[pacman-dev] [PATCH v3 2/2] makepkg: Add --skipchecksums

[Wieland Hoffmann]

With two integrity check methods available (checksums and pgp
signatures) it should be possible to skip only one of them.
When checksums are disabled and the public key of one source file
signature is unknown, stop the build process.
---
 doc/makepkg.8.txt     |    3 +++
 scripts/makepkg.sh.in |    8 ++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/doc/makepkg.8.txt b/doc/makepkg.8.txt
index bc1ffc1..b032fd4 100644
--- a/doc/makepkg.8.txt
+++ b/doc/makepkg.8.txt
@@ -90,6 +90,9 @@ Options
 *\--skippgpcheck*::
 	Do not verify PGP signatures of the source files.
 
+*\--skipchecksums*::
+	Do not verify source files with checksums.
+
 *-h, \--help*::
 	Output syntax and command line options.
 
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 20ba431..b28c702 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -58,6 +58,7 @@ INFAKEROOT=0
 GENINTEG=0
 SKIPINTEG=0
 SKIPPGPCHECK=0
+SKIPCHECKSUMS=0
 INSTALL=0
 NOBUILD=0
 NODEPS=0
@@ -631,6 +632,7 @@ generate_checksums() {
 
 check_checksums() {
 	(( ! ${#source[@]} )) && return 0
+	(( SKIPCHECKSUMS )) && return 0
 
 	local correlation=0
 	local integ required
@@ -719,7 +721,7 @@ check_pgpsigs() {
 		if ! gpg --quiet --batch --status-file "$statusfile" --verify "$file" "$sourcefile" 2> /dev/null; then
 			if grep "NO_PUBKEY" "$statusfile" > /dev/null; then
 				echo "$(gettext "Warning: Unknown public key") $(awk '/NO_PUBKEY/ {print $3}' $statusfile)" >&2
-				warnings=1
+				(( SKIPCHECKSUMS )) && errors=1 || warnings=1
 			else
 				echo "$(gettext "FAILED")" >&2
 				errors=1
@@ -1802,6 +1804,7 @@ usage() {
 	printf "$(gettext "  --sign           Sign the resulting package with %s")\n" "gpg"
 	echo "$(gettext "  --skipinteg      Do not fail when integrity checks are missing")"
 	echo "$(gettext "  --skippgpcheck   Do not verify source files with pgp signatures")"
+	echo "$(gettext "  --skipchecksums  Do not verify source files with checksums")"
 	echo "$(gettext "  --source         Generate a source-only tarball without downloaded sources")"
 	echo
 	printf "$(gettext "These options can be passed to %s:")\n" "pacman"
@@ -1840,7 +1843,7 @@ OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver,skippgpcheck"
 OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps"
 OPT_LONG+=",repackage,skipinteg,sign,source,syncdeps,version,config:"
 # Pacman Options
-OPT_LONG+=",noconfirm,noprogressbar"
+OPT_LONG+=",noconfirm,noprogressbar,skipchecksums"
 OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@" || echo 'PARSE_OPTIONS FAILED')"
 if [[ $OPT_TEMP = *'PARSE_OPTIONS FAILED'* ]]; then
 	# This is a small hack to stop the script bailing with 'set -e'
@@ -1879,6 +1882,7 @@ while true; do
 		-o|--nobuild)     NOBUILD=1 ;;
 		-p)               shift; BUILDFILE=$1 ;;
 		--skippgpcheck)   SKIPPGPCHECK=1;;
+		--skipchecksums)  SKIPCHECKSUMS=1;;
 		--pkg)            shift; PKGLIST=($1) ;;
 		-r|--rmdeps)      RMDEPS=1 ;;
 		-R|--repackage)   REPKG=1 ;;
-- 
1.7.6