GNU bug report logs - #28602
Unpack fails with no error message when using a .zip source

Previous Next

Package: guix;

Reported by: nee <nee <at> cock.li>

Date: Mon, 25 Sep 2017 20:11:01 UTC

Severity: normal

Tags: patch

Done: zimoun <zimon.toutoune <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: nee <nee <at> cock.li>
To: Adonay Felipe Nogueira <adfeno <at> hyperbola.info>
Cc: 28602 <at> debbugs.gnu.org
Subject: bug#28602: Unpack fails with no error message when using a .zip source
Date: Mon, 9 Oct 2017 23:05:02 +0200

Am 04.10.2017 um 20:17 schrieb Adonay Felipe Nogueira:
> Does the .zip file have a a single directory on the root?
> 
> If not, then we can call it a zipbomb/tarbomb. These bombs are bad
> because they can replace things without notice, and can be very
> difficult to track what was added. Last time I checked Guix expects only
> a single directory in the root of the file --- this might have changed,
> but I didn't test it since one year ago.

Hello, this is a different problem. Tarbombs are still a problem, but
unrelated to this.

The gnu-build-system does not have unzip by default. If a package's
source comes in a zip the package must have unzip as native-input. If it
isn't the (system* "unzip" source) call in the unpack function will fail
because there is no unzip executable.

Happy hacking!

This bug report was last modified 3 years and 63 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #28602 Unpack fails with no error message when using a .zip source

GNU bug report logs - #28602
Unpack fails with no error message when using a .zip source