Is there an existing such new check request for this?
[X] I have searched the existing issues
Explain
Some ebuilds are using thingies like:
doins "${DISTDIR}"/foo-*.bar
This incorrectly assumes that DISTDIR will only contain files relevant to the current package. To keep things safe, it's best not to allow any globs on DISTDIR.
I think we could basically check for *?[ in the same word as ${DISTDIR}..
Is there an existing such new check request for this?
Explain
Some ebuilds are using thingies like:
This incorrectly assumes that
DISTDIR
will only contain files relevant to the current package. To keep things safe, it's best not to allow any globs onDISTDIR
.I think we could basically check for
*?[
in the same word as${DISTDIR}
..Examples
https://github.com/gentoo/gentoo/blob/b003461c15eb7d759059bcaf44961fb87517f59b/dev-dotnet/dotnet-runtime-nugets/dotnet-runtime-nugets-6.0.14.ebuild#L46-L47
Output message
Filename expansion used with
DISTDIR
Documentation
Filename expansion could accidentally match irrelevant files in
DISTDIR
, e.g. from other packages or other versions of the same package.Result level
warning