pmb.chroot.apk.install: move pkgname sanitization (MR 2185)
Check if the pkgnames are sane in install_run_apk, right before running apk. This makes sure that we really run it on all arguments that are supposed to be packages / files and not options to apk.
This commit is contained in:
parent
7b09cc7546
commit
cc90bc81f0
|
@ -174,6 +174,12 @@ def install_run_apk(args, to_add, to_add_local, to_del, suffix):
|
|||
installed or their dependencies (e.g. ["osk-sdl"])
|
||||
:param suffix: the chroot suffix, e.g. "native" or "rootfs_qemu-amd64"
|
||||
"""
|
||||
# Sanitize packages: don't allow '--allow-untrusted' and other options
|
||||
# to be passed to apk!
|
||||
for package in to_add + to_add_local + to_del:
|
||||
if package.startswith("-"):
|
||||
raise ValueError(f"Invalid package name: {package}")
|
||||
|
||||
commands = [["add"] + to_add]
|
||||
|
||||
# Use a virtual package to mark only the explicitly requested packages as
|
||||
|
@ -230,12 +236,6 @@ def install(args, packages, suffix="native", build=True):
|
|||
for package in to_add:
|
||||
install_build(args, package, arch)
|
||||
|
||||
# Sanitize packages: don't allow '--allow-untrusted' and other options
|
||||
# to be passed to apk!
|
||||
for package in to_add + to_del:
|
||||
if package.startswith("-"):
|
||||
raise ValueError(f"Invalid package name: {package}")
|
||||
|
||||
to_add_local = packages_get_locally_built_apks(args, to_add, arch)
|
||||
to_add_no_deps, _ = packages_split_to_add_del(packages)
|
||||
|
||||
|
|
|
@ -143,3 +143,12 @@ def test_install_run_apk(monkeypatch, args):
|
|||
func(args, to_add, to_add_local, to_del, suffix)
|
||||
assert cmds_progress == [["apk", "--no-network", "add", "hello-world"]]
|
||||
assert cmds == []
|
||||
|
||||
# Package name starting with '-'
|
||||
reset_cmds()
|
||||
to_add = ["hello-world", "--allow-untrusted"]
|
||||
to_add_local = []
|
||||
to_del = []
|
||||
with pytest.raises(ValueError) as e:
|
||||
func(args, to_add, to_add_local, to_del, suffix)
|
||||
assert "Invalid package name" in str(e.value)
|
||||
|
|
Loading…
Reference in New Issue