Currently we use the INTEGRITY_CHECK array from makepkg.conf to limit both the integrity sums generated and checked. It doesn't make a whole lot of sense to ignore integrity sums that are present in a PKGBUILD, so this patch will enable checking any that are available, but will only print a warning about missing sums for those types found in INTEGRITY_CHECK. It also adds a slight optimization of checking for openssl- we only need to check once now because we use the same program for all checks. Signed-off-by: Dan McGee --- scripts/makepkg.sh.in | 38 ++++++++++++++++++-------------------- 1 files changed, 18 insertions(+), 20 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index d641cbb..f6136ba 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -463,6 +463,11 @@ generate_checksums() { msg "$(gettext "Generating checksums for source files...")" plain "" + if [ ! $(type -p openssl) ]; then + error "$(gettext "Cannot find openssl.")" + exit 1 # $E_MISSING_PROGRAM + fi + local integ for integ in ${INTEGRITY_CHECK[@]}; do integ="$(echo $integ | tr '[:upper:]' '[:lower:]')" @@ -473,11 +478,6 @@ generate_checksums() { exit 1;; # $E_CONFIG_ERROR esac - if [ ! $(type -p openssl) ]; then - error "$(gettext "Cannot find openssl.")" - exit 1 # $E_MISSING_PROGRAM - fi - local ct=0 local numsrc=${#source[@]} echo -n "${integ}sums=(" @@ -515,21 +515,13 @@ generate_checksums() { } check_checksums() { - local integ - for integ in ${INTEGRITY_CHECK[@]}; do - integ="$(echo $integ | tr '[:upper:]' '[:lower:]')" - case "$integ" in - md5|sha1|sha256|sha384|sha512) : ;; - *) - error "$(gettext "Invalid integrity algorithm '%s' specified")" "$integ" - exit 1;; # $E_CONFIG_ERROR - esac - - if [ ! $(type -p openssl) ]; then - error "$(gettext "Cannot find openssl.")" - exit 1 # $E_MISSING_PROGRAM - fi + if [ ! $(type -p openssl) ]; then + error "$(gettext "Cannot find openssl.")" + exit 1 # $E_MISSING_PROGRAM + fi + local integ required + for integ in md5 sha1 sha256 sha384 sha512; do local integrity_sums=($(eval echo "\${${integ}sums[@]}")) if [ ${#integrity_sums[@]} -eq ${#source[@]} ]; then msg "$(gettext "Validating source files with %s...")" "${integ}sums" @@ -567,7 +559,13 @@ check_checksums() { exit 1 # TODO: error code fi else - warning "$(gettext "Integrity checks (%s) are missing or incomplete.")" "$integ" + for required in ${INTEGRITY_CHECK[@]}; do + required="$(echo $required | tr '[:upper:]' '[:lower:]')" + if [ "$integ" = "$required" ]; then + warning "$(gettext "Integrity checks (%s) are missing or incomplete.")" "$integ" + break + fi + done fi done } -- 1.6.0