On 01/03/2017 12:22 AM, Allan McRae wrote:
Needs documentation added. e.g. can the query string occur anywhere relative to the fragment?
I wrote it so it should work either way, #fragment?query or ?query#fragment -- should we prefer one over the other? For documentation: just add a new paragraph in PKGBUILD.5 under "USING VCS SOURCES" (and tweak the wording to fit)?
I'm guessing other modern VCS tools can have signatures verified too?
I would be pleasantly surprised if that were true. AFAIK only git and mercurial can really be considered a "modern VCS", and it seems mercurial can only do this via an optional thirdparty plugin (commitsigs) or separately track a file containing signed hashes -- one extra commit per signature -- via an optional builtin plugin (gpg). Either one requires, in true mercurial fashion, explicitly enabling via .hgrc. And using the non-thirdparty plugin is apparently recommended against for what I imagine are obvious reasons.
This function will become a mess when they are included. Please split out git and standard file verification to their own functions called within this one.
When? Or if? Would it even be reasonable to try implementing Mercurial signature verification? If not, does it still make sense to split out the git verification from file verification? Anyway, that case statement is VCS-agnostic, except for the check to make sure we are using a (supported) VCS, and the fallthrough. Although maybe the fallthrough should be handled when expanding the variable later on? I'll look at splitting each sourcetype into functions to generate the statusfile though, since there is already a bit of unpleasantly convoluted logic there. -- Eli Schwartz