bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libmakepkg/integrity: fix regression that broke --install

Browse source 
In commit c6b04c0465 package signing was
moved out of fakeroot, and as part of this process, the global pkgname
variable was modified in order to extract the built package names.

However, if a debug package was not available and added to the list of
packages, the function was aborted early, before the pkgname array was
restored, thereby corrupting the later stages of makepkg and
specifically the install_package function which needs to know which
pkgnames to install.

Fix this by inlining the debug package signing inside the `if` check,
and as added security switch to using `for pkg in "${pkgname[@]}"` as is
done in many other parts of makepkg, since package signing does not
depend on the value of pkgname for anything.

Additionally, since debug packages may not actually exist, check if the
package file exists first.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Eli Schwartz 2018-03-14 20:42:11 -04:00 committed by Allan McRae
parent c54621d819
commit 9c8d7a8093
1 changed files with 10 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
scripts/libmakepkg/integrity/generate_signature.sh.in
View file

@ -50,28 +50,25 @@ create_package_signatures() {
if [[ $SIGNPKG != 'y' ]]; then if [[ $SIGNPKG != 'y' ]]; then
return 0 return 0
fi fi
local pkgarch pkg_file local pkg pkgarch pkg_file
local pkgname_backup=("${pkgname[@]}")
local fullver=$(get_full_version) local fullver=$(get_full_version)
msg "$(gettext "Signing package(s)...")" msg "$(gettext "Signing package(s)...")"
for pkgname in ${pkgname_backup[@]}; do for pkg in "${pkgname[@]}"; do
pkgarch=$(get_pkg_arch $pkgname) pkgarch=$(get_pkg_arch $pkg)
pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}" pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}"
create_signature "$pkg_file" create_signature "$pkg_file"
done done
# check if debug package needs a signature # check if debug package needs a signature
if ! check_option "debug" "y" || ! check_option "strip" "y"; then if ! check_option "debug" "y" || ! check_option "strip" "y"; then
return pkg=$pkgbase-@DEBUGSUFFIX@
pkgarch=$(get_pkg_arch)
pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}"
if [[ -f $pkg_file ]]; then
create_signature "$pkg_file"
fi
fi fi
pkgname=$pkgbase-@DEBUGSUFFIX@
pkgarch=$(get_pkg_arch)
pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
create_signature "$pkg_file"
pkgname=("${pkgname_backup[@]}")
} }