[New Check]: Use of globs on DISTDIR
#605
Labels
Comments
|
cc @negril. I remember making this mistake with mpfr.. |
|
Maybe all variables should be be quoted to prevent globing? See https://www.shellcheck.net/wiki/SC2086 |
arthurzam
added a commit
to arthurzam/pkgcheck
that referenced
this issue
Aug 3, 2023
Resolves: pkgcore#605 Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing such new check request for this?
Explain
Some ebuilds are using thingies like:
This incorrectly assumes that
DISTDIRwill only contain files relevant to the current package. To keep things safe, it's best not to allow any globs onDISTDIR.I think we could basically check for
*?[in the same word as${DISTDIR}..Examples
https://github.com/gentoo/gentoo/blob/b003461c15eb7d759059bcaf44961fb87517f59b/dev-dotnet/dotnet-runtime-nugets/dotnet-runtime-nugets-6.0.14.ebuild#L46-L47
Output message
Filename expansion used with
DISTDIRDocumentation
Filename expansion could accidentally match irrelevant files in
DISTDIR, e.g. from other packages or other versions of the same package.Result level
warning
The text was updated successfully, but these errors were encountered: