From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [PATCH] make-release: misc fixes
Date: Mon, 31 May 2010 22:04:12 +0300
Message-ID: <20100531190412.GA6943@redhat.com>
References: <20100524131214.GA5872@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
To: avi@redhat.com, mtosatti@redhat.com, kvm@vger.kernel.org,
	ehabkost@redhat.com
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:59776 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1756586Ab0EaTIZ (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 31 May 2010 15:08:25 -0400
Received: from int-mx08.intmail.prod.int.phx2.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o4VJ8Pff020625
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <kvm@vger.kernel.org>; Mon, 31 May 2010 15:08:25 -0400
Content-Disposition: inline
In-Reply-To: <20100524131214.GA5872@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Mon, May 24, 2010 at 04:12:14PM +0300, Michael S. Tsirkin wrote:
> This fixes /tmp usage in make-release script for security.
> Also, create output directory if it does not exist.
> This also adds a 'tarball' optin to specify output file name.
> Finally, remote output file before gzip to avoid prompt
> 'do you want to overwrite'.
> 
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Ping. Please review/apply.

> ---
>  kvm/scripts/make-release |   13 ++++++++++---
>  1 files changed, 10 insertions(+), 3 deletions(-)
> 
> diff --git a/kvm/scripts/make-release b/kvm/scripts/make-release
> index 11d9c27..fdc402b 100755
> --- a/kvm/scripts/make-release
> +++ b/kvm/scripts/make-release
> @@ -1,7 +1,7 @@
>  #!/bin/bash -e
>  
>  usage() {
> -    echo "usage: $0 [--upload] [--formal] commit [name]"
> +    echo "usage: $0 [--upload] [--formal] commit [name] [tarball]"
>      exit 1
>  }
>  
> @@ -12,7 +12,7 @@ formal=
>  
>  releasedir=~/sf-release
>  [[ -z "$TMP" ]] && TMP="/tmp"
> -tmpdir="$TMP/qemu-kvm-make-release.$$"
> +tmpdir=`mktemp -d --tmpdir="$TMP" qemu-kvm-make-release.XXXXXXXXXX`
>  while [[ "$1" = -* ]]; do
>      opt="$1"
>      shift
> @@ -40,9 +40,15 @@ if [[ -z "$name" ]]; then
>      name="$commit"
>  fi
>  
> -tarball="$releasedir/$name.tar"
> +tarball="$3"
> +if [[ -z "$tarball" ]]; then
> +    tarball="$releasedir/$name.tar.gz"
> +fi
> +#strip trailing .gz if any
> +tarball=${tarball/%.gz/}
>  
>  cd "$(dirname "$0")"/../..
> +mkdir -p "$(dirname "$tarball")"
>  git archive --prefix="$name/" --format=tar "$commit" > "$tarball"
>  
>  mkdir -p "$tmpdir"
> @@ -59,6 +65,7 @@ if [[ -n "$formal" ]]; then
>      rm -rf "$tmpdir"
>  fi
>  
> +rm -f "$tarball.gz"
>  gzip -9 "$tarball"
>  tarball="$tarball.gz"
>  
> -- 
> 1.7.1.12.g42b7f