[pacman-dev] [PATCH v2] libmakepkg/integrity: use more shared functions to generate signatures

Eli Schwartz eschwartz at archlinux.org
Mon Jun 18 04:12:11 UTC 2018


On 06/12/2018 09:59 AM, Eli Schwartz wrote:
> The newly changed print_all_package_names function can iterate over the
> list of all package files that will be created; this avoids the need to
> independently recreate those filenames here.

But, if we accept my patch to let --ignorearch and --packagelist work
together, then people who *build* with --ignorearch will be generating
more filenames to loop through here.

> Additionally, since debug packages may not actually exist, check if the
> package file exists first. If the main package does not exist then
> makepkg will have aborted before now, so there is no need to
> special-case that here.

There's really no way to know if a debug package should exist once we
moved it out of fakeroot. So we try, secure in the knowledge that bigger
issues are at hand if the debug package fails to exist but there's a
cached one from a previous run, with the exact same arch and version.

But printing all arch package names here could result in accidentally
signing packages that were not generated at this time. Which is
something we don't want.

> Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
> ---
> 
> v2: forgot to use -r in read
> 
>  .../integrity/generate_signature.sh.in          | 17 ++---------------
>  1 file changed, 2 insertions(+), 15 deletions(-)
> 
> diff --git a/scripts/libmakepkg/integrity/generate_signature.sh.in b/scripts/libmakepkg/integrity/generate_signature.sh.in
> index 442fe031..261b18f7 100644
> --- a/scripts/libmakepkg/integrity/generate_signature.sh.in
> +++ b/scripts/libmakepkg/integrity/generate_signature.sh.in
> @@ -50,25 +50,12 @@ create_package_signatures() {
>  	if [[ $SIGNPKG != 'y' ]]; then
>  		return 0
>  	fi
> -	local pkg pkgarch pkg_file
> -	local fullver=$(get_full_version)
>  
>  	msg "$(gettext "Signing package(s)...")"
>  
> -	for pkg in "${pkgname[@]}"; do
> -		pkgarch=$(get_pkg_arch $pkg)
> -		pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}"
> -
> -		create_signature "$pkg_file"
> -	done
> -
> -	# check if debug package needs a signature
> -	if ! check_option "debug" "y" || ! check_option "strip" "y"; then
> -		pkg=$pkgbase- at DEBUGSUFFIX@
> -		pkgarch=$(get_pkg_arch)
> -		pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}"
> +	print_all_package_names | while read -r pkg_file; do
>  		if [[ -f $pkg_file ]]; then
>  			create_signature "$pkg_file"
>  		fi
> -	fi
> +	done
>  }
> 


-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20180618/ac3a31fb/attachment.asc>


More information about the pacman-dev mailing list