FS#17482 - Can't upload to AUR when source contains #
Attached to Project:
AUR web interface
Opened by Jim Pryor (Profjim) - Saturday, 12 December 2009, 23:15 GMT
Last edited by Andrea Scarpino (BaSh) - Wednesday, 03 November 2010, 17:50 GMT
Opened by Jim Pryor (Profjim) - Saturday, 12 December 2009, 23:15 GMT
Last edited by Andrea Scarpino (BaSh) - Wednesday, 03 November 2010, 17:50 GMT
|
Details
Trying to upload a package whose source name contains
"...${pkgname#something}" fails---with a misleading message
("Missing build function in PKGBUILD.") to boot. Changing it
to "...${pkgname%something}" or just "...${pkgname}"
succeeds. The package tarballs were built using makepkg
--source and seem otherwise to be fine.
|
This task depends upon
Closed by Andrea Scarpino (BaSh)
Wednesday, 03 November 2010, 17:50 GMT
Reason for closing: Fixed
Additional comments about closing: in 1.7.0
Wednesday, 03 November 2010, 17:50 GMT
Reason for closing: Fixed
Additional comments about closing: in 1.7.0
...
source=("blahblah${pkgname#something}")
In the particular cases I'm working with, the source fields really have this form:
source=("localfilename::http://blahblah/blah.cgi?name=${pkgname#something-}")
I don't know whether the localfilename:: part is necessary to produce the problem.
Are we permitted to do no bash operations on variables that appear in PKGBUILD metadata fields? I've seen it documented that we shouldn't use extra variables, even ones with _nameslikethis. But I hadn't seen this documented. I guess you're doing the variable substitutions manually, rather than evaluating the PKGBUILDs through a shell. I can see the security advantages of that. But it's not clear up-front what is and isn't allowed.
FS#17328.1. Yes, the core of this bug report is the same as what's in
FS#17328.2. The observation that ${pkgname/something-/} produces garbage too is additional to what's in
FS#17328. It'd be helpful if the AUR php script checked for standard Bash substitutions, say ${base#something}, ${base##something}, ${base%something}, ${base%%something}, ${base/something/somethingelse}, and ${base//something/somethingelse}.3. Or at least it should be loudly announced that these aren't allowed. I haven't yet encountered such an announcement, if it's out there I apologize for wasting time.
FS#17328, and which initiated this bug report. Change line 77 of web/html/pkgsubmit.php from:$line = preg_replace('/\s*#.*/', '', $line);
to:
$line = preg_replace('/((^|})[^{]*)\s*#.*/', '$1', $line);
That will have the effect of never stripping '# text' when inside an unclosed "{ ..." context.
FS#17328, regex cannot be used to parse PKGBUILDs 100% correctly. If you want to remove comments properly, you will need to write a bash parser from scratch. Following workaround could be used to prevent removal of "#.*" if the pound sign ("#") is surrounded by "${"/"}": "$line = preg_replace('/^([^\$]*(\$[^{][^\$]*|\$\{[^}]*\}[^\$]*)*)\s*#.*$/U', '\1', $line);". The "U" modifier might also be removed if "[^\$]*" are replaced by "[^\$#]*" and line trim()'ing is done after comment removal.Please consider that this is only a workaround and will fail in some cases (e.g. if "{}" braces are nested). The only proper way to fix this is to write a proper parser.
[1] http://projects.archlinux.org/aur.git/commit/?id=f08fbbe80eba009c6f42411456479e328c92175b