[pacman-dev] [PATCH] makepkg: properly correlate checksums for multiple sources
Previously, we used a single boolean value to determine correlation of sources to checksums. Since the introduction of arch-specific sources, this is no longer sufficient, as we must ensure that we have checksums for (potentially) multiple source arrays. This change inlines the logic of have_sources to build an associative array of source array names, unsetting them as we discover their checksums. The error condition then becomes a non-empty correlation array. Fixes: https://bugs.archlinux.org/task/43192 --- So, I wrote this patch this way because it presents an opportunity to actually call out in the "integrity checks missing" error, which arrays are missing checksum arrays. However, this of course necessitiates a string change. Is this something we want for maint, or should I submit a separate patch for master? scripts/makepkg.sh.in | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index ae8cf57..d53c39f 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1317,47 +1317,41 @@ verify_integrity_sums() { fi } -have_sources() { - local a - - (( ${#source[*]} )) && return 0 +check_checksums() { + local integ a + declare -A correlation + (( SKIPCHECKSUMS )) && return 0 + # Initialize a map which we'll use to verify that every source array has at + # least some kind of checksum array associated with it. + (( ${#source[*]} )) && correlation['source']=1 case $1 in all) for a in "${arch[@]}"; do - array_build _ source_"$a" && return 0 + array_build _ source_"$a" && correlation["source_$a"]=1 done ;; *) - array_build _ source_"$CARCH" && return 0 + array_build _ source_"$CARCH" && correlation["source_$CARCH"]=1 ;; esac - return 1 -} - -check_checksums() { - (( SKIPCHECKSUMS )) && return 0 - have_sources "$1" || return 0 - - local correlation=0 - local integ a for integ in "${known_hash_algos[@]}"; do - verify_integrity_sums "$integ" && correlation=1 + verify_integrity_sums "$integ" && unset "correlation[source]" case $1 in all) for a in "${arch[@]}"; do - verify_integrity_sums "$integ" "$a" && correlation=1 + verify_integrity_sums "$integ" "$a" && unset "correlation[source_$a]" done ;; *) - verify_integrity_sums "$integ" "$CARCH" && correlation=1 + verify_integrity_sums "$integ" "$CARCH" && unset "correlation[source_$CARCH]" ;; esac done - if (( ! correlation )); then + if (( ${#correlation[*]} )); then error "$(gettext "Integrity checks are missing.")" exit 1 # TODO: error code fi -- 2.2.1
On 24/12/14 01:57, Dave Reisner wrote:
Previously, we used a single boolean value to determine correlation of sources to checksums. Since the introduction of arch-specific sources, this is no longer sufficient, as we must ensure that we have checksums for (potentially) multiple source arrays.
This change inlines the logic of have_sources to build an associative array of source array names, unsetting them as we discover their checksums. The error condition then becomes a non-empty correlation array.
Fixes: https://bugs.archlinux.org/task/43192 --- So, I wrote this patch this way because it presents an opportunity to actually call out in the "integrity checks missing" error, which arrays are missing checksum arrays. However, this of course necessitiates a string change. Is this something we want for maint, or should I submit a separate patch for master?
This is fine for maint. String change can go to master. Allan
participants (2)
-
Allan McRae
-
Dave Reisner