Date: Sunday, May 29, 2022 @ 18:45:00
Author: diabonas
Revision: 1214769
Pin the hash of the tag object instead of the tag name for git sources
Tags can be force pushed upstream, so relying on the tag name is not enough to
guarantee integrity of the sources. Instead we can pin the SHA-1 hash of the
tag object (obtained using "git rev-parse"), which would change in the event of
a force push.
Also add a pkgver() function to avoid accidentally bumping only $pkgver instead
of updating $_tag.
Modified:
python-aiohttp-socks/trunk/PKGBUILD
shim/trunk/PKGBUILD
-------------------------------------+
python-aiohttp-socks/trunk/PKGBUILD | 8 +++++++-
shim/trunk/PKGBUILD | 8 +++++++-
2 files changed, 14 insertions(+), 2 deletions(-)
Modified: python-aiohttp-socks/trunk/PKGBUILD
===================================================================
--- python-aiohttp-socks/trunk/PKGBUILD 2022-05-29 16:29:47 UTC (rev 1214768)
+++ python-aiohttp-socks/trunk/PKGBUILD 2022-05-29 18:45:00 UTC (rev 1214769)
@@ -3,6 +3,7 @@
pkgname=python-aiohttp-socks
pkgver=0.7.1
+_tag=db40abf65b3ad12debb2d18178f614fef904b5e3 # git rev-parse "v$pkgver"
pkgrel=4
pkgdesc="SOCKS proxy connector for aiohttp. SOCKS4(a) and SOCKS5 are
supported."
arch=('any')
@@ -11,10 +12,15 @@
depends=('python' 'python-aiohttp' 'python-attrs' 'python-async-timeout'
'python-python-socks')
makedepends=('git' 'python-build' 'python-installer' 'python-setuptools'
'python-wheel')
checkdepends=('python-flask' 'python-pytest' 'python-pytest-asyncio')
-source=("git+https://github.com/romis2012/aiohttp-socks?signed#tag=v${pkgver}";)
+source=("git+https://github.com/romis2012/aiohttp-socks.git?signed#tag=$_tag";)
sha256sums=('SKIP')
validpgpkeys=('706A8935FED55F3BFB7C188B5EEAD7400A5D80ED') # Roman Snegirev
(maintainer)
+pkgver() {
+ cd "${pkgname//python-}"
+ git describe | sed 's/^v//;s/\([^-]*-\)g/r\1/;s/-/./g'
+}
+
build() {
cd "${pkgname//python-}"
python -m build --wheel --no-isolation
Modified: shim/trunk/PKGBUILD
===================================================================
--- shim/trunk/PKGBUILD 2022-05-29 16:29:47 UTC (rev 1214768)
+++ shim/trunk/PKGBUILD 2022-05-29 18:45:00 UTC (rev 1214769)
@@ -3,6 +3,7 @@
pkgname=shim
pkgver=15.5
+_tag=42861bd4b746dca066dfedbd72e83ffc2ba29265 # git rev-parse "$pkgver"
pkgrel=1
pkgdesc="EFI preloader (unsigned EFI binaries)"
arch=('any')
@@ -10,7 +11,7 @@
license=('BSD')
makedepends=('git')
checkdepends=('efivar' 'xxd')
-source=("git+https://github.com/rhboot/shim.git#tag=${pkgver}?signed";
+source=("git+https://github.com/rhboot/shim.git?signed#tag=$_tag";
'rhboot-gnu-efi::git+https://github.com/rhboot/gnu-efi.git')
md5sums=('SKIP'
'SKIP')
@@ -17,6 +18,11 @@
validpgpkeys=('B00B48BC731AA8840FED9FB0EED266B70F4FEF10' # Peter Jones
<[email protected]>
'039A9CEA19DE9508C36875AA2532F9176A95A442') # Robbie Harwood
(work) <[email protected]>
+pkgver() {
+ cd "$pkgname"
+ git describe | sed 's/\([^-]*-\)g/r\1/;s/-/./g'
+}
+
prepare() {
cd "$pkgname"
git submodule init
