Re: [pacman-dev] [PATCH v2] libmakepkg/integrity: use more shared functions to generate signatures

Sun, 17 Jun 2018 21:12:32 -0700 

On 06/12/2018 09:59 AM, Eli Schwartz wrote:
> The newly changed print_all_package_names function can iterate over the
> list of all package files that will be created; this avoids the need to
> independently recreate those filenames here.

But, if we accept my patch to let --ignorearch and --packagelist work
together, then people who *build* with --ignorearch will be generating
more filenames to loop through here.

> Additionally, since debug packages may not actually exist, check if the
> package file exists first. If the main package does not exist then
> makepkg will have aborted before now, so there is no need to
> special-case that here.

There's really no way to know if a debug package should exist once we
moved it out of fakeroot. So we try, secure in the knowledge that bigger
issues are at hand if the debug package fails to exist but there's a
cached one from a previous run, with the exact same arch and version.

But printing all arch package names here could result in accidentally
signing packages that were not generated at this time. Which is
something we don't want.

> Signed-off-by: Eli Schwartz <eschwa...@archlinux.org>
> ---
> 
> v2: forgot to use -r in read
> 
>  .../integrity/generate_signature.sh.in          | 17 ++---------------
>  1 file changed, 2 insertions(+), 15 deletions(-)
> 
> diff --git a/scripts/libmakepkg/integrity/generate_signature.sh.in 
> b/scripts/libmakepkg/integrity/generate_signature.sh.in
> index 442fe031..261b18f7 100644
> --- a/scripts/libmakepkg/integrity/generate_signature.sh.in
> +++ b/scripts/libmakepkg/integrity/generate_signature.sh.in
> @@ -50,25 +50,12 @@ create_package_signatures() {
>       if [[ $SIGNPKG != 'y' ]]; then
>               return 0
>       fi
> -     local pkg pkgarch pkg_file
> -     local fullver=$(get_full_version)
>  
>       msg "$(gettext "Signing package(s)...")"
>  
> -     for pkg in "${pkgname[@]}"; do
> -             pkgarch=$(get_pkg_arch $pkg)
> -             pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}"
> -
> -             create_signature "$pkg_file"
> -     done
> -
> -     # check if debug package needs a signature
> -     if ! check_option "debug" "y" || ! check_option "strip" "y"; then
> -             pkg=$pkgbase-@DEBUGSUFFIX@
> -             pkgarch=$(get_pkg_arch)
> -             pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}"
> +     print_all_package_names | while read -r pkg_file; do
>               if [[ -f $pkg_file ]]; then
>                       create_signature "$pkg_file"
>               fi
> -     fi
> +     done
>  }
> 


-- 
Eli Schwartz
Bug Wrangler and Trusted User

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to