On 10/12/16 02:14, Andrew Gregory wrote:
> By passing a NUL-separated filelist, this also fixes a bug where files
> that look like bsdtar options in the package root could break the
> package ("-C" was particularly troublesome because bsdtar interprets it
> as an option anywhere in the file list, even following "--").
>
> Signed-off-by: Andrew Gregory <[email protected]>
> ---
> scripts/makepkg.sh.in | 24 ++++++++++++------------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index 2000451..3700307 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -686,6 +686,15 @@ write_buildinfo() {
> write_kv_pair "installed" "${pkglist[@]}"
> }
>
> +# build a sorted NUL-separated list of the full contents of the current
> +# directory suitable for passing to `bsdtar --files-from`
> +# database files are placed at the beginning of the package regardless of
> +# sorting
> +list_package_files() {
> + (find . -path './.*' \! -name '.'; find . \! -path './.*' \! -name '.'
> | LANG=C sort) |
> + sed -e 's|^\./||' | tr '\n' '\0'
> +}
I think we would need LC_ALL or at least LC_COLLATE here. If either is
set, LANG will not overwrite them.
(I also tried to make this a multi-line function rather than a single
line monstrosity but failed printing an array with null delimiters...)
> +
> create_package() {
> (( NOARCHIVE )) && return
>
> @@ -702,8 +711,6 @@ create_package() {
> write_pkginfo > .PKGINFO
> write_buildinfo > .BUILDINFO
>
> - local comp_files=('.PKGINFO' '.BUILDINFO')
> -
> # check for changelog/install files
> for i in 'changelog/.CHANGELOG' 'install/.INSTALL'; do
> IFS='/' read -r orig dest < <(printf '%s\n' "$i")
> @@ -715,7 +722,6 @@ create_package() {
> exit 1
> fi
> chmod 644 "$dest"
> - comp_files+=("$dest")
> fi
> done
>
> @@ -727,15 +733,10 @@ create_package() {
> [[ -f $pkg_file ]] && rm -f "$pkg_file"
> [[ -f $pkg_file.sig ]] && rm -f "$pkg_file.sig"
>
> - # when fileglobbing, we want * in an empty directory to expand to
> - # the null string rather than itself
> - shopt -s nullglob
> -
> msg2 "$(gettext "Generating .MTREE file...")"
> - LANG=C bsdtar -czf .MTREE --format=mtree \
> + list_package_files | LANG=C bsdtar -cnzf .MTREE --format=mtree \
>
> --options='!all,use-set,type,uid,gid,mode,time,size,md5,sha256,link' \
> - "${comp_files[@]}" *
> - comp_files+=(".MTREE")
> + --null --files-from - --exclude .MTREE
Why do you need --exclude .MTREE here?
> msg2 "$(gettext "Compressing package...")"
> # TODO: Maybe this can be set globally for robustness
> @@ -743,7 +744,7 @@ create_package() {
> # bsdtar's gzip compression always saves the time stamp, making one
> # archive created using the same command line distinct from another.
> # Disable bsdtar compression and use gzip -n for now.
> - LANG=C bsdtar -cf - "${comp_files[@]}" * |
> + list_package_files | LANG=C bsdtar -cnf - --null --files-from - |
> case "$PKGEXT" in
> *tar.gz) ${COMPRESSGZ[@]:-gzip -c -f -n} ;;
> *tar.bz2) ${COMPRESSBZ2[@]:-bzip2 -c -f} ;;
> @@ -756,7 +757,6 @@ create_package() {
> "$PKGEXT"; cat ;;
> esac > "${pkg_file}" || ret=$?
>
> - shopt -u nullglob
> shopt -u -o pipefail
>
> if (( ret )); then
>
