| Summary: | [Tracker] DISTDIR globs | ||
|---|---|---|---|
| Product: | Quality Assurance | Reporter: | Michał Górny <mgorny> |
| Component: | Trackers | Assignee: | Gentoo Quality Assurance Team <qa> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | Keywords: | Tracker |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 612906, 612916, 612920, 612996, 612998, 613000, 613002, 613004, 613006 | ||
| Bug Blocks: | |||
This may even have security implications if the glob matches a file where Manifest checksum verification failed and that portage has stored in DISTDIR under a *_checksum_failure_* name. |
It seems that some ebuilds are attempting globbing in DISTDIR and similar ops. While this partially works in Portage because of shadow dir use, this is unreliable and a very bad idea. Common mistakes: 1. cp "${DISTDIR}"/* ... -- this can actually copy *all* files ever downloaded on the system 2. cp "${DISTDIR}"/${P}-* ... -- you can't really rely on DISTDIR containing no other file with this prefix.