[pacman-dev] [PATCH] makepkg: Support kernel.org's PGP signature scheme
Martin Panter
vadmium+patch at gmail.com
Thu Feb 27 18:02:16 EST 2014
On 27 February 2014 22:52, Thomas Bächler <thomas at archlinux.org> wrote:
> Am 27.02.2014 22:33, schrieb Allan McRae:
>>> - if ! gpg --quiet --batch --status-file "$statusfile" --verify "$file" "$sourcefile" 2> /dev/null; then
>>> + case "$ext" in
>>> + gz) decompress="gzip -c -d -f" ;;
>>> + bz2) decompress="bzip2 -c -d -f" ;;
>>> + xz) decompress="xz -c -d" ;;
>>> + lrz) decompress="lrzip -q -d" ;;
>>> + lzo) decompress="lzop -c -d -q" ;;
>>> + Z) decompress="uncompress -c -f" ;;
>>> + "") decompress="cat" ;;
>>> + esac
>>> +
>>> + if ! cat "$sourcefile" | $decompress | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then
>>
>> Looks like an unnecessary cat there.
>>
>> if ! $decompress "$sourcefile" | gpg ...
>
> I thought so too, but the manpage of 'lrzip' lacks all equivalents of a
> '-c' option like gz, and it does not say what happens to the original
> file. Everywhere else in makepkg, lrzip is only called with no filenames.
>
> So, how exactly do you *know* that your variant won't do anything bad?
I’ve never used “lrzip”, but surely you can at least use a redirect
instead of a cat pipe:
lrzip -q -d < "$sourcefile" | gpg
More information about the pacman-dev
mailing list