Hi On Sat, Jul 18, 2015 at 1:04 PM, Gaetan Bisson <[email protected]> wrote: > Hi, > > As more of our official packages use git sources, I'd like to suggest we > always enforce some kind of checksum verification. More specifically, > I'd like us to avoid using straightforward source arrays such as: > > source=("git://github.com/systemd/systemd.git#tag=v$pkgver") > md5sums=('SKIP') > > Instead I suggest we use the full commit hash. In the example above, > that'd become something like: > > _commit=9a50ce20ef60263a6c88c29470ce761fcc424f2d > source=("git://github.com/systemd/systemd.git#commit=$_commit") > md5sums=('SKIP')
Would it be better to improve *sums=() function to work with directories? This will also help svn/hg based packages. A simple solution is to tar whole directory and then calculate the checksum: tar -c $DIR | md5sum > > Does that sound like a good idea? > > -- > Gaetan
