Archives and magic bytes

[Jim]

This is something I've recently thought about; perhaps you wouldn't
mind some points?

1) I've been running 'file' via os.popen, and I've had trouble with it
incorrectly spotting file types (Fedora Core 1).  I can name a specific
example where it thinks a plain text README file is HTML (despite that
the configuration file for 'file' at least looks right).  That makes me
suspicious of its ability to spot more obscure types.

(No, I haven't tried to get the latest 'file'; the days are long but
they are filled with negative time and in the end I don't always get
done what I should.)

2) Watch out for someone giving you, say, a bogus /bin/ls in a .zip
file.  You may want to look into chroot (which I believe requires you
to run as root), or at least examine the output of "unzip -l"

3) You might also have to worry about the possibility that unpacking a
bundle will fill up your disk's partition.  At least for a while you
hold both the bundle and the unpacked bundle.

4) Using os.popen to unpack the bundle has a lot of advantages,
including that during debugging you can test the stuff from the command
line and feel that you completely understand which steps are working (I
think I use popen2, IIRC, and capture stderr for error messages).

Perhaps this is mostly a reflection on me as a programmer :-} but I
found the job surprisingly tricky.

Jim