diff options
| author | Raphael Hertzog <hertzog@debian.org> | 2008-05-08 19:12:23 +0200 |
|---|---|---|
| committer | Raphael Hertzog <hertzog@debian.org> | 2008-05-08 20:26:51 +0200 |
| commit | 62a1700ddb370966bfe34820a6c0dd6603d46a45 (patch) | |
| tree | ae7b3029ab2604c4082e3611b0e318ba02cc3daf /scripts | |
| parent | ebaea3f6847d910ba958c26160a55ec70f861625 (diff) | |
| download | dpkg-62a1700ddb370966bfe34820a6c0dd6603d46a45.tar.gz | |
dpkg-source (2.0/3.0 (quilt)): refuse binary files in debian subdir
* scripts/Dpkg/Source/Functions.pm (is_binary): New function
to check if a file is binary by using diff against it.
* scripts/Dpkg/Source/Package/V2.pm (do_build): Check that all files from
the debian sub-directory are non-binary and only allow whitelisted binary
files.
* man/dpkg-source.1: Document this behaviour.
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/Dpkg/Source/Functions.pm | 28 | ||||
| -rw-r--r-- | scripts/Dpkg/Source/Package/V2.pm | 21 |
2 files changed, 46 insertions, 3 deletions
diff --git a/scripts/Dpkg/Source/Functions.pm b/scripts/Dpkg/Source/Functions.pm index 9ad04632f..7c8ca88fe 100644 --- a/scripts/Dpkg/Source/Functions.pm +++ b/scripts/Dpkg/Source/Functions.pm @@ -5,10 +5,11 @@ use warnings; use Exporter; our @ISA = qw(Exporter); -our @EXPORT_OK = qw(erasedir fixperms); +our @EXPORT_OK = qw(erasedir fixperms is_binary); use Dpkg::ErrorHandling qw(syserr subprocerr failure); use Dpkg::Gettext; +use Dpkg::IPC; use POSIX; @@ -49,5 +50,30 @@ sub fixperms { subprocerr("chmod -R $modes_set $dir") if $?; } +sub is_binary($) { + my ($file) = @_; + + # Use diff to check if it's a binary file + my $diffgen; + my $diff_pid = fork_and_exec( + 'exec' => [ 'diff', '-u', '--', '/dev/null', $file ], + 'env' => { LC_ALL => 'C', LANG => 'C', TZ => 'UTC0' }, + 'to_pipe' => \$diffgen + ); + my $result = 0; + while (<$diffgen>) { + if (m/^binary/i) { + $result = 1; + last; + } elsif (m/^[-+\@ ]/) { + $result = 0; + last; + } + } + close($diffgen) or syserr("close on diff pipe"); + wait_child($diff_pid, nocheck => 1, cmdline => "diff -u -- /dev/null $file"); + return $result; +} + # vim: set et sw=4 ts=8 1; diff --git a/scripts/Dpkg/Source/Package/V2.pm b/scripts/Dpkg/Source/Package/V2.pm index f6b99da9a..dd39976e2 100644 --- a/scripts/Dpkg/Source/Package/V2.pm +++ b/scripts/Dpkg/Source/Package/V2.pm @@ -29,7 +29,7 @@ use Dpkg::Source::Archive; use Dpkg::Source::Patch; use Dpkg::Version qw(check_version); use Dpkg::Exit; -use Dpkg::Source::Functions qw(erasedir); +use Dpkg::Source::Functions qw(erasedir is_binary); use POSIX; use File::Basename; @@ -308,6 +308,23 @@ sub do_build { $self->register_error(); } }; + # Check if the debian directory contains unwanted binary files + my $unwanted_binaries = 0; + my $check_binary = sub { + my $fn = File::Spec->abs2rel($_, $dir); + if (-f $_ and is_binary($_)) { + if ($include_binaries or $auth_bin_files{$fn}) { + push @binary_files, $fn; + } else { + errormsg(_g("unwanted binary file: %s"), $fn); + $unwanted_binaries++; + } + } + }; + find({ wanted => $check_binary, no_chdir => 1 }, File::Spec->catdir($dir, "debian")); + error(_g("detected %d unwanted binary file(s) " . + "(add them in debian/source/include-binaries to allow their " . + "inclusion)."), $unwanted_binaries) if $unwanted_binaries; # Create a patch my ($difffh, $tmpdiff) = tempfile("$basenamerev.diff.XXXXXX", @@ -360,7 +377,7 @@ sub do_build { $tar->create(options => \@tar_ignore, 'chdir' => $dir); $tar->add_directory("debian"); foreach my $binary (@binary_files) { - $tar->add_file($binary); + $tar->add_file($binary) unless $binary =~ m{^debian/}; } $tar->finish(); |