[pacman-dev] [PATCH] makepkg: more control of skipping integrity checks

Sat, 16 Jul 2011 05:56:05 -0700 

Allows the skipping of all integrity checks (checksum and PGP) or
either the checksum or PGP checks individually.

Original-patch-by: Wieland Hoffman <[email protected]>
Signed-off-by: Allan McRae <[email protected]>
---
 doc/makepkg.8.txt     |    7 +++++--
 scripts/makepkg.sh.in |   44 +++++++++++++++++++++++++++++++-------------
 2 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/doc/makepkg.8.txt b/doc/makepkg.8.txt
index 57c1f89..34cecdc 100644
--- a/doc/makepkg.8.txt
+++ b/doc/makepkg.8.txt
@@ -85,10 +85,13 @@ Options
        using "`makepkg -g >> PKGBUILD`".
 
 *--skipinteg*::
-       Do not perform any integrity checks, just print a warning instead.
+       Do not perform any integrity checks (checksum and PGP) on source files.
+
+*\--skipchecksums*::
+       Do not verify checksums of source files.
 
 *\--skippgpcheck*::
-       Do not verify PGP signatures of the source files.
+       Do not verify PGP signatures of source files.
 
 *-h, \--help*::
        Output syntax and command line options.
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index cbd9314..16c4400 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -56,7 +56,7 @@ DEP_BIN=0
 FORCE=0
 INFAKEROOT=0
 GENINTEG=0
-SKIPINTEG=0
+SKIPCHECKSUMS=0
 SKIPPGPCHECK=0
 INSTALL=0
 NOBUILD=0
@@ -630,6 +630,7 @@ generate_checksums() {
 }
 
 check_checksums() {
+       (( SKIPCHECKSUMS )) && return 0
        (( ! ${#source[@]} )) && return 0
 
        local correlation=0
@@ -1567,7 +1568,7 @@ check_software() {
        fi
 
        # openssl - checksum operations
-       if (( ! SKIPINTEG )); then
+       if (( ! SKIPCHECKSUMS )); then
                if ! type -p openssl >/dev/null; then
                        error "$(gettext "Cannot find the %s binary required 
for validating sourcefile checksums.")" "openssl"
                        ret=1
@@ -1802,7 +1803,8 @@ usage() {
        echo "$(gettext "  --nosign         Do not create a signature for the 
package")"
        echo "$(gettext "  --pkg <list>     Only build listed packages from a 
split package")"
        printf "$(gettext "  --sign           Sign the resulting package with 
%s")\n" "gpg"
-       echo "$(gettext "  --skipinteg      Do not fail when integrity checks 
are missing")"
+       echo "$(gettext "  --skipchecksums  Do not verify checksums of the 
source files")"
+       echo "$(gettext "  --skipinteg      Do not perform any verification 
checks on source files")"
        echo "$(gettext "  --skippgpcheck   Do not verify source files with pgp 
signatures")"
        echo "$(gettext "  --source         Generate a source-only tarball 
without downloaded sources")"
        echo
@@ -1840,7 +1842,9 @@ OPT_SHORT="AcdefFghiLmop:rRsV"
 OPT_LONG="allsource,asroot,ignorearch,check,clean,nodeps"
 OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver,skippgpcheck"
 OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps"
-OPT_LONG+=",repackage,skipinteg,skippgpcheck,sign,source,syncdeps,version,config:"
+OPT_LONG+=",repackage,skipchecksums,skipinteg,skippgpcheck,sign,source,syncdeps"
+OPT_LONG+=",version,config:"
+
 # Pacman Options
 OPT_LONG+=",noconfirm,noprogressbar"
 if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
@@ -1881,7 +1885,8 @@ while true; do
                --pkg)            shift; PKGLIST=($1) ;;
                -r|--rmdeps)      RMDEPS=1 ;;
                -R|--repackage)   REPKG=1 ;;
-               --skipinteg)      SKIPINTEG=1 ;;
+               --skipchecksums)  SKIPCHECKSUMS=1 ;;
+               --skipinteg)      SKIPCHECKSUMS=1; SKIPPGPCHECK=1 ;;
                --skippgpcheck)   SKIPPGPCHECK=1;;
                --sign)           SIGNPKG='y' ;;
                --source)         SOURCEONLY=1 ;;
@@ -2204,15 +2209,22 @@ if (( SOURCEONLY )); then
        mkdir -p "$srcdir"
        chmod a-s "$srcdir"
        cd "$srcdir"
-       if (( ! SKIPINTEG || SOURCEONLY == 2 )); then
+       if ( (( ! SKIPCHECKSUMS )) || \
+                       ( (( ! SKIPPGPCHECK )) && source_has_signatures ) ) || \
+                       (( SOURCEONLY == 2 )); then
                download_sources
        fi
-       if (( ! SKIPINTEG )); then
-               # We can only check checksums if we have all files.
-               check_checksums
+       if (( SKIPCHECKSUMS && SKIPPGPCHECK )); then
+               warning "$(gettext "Skipping all source file integrity 
checks.")"
+       elif (( SKIPCHECKSUMS )); then
+               warning "$(gettext "Skipping verification of source file 
checksums.")"
                check_pgpsigs
+       elif (( SKIPPGPCHECK )); then
+               warning "$(gettext "Skipping verification of source file PGP 
signatures.")"
+               check_checksums
        else
-               warning "$(gettext "Skipping integrity checks.")"
+               check_checksums
+               check_pgpsigs
        fi
        cd "$startdir"
 
@@ -2287,11 +2299,17 @@ elif (( REPKG )); then
        fi
 else
        download_sources
-       if (( ! SKIPINTEG )); then
-               check_checksums
+       if (( SKIPCHECKSUMS && SKIPPGPCHECK )); then
+               warning "$(gettext "Skipping all source file integrity 
checks.")"
+       elif (( SKIPCHECKSUMS )); then
+               warning "$(gettext "Skipping verification of source file 
checksums.")"
                check_pgpsigs
+       elif (( SKIPPGPCHECK )); then
+               warning "$(gettext "Skipping verification of source file PGP 
signatures.")"
+               check_checksums
        else
-               warning "$(gettext "Skipping integrity checks.")"
+               check_checksums
+               check_pgpsigs
        fi
        extract_sources
 fi
-- 
1.7.6

Reply via email to