On 03/20/2011 07:07 PM, James Vega wrote: > On Fri, Feb 25, 2011 at 08:42:40PM +0100, Christian Kastner wrote: >> When repacking ZIP files, because of the way uscan invokes tar, the >> current directory '.' (dot) is always included in the resulting tar >> archive. > > We do that to ensure that everything unpacked from the zip file is > included in the resulting tar file (e.g., a hidden file at the top-level > of the unpacked tree).
Ah, yes. >> Unpacking such an archive has the side effect of tar attempting to >> change the permissions of the cwd, as easily reproduced by unpacking >> such a tarball from within the /tmp directory. Regular users get an >> error, root has the permissions of /tmp changed. >> >> Another minor issue is that the user and group name are leaked into the >> archive, instead of using the neutral 'root'. > > These are issues, though. Instead of your suggested solution for the > first one, I think using tar's --transform argument to remove the > leading ./ may be cleaner. The fix for the second issue looks good. The problem with --transform is that AFAICT it can only modify paths, not filter them; the extra path still gets added. The attached patch amends the first one by adding a test for hidden files and extending the glob pattern to include those if it finds any. It's not the neatest way to go about this, but the alternatives I've come up with are even less pleasant. Christian
From 2796b54a2c6fa92657bd37adf2cac8e52ae71f97 Mon Sep 17 00:00:00 2001
From: Christian Kastner <deb...@kvr.at>
Date: Sun, 20 Mar 2011 21:43:06 +0100
Subject: [PATCH] uscan: ZIP repacking fixes
Don't include the current working directory in the tarball, and give ownership
to root instead of leaking the user's UID
---
scripts/uscan.pl | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index 6b5e4fb..8b146b2 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -1369,8 +1369,14 @@ EOF
my $newfile_base_gz = "$1.tar.gz";
my $tempdir = tempdir ( "uscanXXXX", TMPDIR => 1, CLEANUP => 1 );
- system("unzip -q -a -d $tempdir $destdir/$newfile_base; GZIP=-9 tar -C $tempdir -czf $destdir/$newfile_base_gz .") == 0
- or die("Repacking from zip to tar.gz failed\n");
+ my $globpattern = "*";
+ system("unzip -q -a -d $tempdir $destdir/$newfile_base") == 0
+ or die("Repacking from zip to tar.gz failed (could not unzip)\n");
+ if (system("ls -d $tempdir/.[!.]* >/dev/null 2>&1") == 0) {
+ $globpattern .= " .[!.]*";
+ }
+ system("cd $tempdir; GZIP=-9 tar --owner=root --group=root --mode=a+rX -czf $destdir/$newfile_base_gz $globpattern") == 0
+ or die("Repacking from zip to tar.gz failed (could not create tarball)\n");
unlink "$destdir/$newfile_base";
$newfile_base = $newfile_base_gz;
}
--
1.7.4.1
signature.asc
Description: OpenPGP digital signature
