source_fname.endswith('.tgz'): + cmd = 'tar xzf %s' % source_fname + if options.verbose >= 2: + myprint('executing: %s'%cmd) + subprocess.check_call(cmd, shell=True) + elif source_fname.endswith('.zip'): + zz = zipfile.ZipFile(source_fname) + # FIXME: Check zip contents for files with absolute file names + # starting with '/', '..' etc. + zz.extractall() + zz.close() expanded_dir = None for entry in os.listdir(os.curdir): -- 1.7.2.3
