mirror of
https://github.com/sbopkg/sbopkg
synced 2024-09-19 14:30:18 +03:00
SlackBuilds package tool
badc768e12
This revision corrects a security issue introduced in r762 and a trap lost in r819. The basic idea is to revert the unsafe operator from r762 and then replace sbopkg's static SBOPKGTMP directory with a more secure, volatile one created by mktemp and to use it and a new batch of traps to simplify creation and cleanup of tmp dirs and files. Tmp/trap/cleanup changes: * /etc/sbopkg/sbopkg.conf.new: removed old SBOPKGTMP variable. * config_check(): ditto. Also removed everything about unexpected files since the new SBOPKGTMP should take care of that. * dir_init(): removed SBOPKGTMP variable and its use. Dumped the ALLOW_MULTI/mcookie part, since the new SBOPKGTMP should take care of that. * script-wide: removed all calls to cleanup(), except for the new call from the traps. * check_for_updates(): reverted the redirection operator * build_package(): now uses the volatile SBOPKGTMP directly if/when we CLEANUP, rather than a volatile subdir in a static SBOPKGTMP. * cleanup(): changed all the specific deletions of the contents of the old SBOPKGTMP to a general deletion of the entire new SBOPKGTMP. Dumped the ALLOW_MULTI stuff since it can't be triggered now (rm -r of a mktemp vs. a rmdir of an mcookie). * control_c(): made a comment more specific; made the function a lot quieter; removed the cleanup/exit parts now trapped. * main: added traps; assigned to SBOPKGTMP internally with a mktemp invocation that respects TMPDIR and moved up all SBOPKGTMP variables that had to wait on sourcing the config file since they no longer have to wait for that. Unrelated changes that I tripped over along the way: * pid_check(): combine PIDFILE declaration and assignment and shorten comment. * info_item(): changed use of filenames to use of variables. * sync_repo(): made an error condition exit 1 rather than 0. * get_source(): changed PIDLIST to SBOPKG_PIDLIST like it is elsewhere. * pick_file(): establish a RETURN trap to clean out files which are now referred to by variables rather than semi-random deletions of files referred to by filenames. * process_queue(): now moves the built package from the tmpdir before installing rather than after so people's PACKAGE LOCATION lines aren't screwed up in their package db. * main: combined a command and exit status check into the one 'if'. Also changed some more filenames to vars and removed two that didn't need to be declared there. (They can be local to their functions since r831 or so.) |
||
---|---|---|
src | ||
tools |