[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: download: Use ungrafted tools in 'url-fetch/tarbomb' and 'url-fet
From: |
Ludovic Courtès |
Subject: |
01/01: download: Use ungrafted tools in 'url-fetch/tarbomb' and 'url-fetch/zipbomb'. |
Date: |
Mon, 23 Apr 2018 09:26:01 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 5e5d6613a3837586ccab51cd988b44c7df99253b
Author: Ludovic Courtès <address@hidden>
Date: Mon Apr 23 14:33:11 2018 +0200
download: Use ungrafted tools in 'url-fetch/tarbomb' and
'url-fetch/zipbomb'.
Fixes <https://bugs.gnu.org/31085>.
Reported by Diego Nicola Barbato <address@hidden>.
* guix/download.scm (url-fetch/tarbomb): Pass #:graft? #f to
'gexp->derivation'.
(url-fetch/zipbomb): Likewise.
---
guix/download.scm | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/guix/download.scm b/guix/download.scm
index 5044534..7aa6c03 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès
<address@hidden>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès
<address@hidden>
;;; Copyright © 2013, 2014, 2015 Andreas Enge <address@hidden>
;;; Copyright © 2015 Federico Beffa <address@hidden>
;;; Copyright © 2016 Alex Griffin <address@hidden>
@@ -509,6 +509,8 @@ own. This helper makes it easier to deal with \"tar
bombs\"."
#:system system
#:guile guile)))
;; Take the tar bomb, and simply unpack it as a directory.
+ ;; Use ungrafted tar/gzip so that the resulting tarball doesn't depend on
+ ;; whether grafts are enabled.
(gexp->derivation (or name file-name)
#~(begin
(mkdir #$output)
@@ -516,6 +518,7 @@ own. This helper makes it easier to deal with \"tar
bombs\"."
(chdir #$output)
(zero? (system* (string-append #$tar "/bin/tar")
"xf" #$drv)))
+ #:graft? #f
#:local-build? #t)))
(define* (url-fetch/zipbomb url hash-algo hash
@@ -539,12 +542,15 @@ own. This helper makes it easier to deal with \"zip
bombs\"."
#:system system
#:guile guile)))
;; Take the zip bomb, and simply unpack it as a directory.
+ ;; Use ungrafted unzip so that the resulting tarball doesn't depend on
+ ;; whether grafts are enabled.
(gexp->derivation (or name file-name)
#~(begin
(mkdir #$output)
(chdir #$output)
(zero? (system* (string-append #$unzip "/bin/unzip")
#$drv)))
+ #:graft? #f
#:local-build? #t)))
(define* (download-to-store store url #:optional (name (basename url))