Re: [gentoo-portage-dev] [PATCH] Improve handling of percent-signs in SRC_URI - gentoo-portage-dev

From:	Zac Medico <zmedico@g.o>
To:	Mike Gilbert <floppym@g.o>, gentoo-portage-dev@l.g.o
Cc:	Zac Medico <zmedico@g.o>
Subject:	Re: [gentoo-portage-dev] [PATCH] Improve handling of percent-signs in SRC_URI
Date:	Sun, 31 May 2020 20:13:18
Message-Id:	`ccaacab5-e186-e801-d7d3-fdf7a1e4c027@gentoo.org`
In Reply to:	Re: [gentoo-portage-dev] [PATCH] Improve handling of percent-signs in SRC_URI by Mike Gilbert

1

On 5/31/20 12:51 PM, Mike Gilbert wrote:

2

> On Sun, May 31, 2020 at 3:36 PM Zac Medico <zmedico@g.o> wrote:

3

>>

4

>> On 5/31/20 12:21 PM, Mike Gilbert wrote:

5

>>> On Sun, May 31, 2020 at 2:01 PM Zac Medico <zmedico@g.o> wrote:

6

>>>>

7

>>>> On 5/31/20 6:17 AM, Mike Gilbert wrote:

8

>>>>> Unquote the URL basename when fetching from upstream.

9

>>>>> Quote the filename when fetching from mirrors.

10

>>>>>

11

>>>>> Bug: https://bugs.gentoo.org/719810

12

>>>>> Signed-off-by: Mike Gilbert <floppym@g.o>

13

>>>>> ---

14

>>>>>  lib/portage/dbapi/porttree.py       | 7 ++++++-

15

>>>>>  lib/portage/package/ebuild/fetch.py | 9 +++++++--

16

>>>>>  2 files changed, 13 insertions(+), 3 deletions(-)

17

>>>>>

18

>>>>> diff --git a/lib/portage/dbapi/porttree.py b/lib/portage/dbapi/porttree.py

19

>>>>> index 08af17bcd..984263039 100644

20

>>>>> --- a/lib/portage/dbapi/porttree.py

21

>>>>> +++ b/lib/portage/dbapi/porttree.py

22

>>>>> @@ -55,6 +55,11 @@ try:

23

>>>>>  except ImportError:

24

>>>>>       from urlparse import urlparse

25

>>>>>

26

>>>>> +try:

27

>>>>> +     from urllib.parse import unquote as urlunquote

28

>>>>> +except ImportError:

29

>>>>> +     from urllib import unquote as urlunquote

30

>>>>> +

31

>>>>>  if sys.hexversion >= 0x3000000:

32

>>>>>       # pylint: disable=W0622

33

>>>>>       basestring = str

34

>>>>> @@ -1547,7 +1552,7 @@ def _parse_uri_map(cpv, metadata, use=None):

35

>>>>>                       myuris.pop()

36

>>>>>                       distfile = myuris.pop()

37

>>>>>               else:

38

>>>>> -                     distfile = os.path.basename(uri)

39

>>>>> +                     distfile = urlunquote(os.path.basename(uri))

40

>>>>>                       if not distfile:

41

>>>>>                               raise portage.exception.InvalidDependString(

42

>>>>>                                       ("getFetchMap(): '%s' SRC_URI has no file " + \

43

>>>>> diff --git a/lib/portage/package/ebuild/fetch.py b/lib/portage/package/ebuild/fetch.py

44

>>>>> index 28e7caf53..47c3ad28f 100644

45

>>>>> --- a/lib/portage/package/ebuild/fetch.py

46

>>>>> +++ b/lib/portage/package/ebuild/fetch.py

47

>>>>> @@ -26,6 +26,11 @@ try:

48

>>>>>  except ImportError:

49

>>>>>       from urlparse import urlparse

50

>>>>>

51

>>>>> +try:

52

>>>>> +     from urllib.parse import quote as urlquote

53

>>>>> +except ImportError:

54

>>>>> +     from urllib import quote as urlquote

55

>>>>> +

56

>>>>>  import portage

57

>>>>>  portage.proxy.lazyimport.lazyimport(globals(),

58

>>>>>       'portage.package.ebuild.config:check_config_instance,config',

59

>>>>> @@ -351,7 +356,7 @@ _size_suffix_map = {

60

>>>>>

61

>>>>>  class FlatLayout(object):

62

>>>>>       def get_path(self, filename):

63

>>>>> -             return filename

64

>>>>> +             return urlquote(filename)

65

>>>>>

66

>>>>>       def get_filenames(self, distdir):

67

>>>>>               for dirpath, dirnames, filenames in os.walk(distdir,

68

>>>>> @@ -382,7 +387,7 @@ class FilenameHashLayout(object):

69

>>>>>                       c = c // 4

70

>>>>>                       ret += fnhash[:c] + '/'

71

>>>>>                       fnhash = fnhash[c:]

72

>>>>> -             return ret + filename

73

>>>>> +             return ret + urlquote(filename)

74

>>>>>

75

>>>>>       def get_filenames(self, distdir):

76

>>>>>               pattern = ''

77

>>>>>

78

>>>>

79

>>>> We've also got these other basename calls in fetch.py:

80

>>>>

81

>>>>> diff --git a/lib/portage/package/ebuild/fetch.py b/lib/portage/package/ebuild/fetch.py

82

>>>>> index 28e7caf53..56b375d58 100644

83

>>>>> --- a/lib/portage/package/ebuild/fetch.py

84

>>>>> +++ b/lib/portage/package/ebuild/fetch.py

85

>>>>> @@ -730,9 +730,9 @@ def fetch(myuris, mysettings, listonly=0, fetchonly=0,

86

>>>>>         else:

87

>>>>>                 for myuri in myuris:

88

>>>>>                         if urlparse(myuri).scheme:

89

>>>>> -                               file_uri_tuples.append((os.path.basename(myuri), myuri))

90

>>>>> +                               file_uri_tuples.append((urlunquote(os.path.basename(myuri)), myuri))

91

>>>>>                         else:

92

>>>>> -                               file_uri_tuples.append((os.path.basename(myuri), None))

93

>>>>> +                               file_uri_tuples.append((urlunquote(os.path.basename(myuri)), None))

94

>>>>

95

>>>> The case with no scheme is not a URI, so we need to decide whether

96

>>>> or not to unquote, and we should make _parse_uri_map behavior

97

>>>> consistent for this case.

98

>>>

99

>>> Backing up, I think unquoting the basename is really a separate issue

100

>>> from quoting the filename in Layout.get_path(). The latter fixes a

101

>>> known bug when fetching from mirrors, whereas the former seems like a

102

>>> cosmetic issue. I don't think we should mix these two up into the same

103

>>> commit.

104

>>>

105

>>> Could I get your approval to push my original patch (Escape

106

>>> percent-signs in filename when fetching from mirrors)?

107

>>

108

>> Separate patches are fine, but both patches really should be merged at

109

>> the same time since the quoting and unquoting are inherently coupled.

110

>

111

> I think that they are not actually coupled at all. It's two sets of

112

> code used in different contexts.

113

>

114

> My original patch could and should be pushed independently of any

115

> subsequent changes.

116

>

117

> The unquoting code in this subsequent discussion only affects how a

118

> URL is translated to a filename on disk when fetching from upstream

119

> and generating the Manifest. Ebuild developers can always override

120

> this translation with an arrow operator in SRC_URI, as happens in

121

> go-module.eclass.

122

>

123

> The quoting code deals with escaping whatever on-disk filename portage

124

> happens to be using (based on the URL basename or the right-hand side

125

> of the SRC_URI arrow) so that it can be fetched from a mirror. It

126

> doesn't matter if that disk filename has some ugly percent signs or

127

> not, so long as we can send an appropriate request to the mirror web

128

> server.

129

>

130

> If you have a counter-example where things will fail with my original

131

> patch, please elaborate.

132

133

Okay, yeah the ability to fix with SRC_URI arrows decouples them enough,

134

and all ::gentoo ebuilds are currently compliant.

135

--

136

Thanks,

137

Zac

Gentoo Archives: gentoo-portage-dev

Attachments

1	On 5/31/20 12:51 PM, Mike Gilbert wrote:
2	> On Sun, May 31, 2020 at 3:36 PM Zac Medico <zmedico@g.o> wrote:
3	>>
4	>> On 5/31/20 12:21 PM, Mike Gilbert wrote:
5	>>> On Sun, May 31, 2020 at 2:01 PM Zac Medico <zmedico@g.o> wrote:
6	>>>>
7	>>>> On 5/31/20 6:17 AM, Mike Gilbert wrote:
8	>>>>> Unquote the URL basename when fetching from upstream.
9	>>>>> Quote the filename when fetching from mirrors.
10	>>>>>
11	>>>>> Bug: https://bugs.gentoo.org/719810
12	>>>>> Signed-off-by: Mike Gilbert <floppym@g.o>
13	>>>>> ---
14	>>>>> lib/portage/dbapi/porttree.py \| 7 ++++++-
15	>>>>> lib/portage/package/ebuild/fetch.py \| 9 +++++++--
16	>>>>> 2 files changed, 13 insertions(+), 3 deletions(-)
17	>>>>>
18	>>>>> diff --git a/lib/portage/dbapi/porttree.py b/lib/portage/dbapi/porttree.py
19	>>>>> index 08af17bcd..984263039 100644
20	>>>>> --- a/lib/portage/dbapi/porttree.py
21	>>>>> +++ b/lib/portage/dbapi/porttree.py
22	>>>>> @@ -55,6 +55,11 @@ try:
23	>>>>> except ImportError:
24	>>>>> from urlparse import urlparse
25	>>>>>
26	>>>>> +try:
27	>>>>> + from urllib.parse import unquote as urlunquote
28	>>>>> +except ImportError:
29	>>>>> + from urllib import unquote as urlunquote
30	>>>>> +
31	>>>>> if sys.hexversion >= 0x3000000:
32	>>>>> # pylint: disable=W0622
33	>>>>> basestring = str
34	>>>>> @@ -1547,7 +1552,7 @@ def _parse_uri_map(cpv, metadata, use=None):
35	>>>>> myuris.pop()
36	>>>>> distfile = myuris.pop()
37	>>>>> else:
38	>>>>> - distfile = os.path.basename(uri)
39	>>>>> + distfile = urlunquote(os.path.basename(uri))
40	>>>>> if not distfile:
41	>>>>> raise portage.exception.InvalidDependString(
42	>>>>> ("getFetchMap(): '%s' SRC_URI has no file " + \
43	>>>>> diff --git a/lib/portage/package/ebuild/fetch.py b/lib/portage/package/ebuild/fetch.py
44	>>>>> index 28e7caf53..47c3ad28f 100644
45	>>>>> --- a/lib/portage/package/ebuild/fetch.py
46	>>>>> +++ b/lib/portage/package/ebuild/fetch.py
47	>>>>> @@ -26,6 +26,11 @@ try:
48	>>>>> except ImportError:
49	>>>>> from urlparse import urlparse
50	>>>>>
51	>>>>> +try:
52	>>>>> + from urllib.parse import quote as urlquote
53	>>>>> +except ImportError:
54	>>>>> + from urllib import quote as urlquote
55	>>>>> +
56	>>>>> import portage
57	>>>>> portage.proxy.lazyimport.lazyimport(globals(),
58	>>>>> 'portage.package.ebuild.config:check_config_instance,config',
59	>>>>> @@ -351,7 +356,7 @@ _size_suffix_map = {
60	>>>>>
61	>>>>> class FlatLayout(object):
62	>>>>> def get_path(self, filename):
63	>>>>> - return filename
64	>>>>> + return urlquote(filename)
65	>>>>>
66	>>>>> def get_filenames(self, distdir):
67	>>>>> for dirpath, dirnames, filenames in os.walk(distdir,
68	>>>>> @@ -382,7 +387,7 @@ class FilenameHashLayout(object):
69	>>>>> c = c // 4
70	>>>>> ret += fnhash[:c] + '/'
71	>>>>> fnhash = fnhash[c:]
72	>>>>> - return ret + filename
73	>>>>> + return ret + urlquote(filename)
74	>>>>>
75	>>>>> def get_filenames(self, distdir):
76	>>>>> pattern = ''
77	>>>>>
78	>>>>
79	>>>> We've also got these other basename calls in fetch.py:
80	>>>>
81	>>>>> diff --git a/lib/portage/package/ebuild/fetch.py b/lib/portage/package/ebuild/fetch.py
82	>>>>> index 28e7caf53..56b375d58 100644
83	>>>>> --- a/lib/portage/package/ebuild/fetch.py
84	>>>>> +++ b/lib/portage/package/ebuild/fetch.py
85	>>>>> @@ -730,9 +730,9 @@ def fetch(myuris, mysettings, listonly=0, fetchonly=0,
86	>>>>> else:
87	>>>>> for myuri in myuris:
88	>>>>> if urlparse(myuri).scheme:
89	>>>>> - file_uri_tuples.append((os.path.basename(myuri), myuri))
90	>>>>> + file_uri_tuples.append((urlunquote(os.path.basename(myuri)), myuri))
91	>>>>> else:
92	>>>>> - file_uri_tuples.append((os.path.basename(myuri), None))
93	>>>>> + file_uri_tuples.append((urlunquote(os.path.basename(myuri)), None))
94	>>>>
95	>>>> The case with no scheme is not a URI, so we need to decide whether
96	>>>> or not to unquote, and we should make _parse_uri_map behavior
97	>>>> consistent for this case.
98	>>>
99	>>> Backing up, I think unquoting the basename is really a separate issue
100	>>> from quoting the filename in Layout.get_path(). The latter fixes a
101	>>> known bug when fetching from mirrors, whereas the former seems like a
102	>>> cosmetic issue. I don't think we should mix these two up into the same
103	>>> commit.
104	>>>
105	>>> Could I get your approval to push my original patch (Escape
106	>>> percent-signs in filename when fetching from mirrors)?
107	>>
108	>> Separate patches are fine, but both patches really should be merged at
109	>> the same time since the quoting and unquoting are inherently coupled.
110	>
111	> I think that they are not actually coupled at all. It's two sets of
112	> code used in different contexts.
113	>
114	> My original patch could and should be pushed independently of any
115	> subsequent changes.
116	>
117	> The unquoting code in this subsequent discussion only affects how a
118	> URL is translated to a filename on disk when fetching from upstream
119	> and generating the Manifest. Ebuild developers can always override
120	> this translation with an arrow operator in SRC_URI, as happens in
121	> go-module.eclass.
122	>
123	> The quoting code deals with escaping whatever on-disk filename portage
124	> happens to be using (based on the URL basename or the right-hand side
125	> of the SRC_URI arrow) so that it can be fetched from a mirror. It
126	> doesn't matter if that disk filename has some ugly percent signs or
127	> not, so long as we can send an appropriate request to the mirror web
128	> server.
129	>
130	> If you have a counter-example where things will fail with my original
131	> patch, please elaborate.
132
133	Okay, yeah the ability to fix with SRC_URI arrows decouples them enough,
134	and all ::gentoo ebuilds are currently compliant.
135	--
136	Thanks,
137	Zac