bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libmakepkg/integrity: determine what is a signature preferring local filename

Browse source 
Checking the file extension to determine if something is a signature is
currently done in three places:
- verify_file_signature: uses $file to print status, reuses it for
  comparison
- source_has_signatures: uses $netfile, but removes url component if
  filename component exists
- generate_one_checksum: uses $netfile and fails to detect renamed files

This leads to inconsistent behavior when trying to use a signature of
the form "foo-1.0.tar.gz.asc::https://example.com/foo-1.0.tar.gz.pgp"

Fix this by treating the third case like the second case.

Reported-by: Giancarlo Razzolini <grazzolini@archlinux.org>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Eli Schwartz 2018-05-09 00:17:10 -04:00 committed by Allan McRae
parent 828f305023
commit 1741bdaf81
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
scripts/libmakepkg/integrity/generate_checksum.sh.in
View file

@ -56,7 +56,7 @@ generate_one_checksum() {
sum="SKIP"
;;
*)
if [[ $netfile != *.@(sig?(n)|asc) ]]; then
if [[ ${netfile%%::*} != *.@(sig?(n)|asc) ]]; then
local file
file="$(get_filepath "$netfile")" || missing_source_file "$netfile"
sum="$("${integ}sum" "$file")"