[pacman-dev] [PATCH] makepkg: check all integrity sums found in the PKGBUILD

Sat Aug 23 11:21:19 EDT 2008

Currently we use the INTEGRITY_CHECK array from makepkg.conf to limit both
the integrity sums generated and checked. It doesn't make a whole lot of
sense to ignore integrity sums that are present in a PKGBUILD, so this patch
will enable checking any that are available, but will only print a warning
about missing sums for those types found in INTEGRITY_CHECK.

It also adds a slight optimization of checking for openssl- we only need to
check once now because we use the same program for all checks.

Signed-off-by: Dan McGee <dan at archlinux.org>
---
 scripts/makepkg.sh.in |   38 ++++++++++++++++++--------------------
 1 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index d641cbb..f6136ba 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -463,6 +463,11 @@ generate_checksums() {
 	msg "$(gettext "Generating checksums for source files...")"
 	plain ""
 
+	if [ ! $(type -p openssl) ]; then
+		error "$(gettext "Cannot find openssl.")"
+		exit 1 # $E_MISSING_PROGRAM
+	fi
+
 	local integ
 	for integ in ${INTEGRITY_CHECK[@]}; do
 		integ="$(echo $integ | tr '[:upper:]' '[:lower:]')"
@@ -473,11 +478,6 @@ generate_checksums() {
 				exit 1;; # $E_CONFIG_ERROR
 		esac
 
-		if [ ! $(type -p openssl) ]; then
-			error "$(gettext "Cannot find openssl.")"
-			exit 1 # $E_MISSING_PROGRAM
-		fi
-
 		local ct=0
 		local numsrc=${#source[@]}
 		echo -n "${integ}sums=("
@@ -515,21 +515,13 @@ generate_checksums() {
 }
 
 check_checksums() {
-	local integ
-	for integ in ${INTEGRITY_CHECK[@]}; do
-		integ="$(echo $integ | tr '[:upper:]' '[:lower:]')"
-		case "$integ" in
-			md5|sha1|sha256|sha384|sha512) : ;;
-			*)
-				error "$(gettext "Invalid integrity algorithm '%s' specified")" "$integ"
-				exit 1;; # $E_CONFIG_ERROR
-		esac
-
-		if [ ! $(type -p openssl) ]; then
-			error "$(gettext "Cannot find openssl.")"
-			exit 1 # $E_MISSING_PROGRAM
-		fi
+	if [ ! $(type -p openssl) ]; then
+		error "$(gettext "Cannot find openssl.")"
+		exit 1 # $E_MISSING_PROGRAM
+	fi
 
+	local integ required
+	for integ in md5 sha1 sha256 sha384 sha512; do
 		local integrity_sums=($(eval echo "\${${integ}sums[@]}"))
 		if [ ${#integrity_sums[@]} -eq ${#source[@]} ]; then
 			msg "$(gettext "Validating source files with %s...")" "${integ}sums"
@@ -567,7 +559,13 @@ check_checksums() {
 				exit 1 # TODO: error code
 			fi
 		else
-			warning "$(gettext "Integrity checks (%s) are missing or incomplete.")" "$integ"
+			for required in ${INTEGRITY_CHECK[@]}; do
+				required="$(echo $required | tr '[:upper:]' '[:lower:]')"
+				if [ "$integ" = "$required" ]; then
+					warning "$(gettext "Integrity checks (%s) are missing or incomplete.")" "$integ"
+					break
+				fi
+			done
 		fi
 	done
 }
-- 
1.6.0


