Hi,
I just came across the so hated problems with Signatures, but this
time I took a few seconds to try to fix it.
FileHash breaks when SignProgram can't resolve symlinks, a situation
which happens (more frequently) when we run SignProgram against a
tarball. In this situation, the non-signed package is not uncompressed
to /Programs, but in a temporary place instead, such as /tmp/Foo.
There, symlinks such as "/tmp/Foo/Version/lib/something ->
/Programs/Foo/Version/lib/something_else" will be all broken, as the
package is not in /Programs. SignProgram silently/smartly ignores
these broken symlinks and don't include them in the FileHash.
Later on, when we uncompress the package in /Programs, the symlink
will point to a valid target, but then VerifyProgram will argue that a
new file was found at /Programs/Foo/Version which is not in the
FileHash.
An obvious fix is to simply ignore the errors if the offending file is
a symlink, as proposed in this patch. Is it ok to commit this, or do
you want to think in a more elaborated solution? (I'm ok with this
one)
Lucas
--- File (revision 3311)
+++ File (working copy)
@@ -282,8 +282,9 @@
print line, 'has been modified!'
errors+=1
except:
- print line, 'not found in hashfile'
- errors+=1
+ if not os.path.islink(line):
+ print line, 'not found in hashfile'
+ errors+=1
for missing in file_checksums:
print missing, 'is missing'
_______________________________________________
gobolinux-devel mailing list
gobolinux-devel@lists.gobolinux.org
http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
