bug#28602: Unpack fails with no error message when using a .zip source

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#28602: Unpack fails with no error message when using a .zip source

From:	nee
Subject:	bug#28602: Unpack fails with no error message when using a .zip source
Date:	Mon, 9 Oct 2017 23:05:02 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

Am 04.10.2017 um 20:17 schrieb Adonay Felipe Nogueira:
> Does the .zip file have a a single directory on the root?
> 
> If not, then we can call it a zipbomb/tarbomb. These bombs are bad
> because they can replace things without notice, and can be very
> difficult to track what was added. Last time I checked Guix expects only
> a single directory in the root of the file --- this might have changed,
> but I didn't test it since one year ago.

Hello, this is a different problem. Tarbombs are still a problem, but
unrelated to this.

The gnu-build-system does not have unzip by default. If a package's
source comes in a zip the package must have unzip as native-input. If it
isn't the (system* "unzip" source) call in the unpack function will fail
because there is no unzip executable.

Happy hacking!

[Prev in Thread]

Current Thread

[Next in Thread]

bug#28602: Unpack fails with no error message when using a .zip source, Adonay Felipe Nogueira, 2017/10/04
- bug#28602: Unpack fails with no error message when using a .zip source, nee <=

Prev by Date: bug#28758: address@hidden: Update to at least revision 44704 to address bug in latexdiff
Next by Date: bug#28303: “guix import texlive keyval” fails
Previous by thread: bug#28602: Unpack fails with no error message when using a .zip source
Next by thread: bug#28709: Content-addressed mirrors for Git checkouts
Index(es):
- Date
- Thread