diff options
author | Eli Schwartz <eschwartz@archlinux.org> | 2018-05-09 00:17:10 -0400 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2018-05-12 21:30:51 +1000 |
commit | 1741bdaf81cc7c0881ee7a26861b3d94c384f13f (patch) | |
tree | 6abda2b5f45223182e41785a0566e7cc97a6fd6c | |
parent | 828f305023604474ea078a90bcf9752efdbc8aa9 (diff) | |
download | pacman-1741bdaf81cc7c0881ee7a26861b3d94c384f13f.tar.xz |
libmakepkg/integrity: determine what is a signature preferring local filename
Checking the file extension to determine if something is a signature is
currently done in three places:
- verify_file_signature: uses $file to print status, reuses it for
comparison
- source_has_signatures: uses $netfile, but removes url component if
filename component exists
- generate_one_checksum: uses $netfile and fails to detect renamed files
This leads to inconsistent behavior when trying to use a signature of
the form "foo-1.0.tar.gz.asc::https://example.com/foo-1.0.tar.gz.pgp"
Fix this by treating the third case like the second case.
Reported-by: Giancarlo Razzolini <grazzolini@archlinux.org>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r-- | scripts/libmakepkg/integrity/generate_checksum.sh.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/libmakepkg/integrity/generate_checksum.sh.in b/scripts/libmakepkg/integrity/generate_checksum.sh.in index fdee0d72..eb9b74fc 100644 --- a/scripts/libmakepkg/integrity/generate_checksum.sh.in +++ b/scripts/libmakepkg/integrity/generate_checksum.sh.in @@ -56,7 +56,7 @@ generate_one_checksum() { sum="SKIP" ;; *) - if [[ $netfile != *.@(sig?(n)|asc) ]]; then + if [[ ${netfile%%::*} != *.@(sig?(n)|asc) ]]; then local file file="$(get_filepath "$netfile")" || missing_source_file "$netfile" sum="$("${integ}sum" "$file")" |