summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Gregory <andrew.gregory.8@gmail.com>2016-11-05 18:08:15 -0400
committerAllan McRae <allan@archlinux.org>2016-12-05 15:20:08 +1000
commit46101bea1c1232621fa80409586b5eeeaefdac47 (patch)
tree8db5a0742f6e0fe5070a5a6dc7aabb38339ccc34
parentd3dc2002634637bd3635c460c68885bdd755292a (diff)
downloadpacman-46101bea1c1232621fa80409586b5eeeaefdac47.tar.xz
makepkg: reject package data with newlines
The PKGINFO format cannot handle values that contain newlines. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r--scripts/makepkg.sh.in63
1 files changed, 38 insertions, 25 deletions
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 7538c8fa..ca494353 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -600,6 +600,19 @@ find_libprovides() {
(( ${#libprovides[@]} )) && printf '%s\n' "${libprovides[@]}"
}
+write_kv_pair() {
+ local key="$1"
+ shift
+
+ for val in "$@"; do
+ if [[ $val = *$'\n'* ]]; then
+ error "$(gettext "Invalid value for %s: %s")" "$key" "$val"
+ exit 1
+ fi
+ printf "%s = %s\n" "$key" "$val"
+ done
+}
+
write_pkginfo() {
local builddate=$(date -u "+%s")
if [[ -n $PACKAGER ]]; then
@@ -618,15 +631,15 @@ write_pkginfo() {
printf "# using %s\n" "$(fakeroot -v)"
printf "# %s\n" "$(LC_ALL=C date -u)"
- printf "pkgname = %s\n" "$pkgname"
+ write_kv_pair "pkgname" "$pkgname"
if (( SPLITPKG )) || [[ "$pkgbase" != "$pkgname" ]]; then
- printf "pkgbase = %s\n" "$pkgbase"
+ write_kv_pair "pkgbase" "$pkgbase"
fi
local fullver=$(get_full_version)
- printf "pkgver = %s\n" "$fullver"
+ write_kv_pair "pkgver" "$fullver"
if [[ "$fullver" != "$basever" ]]; then
- printf "basever = %s\n" "$basever"
+ write_kv_pair "basever" "$basever"
fi
# TODO: all fields should have this treatment
@@ -634,43 +647,43 @@ write_pkginfo() {
spd=("${spd[@]#[[:space:]]}")
spd=("${spd[@]%[[:space:]]}")
- printf "pkgdesc = %s\n" "$spd"
- printf "url = %s\n" "$url"
- printf "builddate = %s\n" "$builddate"
- printf "packager = %s\n" "$packager"
- printf "size = %s\n" "$size"
- printf "arch = %s\n" "$pkgarch"
+ write_kv_pair "pkgdesc" "$spd"
+ write_kv_pair "url" "$url"
+ write_kv_pair "builddate" "$builddate"
+ write_kv_pair "packager" "$packager"
+ write_kv_pair "size" "$size"
+ write_kv_pair "arch" "$pkgarch"
mapfile -t provides < <(find_libprovides)
mapfile -t depends < <(find_libdepends)
- [[ $license ]] && printf "license = %s\n" "${license[@]}"
- [[ $replaces ]] && printf "replaces = %s\n" "${replaces[@]}"
- [[ $groups ]] && printf "group = %s\n" "${groups[@]}"
- [[ $conflicts ]] && printf "conflict = %s\n" "${conflicts[@]}"
- [[ $provides ]] && printf "provides = %s\n" "${provides[@]}"
- [[ $backup ]] && printf "backup = %s\n" "${backup[@]}"
- [[ $depends ]] && printf "depend = %s\n" "${depends[@]}"
- [[ $optdepends ]] && printf "optdepend = %s\n" "${optdepends[@]//+([[:space:]])/ }"
- [[ $makedepends ]] && printf "makedepend = %s\n" "${makedepends[@]}"
- [[ $checkdepends ]] && printf "checkdepend = %s\n" "${checkdepends[@]}"
+ write_kv_pair "license" "${license[@]}"
+ write_kv_pair "replaces" "${replaces[@]}"
+ write_kv_pair "group" "${groups[@]}"
+ write_kv_pair "conflict" "${conflicts[@]}"
+ write_kv_pair "provides" "${provides[@]}"
+ write_kv_pair "backup" "${backup[@]}"
+ write_kv_pair "depend" "${depends[@]}"
+ write_kv_pair "optdepend" "${optdepends[@]//+([[:space:]])/ }"
+ write_kv_pair "makedepend" "${makedepends[@]}"
+ write_kv_pair "checkdepend" "${checkdepends[@]}"
}
write_buildinfo() {
msg2 "$(gettext "Generating %s file...")" ".BUILDINFO"
- printf "builddir = %s\n" "${BUILDDIR}"
+ write_kv_pair "builddir" "${BUILDDIR}"
local sum="$(sha256sum "${BUILDFILE}")"
sum=${sum%% *}
- printf "pkgbuild_sha256sum = %s\n" $sum
+ write_kv_pair "pkgbuild_sha256sum" $sum
- printf "buildenv = %s\n" "${BUILDENV[@]}"
- printf "options = %s\n" "${OPTIONS[@]}"
+ write_kv_pair "buildenv" "${BUILDENV[@]}"
+ write_kv_pair "options" "${OPTIONS[@]}"
local pkglist=($(run_pacman -Q | sed "s# #-#"))
- printf "installed = %s\n" "${pkglist[@]}"
+ write_kv_pair "installed" "${pkglist[@]}"
}
create_package() {