From b952a14048f492a6b2d2b7d144d420a53ef4202b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= Date: Tue, 28 Jan 2020 16:31:45 +0100 Subject: [PATCH] seblu-push: Remove PKGBUILD sourcing When PKGBUILD has pkgver function, sourcing it is not enough to get the package version (used to guess the package name to push). In that case, we need to dowload the sources and execute code to compute this version. This is heavy and has security implication beyond push fonction. We could have a partial PKGBUILD sourcing support by only working with the few which doesn't have pkgver function. But this would lead to difficult to diagnosis and the feature not worth it. --- seblu-push | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/seblu-push b/seblu-push index d6fc452..770d0be 100755 --- a/seblu-push +++ b/seblu-push @@ -39,27 +39,6 @@ msg2() { printf "$BLUE ->$BOLD $1$RESET\n" "${@:1}" } -source_pkgbuild() { - [[ ! -f PKGBUILD ]] && echo 'No PKGBUILD' && exit 1 - source /usr/share/devtools/makepkg-x86_64.conf - [[ -r "$HOME/.makepkg.conf" ]] && source "$HOME/.makepkg.conf" - source PKGBUILD - - [[ $(type -t pkgver) == 'function' ]] && pkgver=$(pkgver) - - for _pkgname in "${pkgname[@]}"; do - # define filename base - # handle epoch which is optional - filebase="$_pkgname-" - [[ -n $epoch ]] && (( $epoch > 0 )) && filebase+="$epoch:" - filebase+="$pkgver-$pkgrel" - - for _arch in "${arch[@]}"; do - filename="$filebase-$_arch$PKGEXT" - [[ -f "$filename" ]] && to_commit+=("$filename") - done - done -} # push package to remote repository push_pkg() { @@ -72,16 +51,12 @@ push_pkg() { done } -# if packages are on command line add them, otherwise look in PKGBUILD +# push packages on command line, otherwise all packages in the current directory if (( $# > 0 )); then for _pkg; do [[ "$_pkg" =~ .*\.pkg\.tar\.(xz|zst) ]] && to_commit+=("$_pkg") done else - # try to find those in a PKGBUILD file - source_pkgbuild - - # when no package found, push all packages in the current directory if (( ${#to_commit[@]} == 0 )); then to_commit=(*\.pkg\.tar\.{xz,zst}) fi -- GitLab