FS#41682 - [makepkg] do not eval dlcmd
Attached to Project:
Pacman
Opened by I Said Socks (socks) - Sunday, 24 August 2014, 20:56 GMT
Last edited by Dave Reisner (falconindy) - Sunday, 28 September 2014, 12:57 GMT
Opened by I Said Socks (socks) - Sunday, 24 August 2014, 20:56 GMT
Last edited by Dave Reisner (falconindy) - Sunday, 28 September 2014, 12:57 GMT
|
Details
I snatched a PKGBUILD from AUR; as usual it has something
broken about it. This time, it has this:
source=("$pkgname"::'https://github.com/codito/gnome-shell-pomodoro/archive/$pkgver.tar.gz') You see the single quotes should be double quotes. BUT makepkg happily downloads the source, regardless. The reason lies in the following line in makepkg: eval "$dlcmd || ret=\$?" Now this is *very* bad eval. A sane approach would be to unpack the configured DLAGENT into an array `dlcmd`, do the %o %u substitution, and execute "${dlcmd[@]}". ( Preferably: command -- "${dlcmd[@]}" ). |
This task depends upon
Closed by Dave Reisner (falconindy)
Sunday, 28 September 2014, 12:57 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in git: https://projects.archlinux.org/pacman.gi t/commit/?id=ee207d7c7b3
Sunday, 28 September 2014, 12:57 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in git: https://projects.archlinux.org/pacman.gi t/commit/?id=ee207d7c7b3