On 04/29/2018 06:28 AM, Allan McRae wrote:
On 04/04/18 07:50, Eli Schwartz wrote:
--verifysource is often used to validate the PKGBUILD before uploading to the AUR, but currently there is no way to trivially check all sources. By default we don't check sources we won't use, because it forces downloading those sources, but in certain cases the user might need to check them regardless...
We looked at this when architecture dependent sources were added and many or even most packages with architecture independent sources have sources with the same filename from a different source path, or change the source to have the same filename to make the rest of the PKGBUILD easier. So that was not implemented.
As mentioned on IRC, this means --allsource is broken too, as we use download_sources allarch followed by check_source_integrity all. In fact, now I remember part of why I wanted this patch implemented, is because the alternative which *works today* is to use --allsource, then discard the source package. We at least need to be consistent here. My $0.02: people who change the filename to use the same filename on all arches, should use $CARCH in their build/package functions instead, and name the files something CARCH-dependent if it isn't that way by default. Extracted archives don't even need to worry about this, as they will presumably use the extracted paths which are identical in $srcdir regardless of the tarball filename in $SRCDEST! -- Eli Schwartz Bug Wrangler and Trusted User