Merge lp://qastaging/~lool/snapcraft/no-separate-toplevel-dir into lp://qastaging/~snappy-dev/snapcraft/core
| Status: | Merged |
|---|---|
| Approved by: | Michael Terry |
| Approved revision: | 107 |
| Merged at revision: | 109 |
| Proposed branch: | lp://qastaging/~lool/snapcraft/no-separate-toplevel-dir |
| Merge into: | lp://qastaging/~snappy-dev/snapcraft/core |
| Diff against target: |
116 lines (+53/-12) 3 files modified
integration-tests/data/simple-tar/snapcraft.yaml (+12/-0) integration-tests/units/jobs.pxu (+6/-0) snapcraft/__init__.py (+35/-12) |
| To merge this branch: | bzr merge lp://qastaging/~lool/snapcraft/no-separate-toplevel-dir |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Michael Terry (community) | Approve | ||
|
Review via email:
|
|||
Commit message
Rework tarball unpack to use tarfile. New implementation deals properly with tarballs which ship all files under a common directory, but without an entry for this common directory. Also handles dangerous tarballs with pathes starting with / or ../. Adjust tests accordingly.
NB: this was found while trying to use the upstream tomcat tarball; toplevel parent dir didn't get stripped on unpack.
Description of the change
Rework tarball unpack to use tarfile. New implementation deals properly with tarballs which ship all files under a common directory, but without an entry for this common directory. Also handles dangerous tarballs with pathes starting with / or ../. Adjust tests accordingly.
NB: this was found while trying to use the upstream tomcat tarball; toplevel parent dir didn't get stripped on unpack.
Thanks! I didn't realize tar didn't handle evil paths for us. :(
And I totally forgot about the tarfile module.