From 5a9e1c0d20e2332c79fb0fd7570315a5d93041f2 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sat, 15 Jun 2024 14:02:17 +0200 Subject: [PATCH] Restrict supported tarball formats to actual Tarballs The documentation is clear about the supported formats (with at least `builtins.fetchTarball`). The way the code was written previously it supported all the formats that libarchive supported. That is a surprisingly large amount of formats that are likely not on the radar of the Nix developers and users. Before people end up relying on this (or if they do) it is better to break it now before it becomes a widespread "feature". Zip file support has been retained as (at least to my knowledge) historically that has been used to fetch nixpkgs in some shell expressions *many* years back. Fixes https://github.com/NixOS/nix/issues/10917 --- src/libutil/tarfile.cc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libutil/tarfile.cc b/src/libutil/tarfile.cc index 6bb2bd2f3..f0e24e937 100644 --- a/src/libutil/tarfile.cc +++ b/src/libutil/tarfile.cc @@ -79,7 +79,8 @@ TarArchive::TarArchive(Source & source, bool raw, std::optional com } if (!raw) { - archive_read_support_format_all(archive); + archive_read_support_format_tar(archive); + archive_read_support_format_zip(archive); } else { archive_read_support_format_raw(archive); archive_read_support_format_empty(archive); @@ -96,7 +97,8 @@ TarArchive::TarArchive(const Path & path) , buffer(defaultBufferSize) { archive_read_support_filter_all(archive); - archive_read_support_format_all(archive); + archive_read_support_format_tar(archive); + archive_read_support_format_zip(archive); archive_read_set_option(archive, NULL, "mac-ext", NULL); check(archive_read_open_filename(archive, path.c_str(), 16384), "failed to open archive: %s"); }