[PATCH 1/1] download: Map file-name characters not allowed in store.

DoneSubmitted by Hartmut Goebel.
Details
2 participants
  • Hartmut Goebel
  • Ludovic Courtès
Owner
unassigned
Severity
normal
H
H
Hartmut Goebel wrote on 8 Aug 2019 16:44
(address . guix-patches@gnu.org)
20190808144448.25147-1-h.goebel@crazy-compilers.com
In the file-name to be used for storing into the store, replace anycharacter not allowed in the store-file-name by an underscore.This is only done when NAME is not given and thus defaults totoe URL's basename. If NAME is given, this is used unchanged,allowing for more control by other functions.
Fixes http://issues.guix.gnu.org/issue/26175
* guix/download.scm (safe-name): New function. (download-to-store): NAME defaults to the "safe" basename of URL.--- guix/download.scm | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-)
Toggle diff (47 lines)diff --git a/guix/download.scm b/guix/download.scmindex b24aaa0a86..249f612237 100644--- a/guix/download.scm+++ b/guix/download.scm@@ -6,6 +6,7 @@ ;;; Copyright © 2016 David Craven <david@craven.ch> ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2019 Guy Fleury Iteriteka <hoonandon@gmail.com>+;;; Copyright © 2019 Hartmut Goeel <h.goebel@crazy-compilers.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -563,13 +564,27 @@ own. This helper makes it easier to deal with \"zip bombs\"." #:graft? #f #:local-build? #t))) -(define* (download-to-store store url #:optional (name (basename url))+(define (safe-name name)+ "Replace any character not allowed in a stroe name by an underscore."++ (define valid-characters+ ;; according to nix/libstore/store-api.cc+ (string->list (string-append "ABCDEFGHIJKLMNOPQRSTUVWXYZ"+ "abcdefghijklmnopqrstuvwxyz"+ "0123456789" "+-._?=")))+ (string-map (lambda (c)+ (if (member c valid-characters) c #\_))+ name))++(define* (download-to-store store url+ #:optional (name (safe-name (basename url))) #:key (log (current-error-port)) recursive? (verify-certificate? #t))- "Download from URL to STORE, either under NAME or URL's basename if-omitted. Write progress reports to LOG. RECURSIVE? has the same effect as-the same-named parameter of 'add-to-store'. VERIFY-CERTIFICATE? determines-whether or not to validate HTTPS server certificates."+ "Download from URL to STORE, either under NAME. If NAME is omitted, URL's+basename with invalid characters replaced is used. Write progress reports to+LOG. RECURSIVE? has the same effect as the same-named parameter of+'add-to-store'. VERIFY-CERTIFICATE? determines whether or not to validate+HTTPS server certificates." (define uri (string->uri url)) -- 2.21.0
L
L
Ludovic Courtès wrote on 23 Aug 2019 23:08
(name . Hartmut Goebel)(address . h.goebel@crazy-compilers.com)(address . 36976@debbugs.gnu.org)
874l271tf6.fsf@gnu.org
Hello,
Hartmut Goebel <h.goebel@crazy-compilers.com> skribis:
Toggle quote (11 lines)> In the file-name to be used for storing into the store, replace any> character not allowed in the store-file-name by an underscore.> This is only done when NAME is not given and thus defaults to> toe URL's basename. If NAME is given, this is used unchanged,> allowing for more control by other functions.>> Fixes <http://issues.guix.gnu.org/issue/26175>>> * guix/download.scm (safe-name): New function.> (download-to-store): NAME defaults to the "safe" basename of URL.
What about moving this automatic renaming feature to (guix scriptsdownload)? I’d rather not do it in the core APIs.
Toggle quote (2 lines)> +(define (safe-name name)> + "Replace any character not allowed in a stroe name by an underscore."
^^Typo.
I’d call it ‘ensure-valid-store-file-name’ or similar, WDYT?
Toggle quote (9 lines)> + (define valid-characters> + ;; according to nix/libstore/store-api.cc> + (string->list (string-append "ABCDEFGHIJKLMNOPQRSTUVWXYZ"> + "abcdefghijklmnopqrstuvwxyz"> + "0123456789" "+-._?=")))> + (string-map (lambda (c)> + (if (member c valid-characters) c #\_))> + name))
Instead of a list, please use a SRFI-14 “character set”, like this:
(define valid (string->char-set …))
(string-map (lambda (c) (if (char-set-contains? valid c) …)) name)
Thanks,Ludo’.
H
H
Hartmut Goebel wrote on 27 Aug 2019 09:53
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 36976@debbugs.gnu.org)
c5b96442-0ab8-2472-b387-03ceefd7c588@crazy-compilers.com
Hi,
Thanks for the review and the coding suggestions..
Am 23.08.19 um 23:08 schrieb Ludovic Courtès:
Toggle quote (4 lines)>> * guix/download.scm (safe-name): New function.>> (download-to-store): NAME defaults to the "safe" basename of URL.> What about moving this automatic renaming feature to (guix scripts> download)? I’d rather not do it in the core APIs.
`download-to-store store` was defined as:
   (define* (download-to-store store url #:optional (name (basename url)) …
When developing this patch, I decided to put it into the core sinceusers of this function would expect to be allowed to just pass any urland don't need to take care about valid characters. If not doing theautomatic renaming here, users would need to perform the conversionprior to calling this function in any case (except when 100% sure onlyvalid characters are used).
-- RegardsHartmut Goebel
| Hartmut Goebel | h.goebel@crazy-compilers.com || www.crazy-compilers.com | compilers which you thought are impossible |
L
L
Ludovic Courtès wrote on 1 Sep 2019 21:39
(name . Hartmut Goebel)(address . h.goebel@crazy-compilers.com)(address . 36976@debbugs.gnu.org)
87woerajr8.fsf@gnu.org
Hello,
Hartmut Goebel <h.goebel@crazy-compilers.com> skribis:
Toggle quote (18 lines)> Thanks for the review and the coding suggestions..>> Am 23.08.19 um 23:08 schrieb Ludovic Courtès:>>> * guix/download.scm (safe-name): New function.>>> (download-to-store): NAME defaults to the "safe" basename of URL.>> What about moving this automatic renaming feature to (guix scripts>> download)? I’d rather not do it in the core APIs.> `download-to-store store` was defined as:>>    (define* (download-to-store store url #:optional (name (basename url)) …>> When developing this patch, I decided to put it into the core since> users of this function would expect to be allowed to just pass any url> and don't need to take care about valid characters. If not doing the> automatic renaming here, users would need to perform the conversion> prior to calling this function in any case (except when 100% sure only> valid characters are used).
Yes, but that’s OK to me: IMO, procedures have to focused on one thing;users can perform additional processing beforehand if they need it.
Conversely, commands have to do the right thing by default, which is whyI agree that ‘guix download’ should rename automatically when needed.
How does that sound?
Ludo’.
H
H
Hartmut Goebel wrote on 3 Sep 2019 18:20
[Patch v2] guix download: Ensure destination file-name is valid in the store.
(address . 36976@debbugs.gnu.org)
20190903162028.5373-1-h.goebel@crazy-compilers.com
Avoid invalid store-file-name by explicitly passing the destinationname, replacing any character not allowed in the store-file-name by anunderscore.
Fixes http://issues.guix.gnu.org/issue/26175
* guix/scripts/download.scm (safe-naensure-valid-store-file-nameme): New function. (download-to-store*): Use it to generate a "safe" basename of URL.--- guix/scripts/download.scm | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
Toggle diff (38 lines)diff --git a/guix/scripts/download.scm b/guix/scripts/download.scmindex d8fe71ce12..22cd75ea0b 100644--- a/guix/scripts/download.scm+++ b/guix/scripts/download.scm@@ -33,6 +33,7 @@ #:use-module (web uri) #:use-module (ice-9 match) #:use-module (srfi srfi-1)+ #:use-module (srfi srfi-14) #:use-module (srfi srfi-26) #:use-module (srfi srfi-37) #:use-module (rnrs bytevectors)@@ -54,9 +55,23 @@ (url-fetch url file #:mirrors %mirrors))) file)) +(define (ensure-valid-store-file-name name)+ "Replace any character not allowed in a stror name by an underscore."++ (define valid+ ;; according to nix/libstore/store-api.cc+ (string->char-set (string-append "ABCDEFGHIJKLMNOPQRSTUVWXYZ"+ "abcdefghijklmnopqrstuvwxyz"+ "0123456789" "+-._?=")))+ (string-map (lambda (c)+ (if (char-set-contains? valid c) c #\_))+ name))++ (define* (download-to-store* url #:key (verify-certificate? #t)) (with-store store (download-to-store store url+ (ensure-valid-store-file-name (basename url)) #:verify-certificate? verify-certificate?))) (define %default-options-- 2.21.0
H
H
Hartmut Goebel wrote on 26 Sep 2019 17:50
Re: [bug#36976] [PATCH 1/1] download: Map file-name characters not allowed in store.
(address . 36976-close@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
f4abf27e-444f-7b2c-6156-8622ea917047@crazy-compilers.com
Committed as dec845606d2d184da31065fa26cd951b84b3ce2d
Thank for the review.
-- RegardsHartmut Goebel
| Hartmut Goebel | h.goebel@crazy-compilers.com || www.crazy-compilers.com | compilers which you thought are impossible |
?
Your comment

This issue is archived.

To comment on this conversation send email to 36976@debbugs.gnu.org