Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release zips have the tarbomb problem #517

Closed
Soundtoxin opened this issue Jul 4, 2023 · 3 comments
Closed

Release zips have the tarbomb problem #517

Soundtoxin opened this issue Jul 4, 2023 · 3 comments

Comments

@Soundtoxin
Copy link

https://en.wikipedia.org/wiki/Tar_(computing)#Tarbomb

The problem: The release zip contains a bunch of "loose files" which will litter the current directory, be hard to keep track of, and can overwrite other files with the same name.

The solution: Create a directory inside the release zip files that holds all of this stuff so that if someone were to run unzip YARG_v0.10.7-Linux-x86_64.zip or similar, they would just get one new file, a directory containing all the stuff from the release, instead of several files. This new directory could be named the same as the release zip, like YARG_v0.10.7-Linux-x86_64, or it could just be something generic like YARG.

There are workarounds to this issue implemented in stuff like 7zip where you can extract an archive to a new directory with the same name as the archive, but having to do this is not ideal, and this is not as trivial to do from the command line. You also need to know you're dealing with a tarbomb to know to do that instead of something like the "extract here" right click options, which would give you the same problem as unzipping from the CLI.
@EliteAsian123
Copy link
Member

With the launcher coming up, it's kinda "too late now," because we'd have to rezip every single update on every single platform. With it however, this isn't something that you'll have to worry about. Apologies for the inconvenience!

@Soundtoxin
Copy link
Author

I wouldn't expect you to fix old releases if that's what you mean, just the new ones. Or are you saying that the launcher is going to use these zips and expects them the way they are? I imagine you could automate redoing all the zip files if needed rather than doing it by hand.

Is there somewhere I can read more about how the launcher is planned to work? I guess maybe you'd download one executable instead of an archive and then it would handle grabbing the rest of the game files over the internet or something. If that's how it worked it might be worse for portability in scenarios with no network connection, like throwing the files on a flash drive to easily set up on another machine wherever you are.

@EliteAsian123
Copy link
Member

EliteAsian123 commented Jul 6, 2023
edited
Loading

Portable versions of YARG will still be available, however, stuff like the setlist can only be downloaded through the launcher for security, and in the future, the launcher will probably be a requirement to prevent cheating when leaderboards are added.

You can see the launcher here at its current state.

This probably won't be fixed, as it's probably a minor inconvenience at worst. Apologies again for said inconvenience.

@EliteAsian123 EliteAsian123 closed this as not planned Won't fix, can't repro, duplicate, stale Jul 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Soundtoxin @EliteAsian123