[pacman-dev] [PATCH] makepkg: Support kernel.org's PGP signature scheme
Thomas Bächler
thomas at archlinux.org
Thu Feb 27 17:52:30 EST 2014
Am 27.02.2014 22:33, schrieb Allan McRae:
>> - if ! gpg --quiet --batch --status-file "$statusfile" --verify "$file" "$sourcefile" 2> /dev/null; then
>> + case "$ext" in
>> + gz) decompress="gzip -c -d -f" ;;
>> + bz2) decompress="bzip2 -c -d -f" ;;
>> + xz) decompress="xz -c -d" ;;
>> + lrz) decompress="lrzip -q -d" ;;
>> + lzo) decompress="lzop -c -d -q" ;;
>> + Z) decompress="uncompress -c -f" ;;
>> + "") decompress="cat" ;;
>> + esac
>> +
>> + if ! cat "$sourcefile" | $decompress | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then
>
> Looks like an unnecessary cat there.
>
> if ! $decompress "$sourcefile" | gpg ...
I thought so too, but the manpage of 'lrzip' lacks all equivalents of a
'-c' option like gz, and it does not say what happens to the original
file. Everywhere else in makepkg, lrzip is only called with no filenames.
So, how exactly do you *know* that your variant won't do anything bad?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/pacman-dev/attachments/20140227/331ba171/attachment-0001.asc>
More information about the pacman-dev
mailing list