Compare commits

..

2 Commits

Author SHA1 Message Date
Robin Candau
0ce651857c Merge branch 'exit_on_nvchecker_cmd_source' into 'master'
fix(version): Fail if the 'cmd' source is used in .nvchecker.toml

See merge request archlinux/devtools!295
2025-08-09 11:54:31 +02:00
Robin Candau
cfb99fd2d8 fix(version): Fail if the 'cmd' source is used in .nvchecker.toml
The [cmd](https://nvchecker.readthedocs.io/en/latest/usage.html#find-with-a-command) source allows nvchecker to use a shell command line to get versions. Using this source within `.nvchecker.toml` would result in `pkgctl version {check,upgrade}` to run arbitrary commands which isn't desirable, as it can lead to various issues (e.g. missing packages / dependencies to run said commands or even executing malicious commands in hypothetical worst case scenarios)
2025-01-04 12:25:32 +01:00
5 changed files with 8 additions and 8 deletions

View File

@@ -3,7 +3,7 @@ pkgctl-auth(1)
Name
----
pkgctl-auth - Authenticate with services like GitLab.
pkgctl-auth - Authenticate with serivces like GitLab.
Synopsis
--------

View File

@@ -49,9 +49,6 @@ pkgctl diff::
pkgctl issue::
Work with GitLab packaging issues
pkgctl license::
Check and manage package licenses
pkgctl release::
Release step to commit, tag and upload build artifacts
@@ -73,7 +70,6 @@ pkgctl-build(1)
pkgctl-db(1)
pkgctl-diff(1)
pkgctl-issue(1)
pkgctl-license(1)
pkgctl-release(1)
pkgctl-repo(1)
pkgctl-search(1)

View File

@@ -54,8 +54,7 @@ export RSYNC_OPTS=(
--human-readable
--progress
--partial
# suffix the partial dir with the PID in order to avoid clashes
--partial-dir=.partial.$$
--partial-dir=.partial
--delay-updates
)

View File

@@ -188,7 +188,6 @@ path = [
"README.md",
"keys/**",
".SRCINFO",
".gitignore",
".nvchecker.toml",
"*.install",
"*.sysusers",

View File

@@ -350,6 +350,12 @@ nvchecker_check_config() {
printf "non-pkgbase section not supported in %s: %s" "${config}" "${property}"
return 1
fi
# check if the config is using the 'cmd' source
if grep --extended-regexp --quiet '^\s*source\s*=\s*["'\'']cmd["'\'']\s*$' "${config}"; then
printf "using the 'cmd' source in %s is disallowed" "${config}"
return 1
fi
}
nvchecker_check_error() {