Re: [pacman-dev] [PATCH 3/6] makepkg: prevent issues with files starting with a hyphen

Fri, 09 Mar 2012 06:01:43 -0800 

On Fri, Mar 09, 2012 at 05:59:06PM +1000, Allan McRae wrote:
> Most places in makepkg deal with full file paths, but a few use the
> file name only.  Protect from potential issues when a file name
> starts with a hyphen.

How sure are we that these will always be relative paths and never ever
absolute?

> Signed-off-by: Allan McRae <al...@archlinux.org>
> ---
>  scripts/makepkg.sh.in |   12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index 384e142..8dd2d39 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -833,7 +833,7 @@ extract_sources() {
>                               esac ;;
>                       *)
>                               # See if bsdtar can recognize the file
> -                             if bsdtar -tf "$file" -q '*' &>/dev/null; then
> +                             if bsdtar -tf "./$file" -q '*' &>/dev/null; then

not necessary. "$file" is an argument to the -f flag, so we don't need
to work around this:

  $ bsdtar -czf --foo.tar.gz ~/.bash*
  $ ls -l -- --foo.tar.gz
  -rw-r--r--  1 noclaf users   57856 Mar  9 08:52 --foo.tar.gz

>                                       cmd="bsdtar"
>                               else
>                                       continue
> @@ -843,10 +843,10 @@ extract_sources() {
>               local ret=0
>               msg2 "$(gettext "Extracting %s with %s")" "$file" "$cmd"
>               if [[ $cmd = "bsdtar" ]]; then
> -                     $cmd -xf "$file" || ret=$?
> +                     $cmd -xf "./$file" || ret=$?

same here.

>               else
> -                     rm -f "${file%.*}"
> -                     $cmd -dcf "$file" > "${file%.*}" || ret=$?
> +                     rm -f -- "${file%.*}"
> +                     $cmd -dcf "./$file" > "${file%.*}" || ret=$?

same here (the rm wants it, though)

>               fi
>               if (( ret )); then
>                       error "$(gettext "Failed to extract %s")" "$file"
> @@ -974,7 +974,7 @@ tidy_install() {
>  
>       if [[ $(check_option docs) = "n" && -n ${DOC_DIRS[*]} ]]; then
>               msg2 "$(gettext "Removing doc files...")"
> -             rm -rf ${DOC_DIRS[@]}
> +             rm -rf -- ${DOC_DIRS[@]}

i hate that we can't quote this.

>       fi
>  
>       if [[ $(check_option purge) = "y" && -n ${PURGE_TARGETS[*]} ]]; then
> @@ -1001,7 +1001,7 @@ tidy_install() {
>                               find ${MAN_DIRS[@]} -lname "$file" 2>/dev/null |
>                               while read link ; do
>                                       rm -f "$link" "${link}.gz"
> -                                     ln -s "${file}.gz" "${link}.gz"
> +                                     ln -s -- "${file}.gz" "${link}.gz"

No love for the rm? I admit it would be an extremely nonstandard case,
but the same applies for the ln call.

>                               done
>  
>                               # check file still exists (potentially already 
> compressed due to hardlink)
> -- 
> 1.7.9.3
> 
>

Reply via email to