[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28602: Unpack fails with no error message when using a .zip source
From: |
nee |
Subject: |
bug#28602: Unpack fails with no error message when using a .zip source |
Date: |
Mon, 9 Oct 2017 23:05:02 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 |
Am 04.10.2017 um 20:17 schrieb Adonay Felipe Nogueira:
> Does the .zip file have a a single directory on the root?
>
> If not, then we can call it a zipbomb/tarbomb. These bombs are bad
> because they can replace things without notice, and can be very
> difficult to track what was added. Last time I checked Guix expects only
> a single directory in the root of the file --- this might have changed,
> but I didn't test it since one year ago.
Hello, this is a different problem. Tarbombs are still a problem, but
unrelated to this.
The gnu-build-system does not have unzip by default. If a package's
source comes in a zip the package must have unzip as native-input. If it
isn't the (system* "unzip" source) call in the unpack function will fail
because there is no unzip executable.
Happy hacking!