From 4c38f4b991e7ff7119ac4d2a0ff11ad20f46086e Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Wed, 22 May 2019 10:39:43 -0400 Subject: libmakepkg: add lint_config to validate SRCEXT/PKGEXT These variables must begin with .src.tar / .pkg.tar respectively, so fail early if those expectations are not matched. This prevents makepkg from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64" which are actually uncompressed tarballs. Signed-off-by: Eli Schwartz Signed-off-by: Allan McRae --- scripts/Makefile.am | 1 + scripts/libmakepkg/lint_config/ext.sh.in | 45 ++++++++++++++++++++++++++++++ scripts/libmakepkg/lint_config/meson.build | 1 + 3 files changed, 47 insertions(+) create mode 100644 scripts/libmakepkg/lint_config/ext.sh.in (limited to 'scripts') diff --git a/scripts/Makefile.am b/scripts/Makefile.am index f9e7bd32..2c9f5f13 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -72,6 +72,7 @@ LIBMAKEPKG_IN = \ libmakepkg/integrity/verify_checksum.sh \ libmakepkg/integrity/verify_signature.sh \ libmakepkg/lint_config.sh \ + libmakepkg/lint_config/ext.sh \ libmakepkg/lint_config/paths.sh \ libmakepkg/lint_config/source_date_epoch.sh \ libmakepkg/lint_config/variable.sh \ diff --git a/scripts/libmakepkg/lint_config/ext.sh.in b/scripts/libmakepkg/lint_config/ext.sh.in new file mode 100644 index 00000000..8f830ef9 --- /dev/null +++ b/scripts/libmakepkg/lint_config/ext.sh.in @@ -0,0 +1,45 @@ +#!/bin/bash +# +# ext.sh - Check that source/package extensions have valid prefixes +# +# Copyright (c) 2019 Pacman Development Team +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +[[ -n "$LIBMAKEPKG_LINT_CONFIG_EXT_SH" ]] && return +LIBMAKEPKG_LINT_CONFIG_EXT_SH=1 + +LIBRARY=${LIBRARY:-'@libmakepkgdir@'} + +source "$LIBRARY/util/message.sh" + +lint_config_functions+=('lint_ext') + + +lint_ext() { + local i var val ret=0 + + for i in 'SRCEXT/.src.tar' 'PKGEXT/.pkg.tar'; do + IFS='/' read -r var val < <(printf '%s\n' "$i") + + if [[ ${!var} != ${val}* ]]; then + error "$(gettext "%s does not contain a valid package suffix (needs '%s', got '%s')")" \ + "\$${var}" "${val}*" "${!var}" + ret=1 + fi + done + + return $ret +} diff --git a/scripts/libmakepkg/lint_config/meson.build b/scripts/libmakepkg/lint_config/meson.build index 144705f9..2262ad45 100644 --- a/scripts/libmakepkg/lint_config/meson.build +++ b/scripts/libmakepkg/lint_config/meson.build @@ -1,6 +1,7 @@ libmakepkg_module = 'lint_config' sources = [ + 'ext.sh.in', 'paths.sh.in', 'source_date_epoch.sh.in', 'variable.sh.in', -- cgit v1.2.3-24-g4f1b