Checking the file extension to determine if something is a signature is currently done in three places: - verify_file_signature: uses $file to print status, reuses it for comparison - source_has_signatures: uses $netfile, but removes url component if filename component exists - generate_one_checksum: uses $netfile and fails to detect renamed files This leads to inconsistent behavior when trying to use a signature of the form "foo-1.0.tar.gz.asc::https://example.com/foo-1.0.tar.gz.pgp" Fix this by treating the third case like the second case. Reported-by: Giancarlo Razzolini <grazzolini@archlinux.org> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> --- I wasn't sure at first if this was worth refactoring into a utility function, but it does seem to small to bother. scripts/libmakepkg/integrity/generate_checksum.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/libmakepkg/integrity/generate_checksum.sh.in b/scripts/libmakepkg/integrity/generate_checksum.sh.in index fdee0d72..eb9b74fc 100644 --- a/scripts/libmakepkg/integrity/generate_checksum.sh.in +++ b/scripts/libmakepkg/integrity/generate_checksum.sh.in @@ -56,7 +56,7 @@ generate_one_checksum() { sum="SKIP" ;; *) - if [[ $netfile != *.@(sig?(n)|asc) ]]; then + if [[ ${netfile%%::*} != *.@(sig?(n)|asc) ]]; then local file file="$(get_filepath "$netfile")" || missing_source_file "$netfile" sum="$("${integ}sum" "$file")" -- 2.17.0