From 914ebe3a74287a7972fd4ba33ce3daa77ff96fc8 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 11 Aug 2013 18:09:25 -0400 Subject: ensure that PKGBUILDs aren't sourced via PATH Fixes FS#36378. Signed-off-by: Dave Reisner Signed-off-by: Pierre Schmitz --- checkpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'checkpkg.in') diff --git a/checkpkg.in b/checkpkg.in index 8e0f574..54149db 100644 --- a/checkpkg.in +++ b/checkpkg.in @@ -18,7 +18,7 @@ if [[ ! -f PKGBUILD ]]; then die 'This must be run in the directory of a built package.' fi -. PKGBUILD +. ./PKGBUILD if [[ $arch == 'any' ]]; then CARCH='any' fi -- cgit v1.2.3 From 9c85d116f0425817b4a631e7a693dc5c948e2470 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 11 Aug 2013 19:36:31 -0400 Subject: checkpkg: avoid using PKGEXT to guess tarball name We can't rely on PKGEXT since it's not sourced from a controlled location. Case in point, if a user sets PKGEXT=.pkg.tar.gz, checkpkg fails and offers no easy workaround. Instead, use glob expansion to resolve the name of the tarball, bailing if it can't be found definitively. This involves some refactoring to avoid modifying PWD (which is advisable regardless). Signed-off-by: Dave Reisner Signed-off-by: Pierre Schmitz --- checkpkg.in | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) (limited to 'checkpkg.in') diff --git a/checkpkg.in b/checkpkg.in index 54149db..ef46399 100644 --- a/checkpkg.in +++ b/checkpkg.in @@ -1,5 +1,7 @@ #!/bin/bash +shopt -s extglob + m4_include(lib/common.sh) # Source makepkg.conf; fail if it is not found @@ -25,15 +27,17 @@ fi STARTDIR=$(pwd) TEMPDIR=$(mktemp -d --tmpdir checkpkg-script.XXXX) -cd "$TEMPDIR" for _pkgname in "${pkgname[@]}"; do - pkgfile=${_pkgname}-$(get_full_version $_pkgname)-${CARCH}${PKGEXT} + pkgfile=(${_pkgname}-$(get_full_version $_pkgname)-${CARCH}.pkg.tar?(.?z)) + if (( ${#pkgfile[*]} != 1 )); then + die 'Ambiguous package name: %s\n' "${pkgfile[*]}" + fi if [[ -f "$STARTDIR/$pkgfile" ]]; then - ln -s "$STARTDIR/$pkgfile" "$pkgfile" + ln -s "$STARTDIR/$pkgfile" "$TEMPDIR/$pkgfile" elif [[ -f "$PKGDEST/$pkgfile" ]]; then - ln -s "$PKGDEST/$pkgfile" "$pkgfile" + ln -s "$PKGDEST/$pkgfile" "$TEMPDIR/$pkgfile" else die "File \"$pkgfile\" doesn't exist" fi @@ -58,23 +62,21 @@ for _pkgname in "${pkgname[@]}"; do elif [[ -f "$STARTDIR/$oldpkg" ]]; then ln -s "$STARTDIR/$oldpkg" "$oldpkg" else - curl -fsLC - --retry 3 --retry-delay 3 -o "$oldpkg" "$pkgurl" + curl -fsLC - --retry 3 --retry-delay 3 -o "$oldpkg" "$pkgurl" fi fi - bsdtar tf "$oldpkg" | sort > "filelist-$_pkgname-old" - bsdtar tf "$pkgfile" | sort > "filelist-$_pkgname" + bsdtar tf "$oldpkg" | sort > "$TEMPDIR/filelist-$_pkgname-old" + bsdtar tf "$pkgfile" | sort > "$TEMPDIR/filelist-$_pkgname" - sdiff -s "filelist-$_pkgname-old" "filelist-$_pkgname" + sdiff -s "$TEMPDIR/filelist-$_pkgname-old" "$TEMPDIR/filelist-$_pkgname" - if diff "filelist-$_pkgname-old" "filelist-$_pkgname" | grep '\.so' > /dev/null 2>&1; then - mkdir -p pkg - cd pkg - bsdtar xf ../"$pkgfile" > /dev/null - diff "../filelist-$_pkgname-old" "../filelist-$_pkgname" | awk '/>.*\.so/{$1 = ""; print $0}' | while read i; do + if diff "$TEMPDIR/filelist-$_pkgname"{-old,} | grep '\.so' &>/dev/null; then + mkdir -p "$TEMPDIR/pkg" + bsdtar -C "$TEMPDIR" xf ../"$pkgfile" #> /dev/null + diff "$TEMPDIR/filelist-$_pkgname-old" "$TEMPDIR/filelist-$_pkgname" | awk '/>.*\.so/{$1 = ""; print $0}' | while read i; do echo "${i}: " "$(objdump -p "$i" | grep SONAME)" done - cd .. else msg "No soname differences for $_pkgname." fi -- cgit v1.2.3