[pacman-dev] [PATCH] makepkg: Support kernel.org's PGP signature scheme
Dave Reisner
d at falconindy.com
Thu Feb 27 18:03:18 EST 2014
On Thu, Feb 27, 2014 at 11:52:30PM +0100, Thomas Bächler wrote:
> Am 27.02.2014 22:33, schrieb Allan McRae:
> >> - if ! gpg --quiet --batch --status-file "$statusfile" --verify "$file" "$sourcefile" 2> /dev/null; then
> >> + case "$ext" in
> >> + gz) decompress="gzip -c -d -f" ;;
> >> + bz2) decompress="bzip2 -c -d -f" ;;
> >> + xz) decompress="xz -c -d" ;;
> >> + lrz) decompress="lrzip -q -d" ;;
> >> + lzo) decompress="lzop -c -d -q" ;;
> >> + Z) decompress="uncompress -c -f" ;;
> >> + "") decompress="cat" ;;
> >> + esac
> >> +
> >> + if ! cat "$sourcefile" | $decompress | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then
> >
> > Looks like an unnecessary cat there.
> >
> > if ! $decompress "$sourcefile" | gpg ...
>
> I thought so too, but the manpage of 'lrzip' lacks all equivalents of a
> '-c' option like gz, and it does not say what happens to the original
> file. Everywhere else in makepkg, lrzip is only called with no filenames.
Ok, then:
$decompress <"$sourcefile" | gpg ....
> So, how exactly do you *know* that your variant won't do anything bad?
>
More information about the pacman-dev
mailing list