[arch-commits] Commit in (python-aiohttp-socks/trunk/PKGBUILD shim/trunk/PKGBUILD)

Jonas Witschel diabonas at gemini.archlinux.org
Sun May 29 18:45:01 UTC 2022 

    Date: Sunday, May 29, 2022 @ 18:45:00
  Author: diabonas
Revision: 1214769

Pin the hash of the tag object instead of the tag name for git sources

Tags can be force pushed upstream, so relying on the tag name is not enough to
guarantee integrity of the sources. Instead we can pin the SHA-1 hash of the
tag object (obtained using "git rev-parse"), which would change in the event of
a force push.

Also add a pkgver() function to avoid accidentally bumping only $pkgver instead
of updating $_tag.

Modified:
  python-aiohttp-socks/trunk/PKGBUILD
  shim/trunk/PKGBUILD

-------------------------------------+
 python-aiohttp-socks/trunk/PKGBUILD |    8 +++++++-
 shim/trunk/PKGBUILD                 |    8 +++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

Modified: python-aiohttp-socks/trunk/PKGBUILD
===================================================================
--- python-aiohttp-socks/trunk/PKGBUILD	2022-05-29 16:29:47 UTC (rev 1214768)
+++ python-aiohttp-socks/trunk/PKGBUILD	2022-05-29 18:45:00 UTC (rev 1214769)
@@ -3,6 +3,7 @@
 
 pkgname=python-aiohttp-socks
 pkgver=0.7.1
+_tag=db40abf65b3ad12debb2d18178f614fef904b5e3 # git rev-parse "v$pkgver"
 pkgrel=4
 pkgdesc="SOCKS proxy connector for aiohttp. SOCKS4(a) and SOCKS5 are supported."
 arch=('any')
@@ -11,10 +12,15 @@
 depends=('python' 'python-aiohttp' 'python-attrs' 'python-async-timeout' 'python-python-socks')
 makedepends=('git' 'python-build' 'python-installer' 'python-setuptools' 'python-wheel')
 checkdepends=('python-flask' 'python-pytest' 'python-pytest-asyncio')
-source=("git+https://github.com/romis2012/aiohttp-socks?signed#tag=v${pkgver}")
+source=("git+https://github.com/romis2012/aiohttp-socks.git?signed#tag=$_tag")
 sha256sums=('SKIP')
 validpgpkeys=('706A8935FED55F3BFB7C188B5EEAD7400A5D80ED') # Roman Snegirev (maintainer)
 
+pkgver() {
+	cd "${pkgname//python-}"
+	git describe | sed 's/^v//;s/\([^-]*-\)g/r\1/;s/-/./g'
+}
+
 build() {
     cd "${pkgname//python-}"
     python -m build --wheel --no-isolation

Modified: shim/trunk/PKGBUILD
===================================================================
--- shim/trunk/PKGBUILD	2022-05-29 16:29:47 UTC (rev 1214768)
+++ shim/trunk/PKGBUILD	2022-05-29 18:45:00 UTC (rev 1214769)
@@ -3,6 +3,7 @@
 
 pkgname=shim
 pkgver=15.5
+_tag=42861bd4b746dca066dfedbd72e83ffc2ba29265 # git rev-parse "$pkgver"
 pkgrel=1
 pkgdesc="EFI preloader (unsigned EFI binaries)"
 arch=('any')
@@ -10,7 +11,7 @@
 license=('BSD')
 makedepends=('git')
 checkdepends=('efivar' 'xxd')
-source=("git+https://github.com/rhboot/shim.git#tag=${pkgver}?signed"
+source=("git+https://github.com/rhboot/shim.git?signed#tag=$_tag"
         'rhboot-gnu-efi::git+https://github.com/rhboot/gnu-efi.git')
 md5sums=('SKIP'
          'SKIP')
@@ -17,6 +18,11 @@
 validpgpkeys=('B00B48BC731AA8840FED9FB0EED266B70F4FEF10'  # Peter Jones <pjones at redhat.com>
               '039A9CEA19DE9508C36875AA2532F9176A95A442') # Robbie Harwood (work) <rharwood at fedoraproject.org>
 
+pkgver() {
+  cd "$pkgname"
+  git describe | sed 's/\([^-]*-\)g/r\1/;s/-/./g'
+}
+
 prepare() {
   cd "$pkgname"
   git submodule init

More information about the arch-commits mailing list