[pacman-dev] [PATCH] makepkg: rework --skip-integ
Dan McGee
dpmcgee at gmail.com
Sun Oct 11 19:01:53 EDT 2009
On Sun, Oct 11, 2009 at 5:35 PM, Allan McRae <allan at archlinux.org> wrote:
> Loui Chang wrote:
>>
>> On Sun 11 Oct 2009 11:14 -0500, Dan McGee wrote:
>>
>>>
>>> On Sun, Oct 11, 2009 at 7:57 AM, Allan McRae <allan at archlinux.org> wrote:
>>>
>>>>
>>>> Dan McGee wrote:
>>>>
>>>>>
>>>>> On Sun, Oct 11, 2009 at 6:59 AM, Allan McRae <allan at archlinux.org>
>>>>> wrote:
>>>>>
>>>>>
>>>>>>
>>>>>> The current --skip-integ isa bit weird. It does not skip integrity
>>>>>> checks, but instead does them and prints a warning. Change this
>>>>>> behaviour to actually skipping the checks.
>>>>>>
>>>>>>
>>>>>
>>>>> I (we?) did this on purpose; we didn't want to skip the following
>>>>> check:
>>>>>
>>>>> elif [ ${#integrity_sums[@]} -gt 0 ]; then
>>>>> error "$(gettext "Integrity checks (%s) differ in size from the
>>>>> source array.")" "$integ"
>>>>>
>>>>>
>>>>
>>>> That seems strange to me. If you are skipping integrity checks,
>>>> then do you really care if the array size is wrong?
>>>>
>>>
>>> I thought this point got brought up here and no one objected (and I
>>> agreed with Xavier, maybe offline somewhere):
>>> http://bugs.archlinux.org/task/15830
>>>
>>> Xavier: "I prefer Profjim's patch, except I would keep the error in
>>> case of incomplete (whats the point of letting an incomplete checksums
>>> array in a pkgbuild...)"
>>>
>>> The only change I really think makes sense is only allow --skip-integ
>>> if there are no checksum arrays at all; that way you can never produce
>>> an invalid source package; I would assume we shouldn't allow source
>>> package creation without integrity sums?
>>>
>>
>> Yeah that makes sense. If you didn't include checksums then makepkg
>> could assume that they aren't important. It shouldn't explicitly allow
>> creating invalid packages.
>>
>
> It seems a very strange name to me then... --skip-integ means do integrity
> checks but ignore the results when the actual integrity checks fails but not
> in the case where the array sizes are different? How is the array size
> being different any worse than a wrong checksum?
>
> Also, when did we start assuming people were stupid. If I use the
> --skip-integ option, then I know there are issues with my md5sums or I do
> not want to download the sources to check them. Either way, I have gone out
> of my way not to check them so I really do not want them checked.
I only assume people are stupid when they combine --skip-integ with
something that makes no sense. One of these (and I could even concede
this one) is when the *sum array is there but completely the wrong
size. I think my point here would make more sense if --skip-integ
really only worked for times when there were no checksums at all
present.
However the second reason is more serious. If you do --source
--skip-integ, that is a terrible decision. This is something that can
be given to someone else and they have *no idea* this is a completely
broken source package. To me, this is no better than a package with
missing dependencies, etc.
-Dan
More information about the pacman-dev
mailing list