Bug#785441: Support maintainer name and email address
On Oct 10, 2019, at 9:02 PM, Matthew Gabeler-Lee wrote: > > I think the patch _was_ the original bug report, specifically this: > > MAINTAINER="`eval "echo '$1'"`" > > As compared to what the checkinstall code does now: > > MAINTAINER=`eval echo $1` > > The suggested extra layer of quoting will help with many issues around the > standard maintainer name format, I think. If you have single quotes in the > argument values it will still have problems, but it's at least better than > the current state of affairs. > > It's unclear to me why this extra layer of indirection is happening at all, > though, and why it can't just do: > > MAINTAINER="$1" > > I can only imagine that there's some desire to let you indirectly reference > variables set by earlier arguments, but I have also seen anti-patterns like > this before from folks that just have a brain fart and forget how bash > works. > > // extra frustration: whomever wrote this clearly knew this was an issue, > // because the manpage says: "Be careful to correctly quote/escape the name, > // to prevent shell expansion", but fails to note that "correct" is not well > // defined and barely achievable here. Great catch, I agree that does seem to be the problem. I’ll try to patch this soon. Stephen
Bug#785441: Support maintainer name and email address
Package: checkinstall Version: 1.6.2+git20170426.d24a630-1~bpo10+1 Followup-For: Bug #785441 I think the patch _was_ the original bug report, specifically this: MAINTAINER="`eval "echo '$1'"`" As compared to what the checkinstall code does now: MAINTAINER=`eval echo $1` The suggested extra layer of quoting will help with many issues around the standard maintainer name format, I think. If you have single quotes in the argument values it will still have problems, but it's at least better than the current state of affairs. It's unclear to me why this extra layer of indirection is happening at all, though, and why it can't just do: MAINTAINER="$1" I can only imagine that there's some desire to let you indirectly reference variables set by earlier arguments, but I have also seen anti-patterns like this before from folks that just have a brain fart and forget how bash works. // extra frustration: whomever wrote this clearly knew this was an issue, // because the manpage says: "Be careful to correctly quote/escape the name, // to prevent shell expansion", but fails to note that "correct" is not well // defined and barely achievable here. -- System Information: Debian Release: 10.1 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-debug'), (500, 'testing'), (500, 'oldstable'), (490, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.2.0-3-amd64 (SMP w/16 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages checkinstall depends on: ii dpkg-dev1.19.7 ii file1:5.35-4 ii libc6 2.28-10 ii sensible-utils 0.0.12 Versions of packages checkinstall recommends: ii make 4.2.1-1.2 Versions of packages checkinstall suggests: ii gettext 0.19.8.1-9 -- no debconf information
Bug#785441: Support maintainer name and email address
Idézem/Quoting Stephen Gelman : tags 785441 -patch thanks -- Viktor, This seems like a reasonable idea, however I do not see a patch attached to the bug. If you have one could you please send it? Thanks! Stephen Hello Stephen! I've lost the solution, and really the problem too. I think the format "Stephen Gelman " causes a problem. I hope you could eliminate *all* 'eval'-s. All the best! SZÉPE Viktor, webes alkalmazás üzemeltetés / Running your application https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md ~~~ ügyelet/hotline: +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület
Bug#785441: Support maintainer name and email address
tags 785441 -patch thanks -- Viktor, This seems like a reasonable idea, however I do not see a patch attached to the bug. If you have one could you please send it? Thanks! Stephen
Bug#785441: Support maintainer name and email address
Package: checkinstall Version: 1.6.2-4 Severity: important Tags: patch MAINTAINER=`eval echo '$1'` -- System Information: Debian Release: 8.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: sysvinit (via /sbin/init) Versions of packages checkinstall depends on: ii dpkg-dev 1.17.25 ii file 1:5.22+15-2 ii libc6 2.19-18 Versions of packages checkinstall recommends: ii make 4.0-8.1 Versions of packages checkinstall suggests: ii gettext 0.19.3-2 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org