[pacman-dev] [PATCH] makepkg: more control of skipping integrity checks
Allan McRae
allan at archlinux.org
Sat Jul 16 08:59:03 EDT 2011
Allows the skipping of all integrity checks (checksum and PGP) or
either the checksum or PGP checks individually.
Original-patch-by: Wieland Hoffman <theminew at googlemail.com>
Signed-off-by: Allan McRae <allan at archlinux.org>
---
doc/makepkg.8.txt | 7 +++++--
scripts/makepkg.sh.in | 44 +++++++++++++++++++++++++++++++-------------
2 files changed, 36 insertions(+), 15 deletions(-)
diff --git a/doc/makepkg.8.txt b/doc/makepkg.8.txt
index 57c1f89..34cecdc 100644
--- a/doc/makepkg.8.txt
+++ b/doc/makepkg.8.txt
@@ -85,10 +85,13 @@ Options
using "`makepkg -g >> PKGBUILD`".
*--skipinteg*::
- Do not perform any integrity checks, just print a warning instead.
+ Do not perform any integrity checks (checksum and PGP) on source files.
+
+*\--skipchecksums*::
+ Do not verify checksums of source files.
*\--skippgpcheck*::
- Do not verify PGP signatures of the source files.
+ Do not verify PGP signatures of source files.
*-h, \--help*::
Output syntax and command line options.
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index cbd9314..16c4400 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -56,7 +56,7 @@ DEP_BIN=0
FORCE=0
INFAKEROOT=0
GENINTEG=0
-SKIPINTEG=0
+SKIPCHECKSUMS=0
SKIPPGPCHECK=0
INSTALL=0
NOBUILD=0
@@ -630,6 +630,7 @@ generate_checksums() {
}
check_checksums() {
+ (( SKIPCHECKSUMS )) && return 0
(( ! ${#source[@]} )) && return 0
local correlation=0
@@ -1567,7 +1568,7 @@ check_software() {
fi
# openssl - checksum operations
- if (( ! SKIPINTEG )); then
+ if (( ! SKIPCHECKSUMS )); then
if ! type -p openssl >/dev/null; then
error "$(gettext "Cannot find the %s binary required for validating sourcefile checksums.")" "openssl"
ret=1
@@ -1802,7 +1803,8 @@ usage() {
echo "$(gettext " --nosign Do not create a signature for the package")"
echo "$(gettext " --pkg <list> Only build listed packages from a split package")"
printf "$(gettext " --sign Sign the resulting package with %s")\n" "gpg"
- echo "$(gettext " --skipinteg Do not fail when integrity checks are missing")"
+ echo "$(gettext " --skipchecksums Do not verify checksums of the source files")"
+ echo "$(gettext " --skipinteg Do not perform any verification checks on source files")"
echo "$(gettext " --skippgpcheck Do not verify source files with pgp signatures")"
echo "$(gettext " --source Generate a source-only tarball without downloaded sources")"
echo
@@ -1840,7 +1842,9 @@ OPT_SHORT="AcdefFghiLmop:rRsV"
OPT_LONG="allsource,asroot,ignorearch,check,clean,nodeps"
OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver,skippgpcheck"
OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps"
-OPT_LONG+=",repackage,skipinteg,skippgpcheck,sign,source,syncdeps,version,config:"
+OPT_LONG+=",repackage,skipchecksums,skipinteg,skippgpcheck,sign,source,syncdeps"
+OPT_LONG+=",version,config:"
+
# Pacman Options
OPT_LONG+=",noconfirm,noprogressbar"
if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
@@ -1881,7 +1885,8 @@ while true; do
--pkg) shift; PKGLIST=($1) ;;
-r|--rmdeps) RMDEPS=1 ;;
-R|--repackage) REPKG=1 ;;
- --skipinteg) SKIPINTEG=1 ;;
+ --skipchecksums) SKIPCHECKSUMS=1 ;;
+ --skipinteg) SKIPCHECKSUMS=1; SKIPPGPCHECK=1 ;;
--skippgpcheck) SKIPPGPCHECK=1;;
--sign) SIGNPKG='y' ;;
--source) SOURCEONLY=1 ;;
@@ -2204,15 +2209,22 @@ if (( SOURCEONLY )); then
mkdir -p "$srcdir"
chmod a-s "$srcdir"
cd "$srcdir"
- if (( ! SKIPINTEG || SOURCEONLY == 2 )); then
+ if ( (( ! SKIPCHECKSUMS )) || \
+ ( (( ! SKIPPGPCHECK )) && source_has_signatures ) ) || \
+ (( SOURCEONLY == 2 )); then
download_sources
fi
- if (( ! SKIPINTEG )); then
- # We can only check checksums if we have all files.
- check_checksums
+ if (( SKIPCHECKSUMS && SKIPPGPCHECK )); then
+ warning "$(gettext "Skipping all source file integrity checks.")"
+ elif (( SKIPCHECKSUMS )); then
+ warning "$(gettext "Skipping verification of source file checksums.")"
check_pgpsigs
+ elif (( SKIPPGPCHECK )); then
+ warning "$(gettext "Skipping verification of source file PGP signatures.")"
+ check_checksums
else
- warning "$(gettext "Skipping integrity checks.")"
+ check_checksums
+ check_pgpsigs
fi
cd "$startdir"
@@ -2287,11 +2299,17 @@ elif (( REPKG )); then
fi
else
download_sources
- if (( ! SKIPINTEG )); then
- check_checksums
+ if (( SKIPCHECKSUMS && SKIPPGPCHECK )); then
+ warning "$(gettext "Skipping all source file integrity checks.")"
+ elif (( SKIPCHECKSUMS )); then
+ warning "$(gettext "Skipping verification of source file checksums.")"
check_pgpsigs
+ elif (( SKIPPGPCHECK )); then
+ warning "$(gettext "Skipping verification of source file PGP signatures.")"
+ check_checksums
else
- warning "$(gettext "Skipping integrity checks.")"
+ check_checksums
+ check_pgpsigs
fi
extract_sources
fi
--
1.7.6
More information about the pacman-dev
mailing list