[pacman-dev] [PATCH] makepkg: check all integrity sums found in the PKGBUILD
Currently we use the INTEGRITY_CHECK array from makepkg.conf to limit both
the integrity sums generated and checked. It doesn't make a whole lot of
sense to ignore integrity sums that are present in a PKGBUILD, so this patch
will enable checking any that are available, but will only print a warning
about missing sums for those types found in INTEGRITY_CHECK.
It also adds a slight optimization of checking for openssl- we only need to
check once now because we use the same program for all checks.
Signed-off-by: Dan McGee
On Sat, Aug 23, 2008 at 5:21 PM, Dan McGee
Currently we use the INTEGRITY_CHECK array from makepkg.conf to limit both the integrity sums generated and checked. It doesn't make a whole lot of sense to ignore integrity sums that are present in a PKGBUILD, so this patch will enable checking any that are available, but will only print a warning about missing sums for those types found in INTEGRITY_CHECK.
It also adds a slight optimization of checking for openssl- we only need to check once now because we use the same program for all checks.
Sounds good to me. I think the warning about missing sums could be even printed in any cases, but I understand the point of view that you only care about the ones specified in INTEGRITY_CHECK so it seems good (and closer to the old behavior).
On Sat, Aug 23, 2008 at 12:55 PM, Xavier
On Sat, Aug 23, 2008 at 5:21 PM, Dan McGee
wrote: Currently we use the INTEGRITY_CHECK array from makepkg.conf to limit both the integrity sums generated and checked. It doesn't make a whole lot of sense to ignore integrity sums that are present in a PKGBUILD, so this patch will enable checking any that are available, but will only print a warning about missing sums for those types found in INTEGRITY_CHECK.
It also adds a slight optimization of checking for openssl- we only need to check once now because we use the same program for all checks.
Sounds good to me. I think the warning about missing sums could be even printed in any cases, but I understand the point of view that you only care about the ones specified in INTEGRITY_CHECK so it seems good (and closer to the old behavior).
I figured 6 warnings, and especially the one about missing sha384 sums, would piss off a few too many people, so I decided to add this little check in. :) -Dan
On Sat, Aug 23, 2008 at 7:58 PM, Dan McGee
I figured 6 warnings, and especially the one about missing sha384 sums, would piss off a few too many people, so I decided to add this little check in. :)
Oops, I misunderstood the code. I thought the warning happened only when sha384 sums were defined, but incomplete. I just realized the warning would be there even if sha384 array was not defined at all. So indeed, in this case that little check is very welcome.
participants (3)
-
Dan McGee
-
Dan McGee
-
Xavier