[pacman-dev] [PATCH] libmakepkg/integrity: determine what is a signature preferring local filename

[Eli Schwartz]

Checking the file extension to determine if something is a signature is
currently done in three places:
- verify_file_signature: uses $file to print status, reuses it for
  comparison
- source_has_signatures: uses $netfile, but removes url component if
  filename component exists
- generate_one_checksum: uses $netfile and fails to detect renamed files

This leads to inconsistent behavior when trying to use a signature of
the form "foo-1.0.tar.gz.asc::https://example.com/foo-1.0.tar.gz.pgp"

Fix this by treating the third case like the second case.

Reported-by: Giancarlo Razzolini <grazzolini at archlinux.org>
Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
---

I wasn't sure at first if this was worth refactoring into a utility
function, but it does seem to small to bother.

 scripts/libmakepkg/integrity/generate_checksum.sh.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/libmakepkg/integrity/generate_checksum.sh.in b/scripts/libmakepkg/integrity/generate_checksum.sh.in
index fdee0d72..eb9b74fc 100644
--- a/scripts/libmakepkg/integrity/generate_checksum.sh.in
+++ b/scripts/libmakepkg/integrity/generate_checksum.sh.in
@@ -56,7 +56,7 @@ generate_one_checksum() {
 				sum="SKIP"
 				;;
 			*)
-				if [[ $netfile != *.@(sig?(n)|asc) ]]; then
+				if [[ ${netfile%%::*} != *.@(sig?(n)|asc) ]]; then
 					local file
 					file="$(get_filepath "$netfile")" || missing_source_file "$netfile"
 					sum="$("${integ}sum" "$file")"
--
2.17.0