ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2025-01-11 21:59:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

download: Use ungrafted tools in 'url-fetch/tarbomb' and 'url-fetch/zipbomb'.

Browse source 
Fixes <https://bugs.gnu.org/31085>.
Reported by Diego Nicola Barbato <dnbarbato@posteo.de>.

* guix/download.scm (url-fetch/tarbomb): Pass #:graft? #f to
'gexp->derivation'.
(url-fetch/zipbomb): Likewise.
This commit is contained in:
Ludovic Courtès 2018-04-23 14:33:11 +02:00
parent de7f03ce0a
commit 5e5d6613a3
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
guix/download.scm
View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch> ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
;;; Copyright © 2016 Alex Griffin <a@ajgrf.com> ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
@ -509,6 +509,8 @@ (define tar
#:system system #:system system
#:guile guile))) #:guile guile)))
;; Take the tar bomb, and simply unpack it as a directory. ;; Take the tar bomb, and simply unpack it as a directory.
;; Use ungrafted tar/gzip so that the resulting tarball doesn't depend on
;; whether grafts are enabled.
(gexp->derivation (or name file-name) (gexp->derivation (or name file-name)
#~(begin #~(begin
(mkdir #$output) (mkdir #$output)
@ -516,6 +518,7 @@ (define tar
(chdir #$output) (chdir #$output)
(zero? (system* (string-append #$tar "/bin/tar") (zero? (system* (string-append #$tar "/bin/tar")
"xf" #$drv))) "xf" #$drv)))
#:graft? #f
#:local-build? #t))) #:local-build? #t)))
(define* (url-fetch/zipbomb url hash-algo hash (define* (url-fetch/zipbomb url hash-algo hash
@ -539,12 +542,15 @@ (define unzip
#:system system #:system system
#:guile guile))) #:guile guile)))
;; Take the zip bomb, and simply unpack it as a directory. ;; Take the zip bomb, and simply unpack it as a directory.
;; Use ungrafted unzip so that the resulting tarball doesn't depend on
;; whether grafts are enabled.
(gexp->derivation (or name file-name) (gexp->derivation (or name file-name)
#~(begin #~(begin
(mkdir #$output) (mkdir #$output)
(chdir #$output) (chdir #$output)
(zero? (system* (string-append #$unzip "/bin/unzip") (zero? (system* (string-append #$unzip "/bin/unzip")
#$drv))) #$drv)))
#:graft? #f
#:local-build? #t))) #:local-build? #t)))
(define* (download-to-store store url #:optional (name (basename url)) (define* (download-to-store store url #:optional (name (basename url))