[pacman-dev] [PATCH] libmakepkg/integrity: determine what is a signature preferring local filename
Checking the file extension to determine if something is a signature is
currently done in three places:
- verify_file_signature: uses $file to print status, reuses it for
comparison
- source_has_signatures: uses $netfile, but removes url component if
filename component exists
- generate_one_checksum: uses $netfile and fails to detect renamed files
This leads to inconsistent behavior when trying to use a signature of
the form "foo-1.0.tar.gz.asc::https://example.com/foo-1.0.tar.gz.pgp"
Fix this by treating the third case like the second case.
Reported-by: Giancarlo Razzolini
participants (1)
-
Eli Schwartz