summaryrefslogtreecommitdiffstats
path: root/commitpkg.in
diff options
context:
space:
mode:
authorDave Reisner <dreisner@archlinux.org>2013-07-30 21:24:48 +0200
committerPierre Schmitz <pierre@archlinux.de>2013-08-08 21:28:10 +0200
commitbe3c71fa81e6d35a1fae0612a8b7b4b613d7d2f6 (patch)
treea5907bf32ccf54914ede5a355ea91137c760570e /commitpkg.in
parentfb30cabe61862f640f0e99f214dc2777a8ec1b35 (diff)
downloaddevtools-be3c71fa81e6d35a1fae0612a8b7b4b613d7d2f6.tar.gz
devtools-be3c71fa81e6d35a1fae0612a8b7b4b613d7d2f6.tar.xz
avoid injecting code into the format string
Now that die() properly forwards arguments to error(), we can expect that the first arg is a format string and not the entirety of the output. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Diffstat (limited to 'commitpkg.in')
-rw-r--r--commitpkg.in10
1 files changed, 5 insertions, 5 deletions
diff --git a/commitpkg.in b/commitpkg.in
index db78517..ad1005b 100644
--- a/commitpkg.in
+++ b/commitpkg.in
@@ -58,7 +58,7 @@ esac
# check if all local source files are under version control
for s in "${source[@]}"; do
if [[ $s != *://* ]] && ! svn status -v "$s@" | grep -q '^[ AMRX~]'; then
- die "$s is not under version control"
+ die "%s is not under version control" "$s"
fi
done
@@ -68,7 +68,7 @@ for i in 'changelog' 'install'; do
# evaluate any bash variables used
eval file=\"$(sed 's/^\(['\''"]\)\(.*\)\1$/\2/' <<< "$file")\"
if ! svn status -v "${file}" | grep -q '^[ AMRX~]'; then
- die "${file} is not under version control"
+ die "%s is not under version control" "$file"
fi
done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
done
@@ -81,8 +81,8 @@ while getopts ':l:a:s:f' flag; do
s) server=$OPTARG ;;
l) rsyncopts+=("--bwlimit=$OPTARG") ;;
a) commit_arch=$OPTARG ;;
- :) die "Option requires an argument -- '$OPTARG'" ;;
- \?) die "Invalid option -- '$OPTARG'" ;;
+ :) die "Option requires an argument -- '%s'" "$OPTARG" ;;
+ \?) die "Invalid option -- '%s'" "$OPTARG" ;;
esac
done
shift $(( OPTIND - 1 ))
@@ -164,7 +164,7 @@ for _arch in ${arch[@]}; do
gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die
fi
if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
- die "Signature ${pkgfile}.sig is incorrect!"
+ die "Signature %s.sig is incorrect!" "$pkgfile"
fi
uploads+=("$sigfile")
done