[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] tar bombs and muscle
From: |
Leo Famulari |
Subject: |
Re: [PATCH] tar bombs and muscle |
Date: |
Fri, 29 Apr 2016 22:13:53 -0400 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Sun, Apr 24, 2016 at 10:04:01AM +1000, Ben Woodcroft wrote:
> * gnu/packages/bioinformatics.scm (muscle): New variable.
> + (file-name (string-append name "-" version ".tar.gz"))
Once fetched, the source code is a directory rather than a tarball, so
I think it's best to omit the last component of the string.
> + (replace 'install
> + (lambda* (#:key outputs #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bin (string-append out "/bin")))
> + (install-file "muscle" bin)))))))
It only creates the one executable?
> + (license license:public-domain)))
Wow, they really don't make it easy to find this information. Can you
add a comment saying that it's in 'usage.cpp'? Unless I missed something
obvious...
Otherwise, looks good to me!