[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: patch to quote files in source archive setup
|
From: |
Bruno Haible |
|
Subject: |
Re: patch to quote files in source archive setup |
|
Date: |
Sat, 27 Jan 2024 16:18:20 +0100 |
Hi Patrice,
> Here is a patch to have the files used in the Texinfo source archive
> quoted in the call to tar.
The first line of your ChangeLog entry should not only be a summary of
the technical change. But rather, it should state which file names would
be supported with your patch that were not supported before. File names
with spaces? With '?' or '*'? With double-quotes? With backslashes?
With non-ASCII characters?
> I tried to mimic what is done for the other
> $cmd that are eval'ed to have proper quoting.
The patch introduces an 'eval' command, which is dangerous. It is more
dangerous than the other 'eval's in this files, because those are derived
only from command-line arguments and environment variables, whereas the
new 'eval' command operates on file names that were collected from the
developer's disk.
Can you think of a way of avoiding 'eval'? For example, by using the
--files-from option? It is better to assume GNU tar and avoid 'eval',
than to have a script that works with all 'tar' brands but is vulnerable.
> I also kept the ls -d to
> detect the files and add a read in the middle to quote.
Can't this be simplified?
src_list=`ls -d *.texinfo *.texi *.txi *.eps "$source_extra" 2>/dev/null` ||
true
...
while read -r src_file ; do
...
done <<EOF
$src_list
EOF
to
ls -d *.texinfo *.texi *.txi *.eps "$source_extra" 2>/dev/null \
| while read -r src_file ; do
...
done
?
Bruno