search

pkgcore / pkgcheck

pkgcore-based QA utility for ebuild repos
https://pkgcore.github.io/pkgcheck
BSD 3-Clause "New" or "Revised" License
34 stars 29 forks source link

[New Check]: Use of globs on `DISTDIR` #605

Closed mgorny closed 10 months ago

mgorny commented 11 months ago

Is there an existing such new check request for this?

Explain

Some ebuilds are using thingies like:

doins "${DISTDIR}"/foo-*.bar

This incorrectly assumes that DISTDIR will only contain files relevant to the current package. To keep things safe, it's best not to allow any globs on DISTDIR.

I think we could basically check for *?[ in the same word as ${DISTDIR}..

Examples

https://github.com/gentoo/gentoo/blob/b003461c15eb7d759059bcaf44961fb87517f59b/dev-dotnet/dotnet-runtime-nugets/dotnet-runtime-nugets-6.0.14.ebuild#L46-L47

Output message

Filename expansion used with DISTDIR

Documentation

Filename expansion could accidentally match irrelevant files in DISTDIR, e.g. from other packages or other versions of the same package.

Result level

warning

thesamesam commented 11 months ago

cc @negril. I remember making this mistake with mpfr..

negril commented 11 months ago

Maybe all variables should be be quoted to prevent globing? See https://www.shellcheck.net/wiki/SC2086