01/01: download: Use ungrafted tools in 'url-fetch/tarbomb' and 'url-fet

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: download: Use ungrafted tools in 'url-fetch/tarbomb' and 'url-fet

From:	Ludovic Court�s
Subject:	01/01: download: Use ungrafted tools in 'url-fetch/tarbomb' and 'url-fetch/zipbomb'.
Date:	Mon, 23 Apr 2018 09:26:01 -0400 (EDT)

civodul pushed a commit to branch master
in repository guix.

commit 5e5d6613a3837586ccab51cd988b44c7df99253b
Author: Ludovic Courtès <address@hidden>
Date:   Mon Apr 23 14:33:11 2018 +0200

    download: Use ungrafted tools in 'url-fetch/tarbomb' and 
'url-fetch/zipbomb'.
    
    Fixes <https://bugs.gnu.org/31085>.
    Reported by Diego Nicola Barbato <address@hidden>.
    
    * guix/download.scm (url-fetch/tarbomb): Pass #:graft? #f to
    'gexp->derivation'.
    (url-fetch/zipbomb): Likewise.
---
 guix/download.scm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/guix/download.scm b/guix/download.scm
index 5044534..7aa6c03 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès 
<address@hidden>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès 
<address@hidden>
 ;;; Copyright © 2013, 2014, 2015 Andreas Enge <address@hidden>
 ;;; Copyright © 2015 Federico Beffa <address@hidden>
 ;;; Copyright © 2016 Alex Griffin <address@hidden>
@@ -509,6 +509,8 @@ own.  This helper makes it easier to deal with \"tar 
bombs\"."
                                       #:system system
                                       #:guile guile)))
     ;; Take the tar bomb, and simply unpack it as a directory.
+    ;; Use ungrafted tar/gzip so that the resulting tarball doesn't depend on
+    ;; whether grafts are enabled.
     (gexp->derivation (or name file-name)
                       #~(begin
                           (mkdir #$output)
@@ -516,6 +518,7 @@ own.  This helper makes it easier to deal with \"tar 
bombs\"."
                           (chdir #$output)
                           (zero? (system* (string-append #$tar "/bin/tar")
                                           "xf" #$drv)))
+                      #:graft? #f
                       #:local-build? #t)))
 
 (define* (url-fetch/zipbomb url hash-algo hash
@@ -539,12 +542,15 @@ own.  This helper makes it easier to deal with \"zip 
bombs\"."
                                       #:system system
                                       #:guile guile)))
     ;; Take the zip bomb, and simply unpack it as a directory.
+    ;; Use ungrafted unzip so that the resulting tarball doesn't depend on
+    ;; whether grafts are enabled.
     (gexp->derivation (or name file-name)
                       #~(begin
                           (mkdir #$output)
                           (chdir #$output)
                           (zero? (system* (string-append #$unzip "/bin/unzip")
                                           #$drv)))
+                      #:graft? #f
                       #:local-build? #t)))
 
 (define* (download-to-store store url #:optional (name (basename url))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (de7f03c -> 5e5d661), Ludovic Court�s, 2018/04/23
- 01/01: download: Use ungrafted tools in 'url-fetch/tarbomb' and 'url-fetch/zipbomb'., Ludovic Court�s <=

Prev by Date: [no subject]
Next by Date: branch master updated (de7f03c -> 5e5d661)
Previous by thread: branch master updated (de7f03c -> 5e5d661)
Index(es):
- Date
- Thread