feat: add binary update/upgrade#263
Conversation
Signed-off-by: hchenxa <hchenxa1986@qq.com>
Signed-off-by: hchenxa <hchenxa1986@qq.com>
|
/assign @yanmxa |
|
Thanks @hchenxa — nice addition, and the test coverage is thorough! 🙏 One thing to fix before merge: Cross-device rename will fail on many Linux setups. The binary is extracted into Suggested fix: create the temp dir next to the target binary, e.g. Minor: releases ship Windows as |
Signed-off-by: hchenxa <hchenxa1986@qq.com>
Integration tests under tests/integration/ assume a Unix environment (shell, ./san paths, etc.) and are not safe to run on windows-latest. Switch smoke-test zip step from bash (zip/unzip) to PowerShell native Compress-Archive / Expand-Archive. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: hchenxa <hchenxa1986@qq.com>
|
@yanmxa this is a good suggestion. and I also add the windows ci testing, please take a look at again |
extractTarGz joined the archive entry name onto destDir without checking that the result stayed inside destDir, unlike extractZip which already guards against zip slip. Add the same check so a crafted tarball cannot write outside the temp dir. Signed-off-by: Meng Yan <yanmxa@gmail.com>
yanmxa
left a comment
There was a problem hiding this comment.
LGTM — the EXDEV cross-device fix (temp dir next to the target binary + copy fallback) and the Windows .zip handling with the new Windows CI job both look good, and the test coverage is thorough.
I pushed one small follow-up commit: extractTarGz was missing the path-traversal guard that extractZip already has, so a crafted tarball entry could write outside the temp dir. Added the same check plus a test. Thanks for the solid work @hchenxa!
What & why
#261
Type of change
Testing
GOCACHE=/private/tmp/san-go-build-cache go test ./...Checklist
feat:,fix:,docs:, …)git commit -s) — certifies the DCO