[arch-projects] [namcap] [PATCH 2/2] add support for new checksum algorithm in pacman-git

11 Apr 2019

It is now possible to use b2sums to verify file integrity. See
https://git.archlinux.org/pacman.git/commit/?id=e03752e6adc86cbb4cb4f52a38f6...

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
---
 Namcap/rules/arrays.py      | 9 +++++----
 Namcap/rules/extravars.py   | 9 +++++----
 Namcap/rules/missingvars.py | 6 +++---
 parsepkgbuild.sh            | 2 +-
 4 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/Namcap/rules/arrays.py b/Namcap/rules/arrays.py
index 5ca33cc..f841ca1 100644
--- a/Namcap/rules/arrays.py
+++ b/Namcap/rules/arrays.py
@@ -1,7 +1,7 @@
-# 
+#
 # namcap rules - array
 # Copyright (C) 2003-2009 Jesse Young <jesseyoung@gmail.com>
-# 
+#
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
 #   the Free Software Foundation; either version 2 of the License, or
@@ -15,7 +15,7 @@
 #   You should have received a copy of the GNU General Public License
 #   along with this program; if not, write to the Free Software
 #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-# 
+#
 
 """Verifies that array variables are actually arrays"""
 
@@ -29,7 +29,8 @@ class package(PkgbuildRule):
 		arrayvars = ['arch', 'license', 'groups', 'depends', 'makedepends',
 			 'optdepends', 'checkdepends', 'provides', 'conflicts', 'replaces',
 			 'backup', 'options', 'source', 'noextract', 'md5sums', 'sha1sums',
-			 'sha224sums', 'sha256sums', 'sha384sums', 'sha512sums', 'validpgpkeys']
+			 'sha224sums', 'sha256sums', 'sha384sums', 'sha512sums', 'b2sums',
+			 'validpgpkeys']
 		for i in pkginfo.pkgbuild:
 			m = re.match('\s*(.*)\s*=\s*(.*)$', i)
 			for j in arrayvars:
diff --git a/Namcap/rules/extravars.py b/Namcap/rules/extravars.py
index 81084f8..bea575a 100644
--- a/Namcap/rules/extravars.py
+++ b/Namcap/rules/extravars.py
@@ -1,7 +1,7 @@
-# 
+#
 # namcap rules - extravars
 # Copyright (C) 2003-2009 Jesse Young <jesseyoung@gmail.com>
-# 
+#
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
 #   the Free Software Foundation; either version 2 of the License, or
@@ -15,7 +15,7 @@
 #   You should have received a copy of the GNU General Public License
 #   along with this program; if not, write to the Free Software
 #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-# 
+#
 
 from itertools import product
 from Namcap.ruleclass import *
@@ -26,7 +26,8 @@ class package(PkgbuildRule):
 	def analyze(self, pkginfo, tar):
 		carch_vars = ['checkdepends', 'conflicts', 'depends', 'makedepends',
 				 'optdepends', 'provides', 'replaces', 'source', 'md5sums',
-				 'sha224sums', 'sha1sums', 'sha256sums', 'sha384sums', 'sha512sums']
+				 'sha224sums', 'sha1sums', 'sha256sums', 'sha384sums',
+				 'sha512sums', 'b2sums']
 		stdvars = ['arch', 'license', 'backup', 'noextract', 'pkgname',
 				 'pkgbase', 'pkgver', 'pkgrel', 'epoch', 'pkgdesc', 'groups',
 				 'url', 'install', 'changelog',
diff --git a/Namcap/rules/missingvars.py b/Namcap/rules/missingvars.py
index 25445e2..5814037 100644
--- a/Namcap/rules/missingvars.py
+++ b/Namcap/rules/missingvars.py
@@ -3,7 +3,7 @@
 # namcap rules - missingvars
 # Copyright (C) 2003-2009 Jason Chu <jason@archlinux.org>
 # Copyright (C) 2011 Rémy Oudompheng <remy@archlinux.org>
-# 
+#
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
 #   the Free Software Foundation; either version 2 of the License, or
@@ -17,7 +17,7 @@
 #   You should have received a copy of the GNU General Public License
 #   along with this program; if not, write to the Free Software
 #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-# 
+#
 
 """Checks for missing variables in PKGBUILD"""
 
@@ -30,7 +30,7 @@ class ChecksumsRule(PkgbuildRule):
 	name = "checksums"
 	description = "Verifies checksums are included in a PKGBUILD"
 	def analyze(self, pkginfo, tar):
-		checksums=[('md5', 32), ('sha1', 40), ('sha224', 56), ('sha256', 64), ('sha384', 96), ('sha512', 128)]
+		checksums=[('md5', 32), ('sha1', 40), ('sha224', 56), ('sha256', 64), ('sha384', 96), ('sha512', 128), ('b2', 128)]
 
 		if "source" in pkginfo:
 			haschecksums = False
diff --git a/parsepkgbuild.sh b/parsepkgbuild.sh
index 66cea40..4ac996a 100644
--- a/parsepkgbuild.sh
+++ b/parsepkgbuild.sh
@@ -21,7 +21,7 @@ fi
 
 meta_keys=(groups url license arch builddate packager replaces force depends
            makedepends optdepends conflicts provides backup options source
-		   validpgpkeys {md5,sha{1,224,256,384,512}}sums install)
+		   validpgpkeys {md5,sha{1,224,256,384,512},b2}sums install)
 for key in "${meta_keys[@]}"; do
 	arr="$key[@]"
 	if [[ -n ${!key} ]]; then
-- 
2.21.0

    