Loui Chang wrote:
On Thu 29 Oct 2009 14:40 +1000, Allan McRae wrote:
Jeff wrote:
Patch [1] extends the --skipinteg option allow the generation of a source tarball without requiring the checking of the integrity checks
You've given the what, but what is the why? If the source integrity is flawed, then the generated source package is flawed. This seems like something that should be safeguarded against, IMO.
I can come up with two use cases:
1) making a PKGBUILD for a snapshot release that is always accessible from some sort of LATEST release directory symlink. Many projects use something like that. That way the PKGBUILD does not need updated every time a snapshot is release. While it may be argued that it is better to use a svn/cvs/git/etc PKGBUILD, in many cases the snapshots are generally sanity checked before release.
2) This happens to me occasionally. Someone sends me a PKGBUILD they can not get working. I see an obvious error, fix it and send the PKGBUILD back saying "try this" because I really do not want to download the sources/dependencies to check myself.
In both cases if you could omit checksums and makepkg could interpret that as "the packager doesn't really care about integrity, skip checks".
In case 2, why would I delete the checksums that are correct and supplied just because I do not want to download the source to check them?
It could print a warning, and you don't need another fancy flag.
Note it is not another fancy flag. It is a reuse of an already implemented flag. And that suggestion would mean that instead of the current error on no integrity checks, makepkg would instead just print a warning (which is as good as being silent early in the build process). My patch, keeps that error and the user has to go out of their way to use --skipinteg. You would not type this unless you had a reason, so in the vast, vast majority of cases, the integrity checks will be performed. Allan