FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 03-24-2011, 08:46 PM
Ray Kohler
 
Default Fix use of relative paths for packages in repo-add

I first noticed that checksums weren't calculated if a relative path was used,
since they're done after moving into the $tmpdir and relative paths become
useless. Then I saw that PGP sigs had basically the same problem, with the
addition of the introduction of $startdir, which was never set beforehand
(cut-n-paste from makepkg?). Seeing that having this value known would solve
both problems, I just defined it and used it for the checksums as well.

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
---
scripts/repo-add.sh.in | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 59e98cf..0461c7a 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -235,7 +235,8 @@ db_write_entry()
# blank out all variables
local pkgfile="$1"
local pkgname pkgver pkgdesc csize size md5sum url arch builddate packager
- _groups _licenses _replaces _depends _conflicts _provides _optdepends
+ startdir _groups _licenses _replaces _depends _conflicts _provides
+ _optdepends

local OLDIFS="$IFS"
# IFS (field separator) is only the newline character
@@ -271,6 +272,8 @@ db_write_entry()
return 1
fi

+ startdir=$(pwd)
+
pushd "$tmpdir" >/dev/null
if [[ -d $pkgname-$pkgver ]]; then
warning "$(gettext "An entry for '%s' already existed")" "$pkgname-$pkgver"
@@ -286,9 +289,9 @@ db_write_entry()

# compute checksums
msg2 "$(gettext "Computing checksums...")"
- md5sum="$(openssl dgst -md5 "$pkgfile")"
+ md5sum="$(openssl dgst -md5 "$startdir/$pkgfile")"
md5sum="${md5sum##* }"
- sha256sum="$(openssl dgst -sha256 "$pkgfile")"
+ sha256sum="$(openssl dgst -sha256 "$startdir/$pkgfile")"
sha256sum="${sha256sum##* }"

# remove an existing entry if it exists, ignore failures
@@ -317,7 +320,7 @@ db_write_entry()
echo -e "%SHA256SUM%
$sha256sum
" >>desc

# add base64'd PGP signature
- if [[ -f $startdir/$pkgfile.sig ]]; then
+ if [[ -f "$startdir/$pkgfile.sig" ]]; then
pgpsig=$(openssl base64 -in "$startdir/$pkgfile.sig" | tr -d '
')
echo -e "%PGPSIG%
$pgpsig
" >>desc
fi
--
1.7.4.1
 
Old 03-24-2011, 08:53 PM
Dan McGee
 
Default Fix use of relative paths for packages in repo-add

On Thu, Mar 24, 2011 at 4:46 PM, Ray Kohler <ataraxia937@gmail.com> wrote:
> I first noticed that checksums weren't calculated if a relative path was used,
> since they're done after moving into the $tmpdir and relative paths become
> useless. Then I saw that PGP sigs had basically the same problem, with the
> addition of the introduction of $startdir, which was never set beforehand
> (cut-n-paste from makepkg?). Seeing that having this value known would solve
> both problems, I just defined it and used it for the checksums as well.

Hmm. This is caused by bitrot, actually: commit 7ce90bb removed
startdir on purpose. I'd prefer a fix that does not reintroduce this-
e.g. just moving the checksum calculation block before the first pushd
call, as well as doing the PGP business there too if necessary.

>
> Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
> ---
> *scripts/repo-add.sh.in | * 11 +++++++----
> *1 files changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
> index 59e98cf..0461c7a 100644
> --- a/scripts/repo-add.sh.in
> +++ b/scripts/repo-add.sh.in
> @@ -235,7 +235,8 @@ db_write_entry()
> * * * *# blank out all variables
> * * * *local pkgfile="$1"
> * * * *local pkgname pkgver pkgdesc csize size md5sum url arch builddate packager
> - * * * * * * * _groups _licenses _replaces _depends _conflicts _provides _optdepends
> + * * * * * * * startdir _groups _licenses _replaces _depends _conflicts _provides
> + * * * * * * * _optdepends
>
> * * * *local OLDIFS="$IFS"
> * * * *# IFS (field separator) is only the newline character
> @@ -271,6 +272,8 @@ db_write_entry()
> * * * * * * * *return 1
> * * * *fi
>
> + * * * startdir=$(pwd)
> +
> * * * *pushd "$tmpdir" >/dev/null
> * * * *if [[ -d $pkgname-$pkgver ]]; then
> * * * * * * * *warning "$(gettext "An entry for '%s' already existed")" "$pkgname-$pkgver"
> @@ -286,9 +289,9 @@ db_write_entry()
>
> * * * *# compute checksums
> * * * *msg2 "$(gettext "Computing checksums...")"
> - * * * md5sum="$(openssl dgst -md5 "$pkgfile")"
> + * * * md5sum="$(openssl dgst -md5 "$startdir/$pkgfile")"
> * * * *md5sum="${md5sum##* }"
> - * * * sha256sum="$(openssl dgst -sha256 "$pkgfile")"
> + * * * sha256sum="$(openssl dgst -sha256 "$startdir/$pkgfile")"
> * * * *sha256sum="${sha256sum##* }"
>
> * * * *# remove an existing entry if it exists, ignore failures
> @@ -317,7 +320,7 @@ db_write_entry()
> * * * *echo -e "%SHA256SUM%
$sha256sum
" >>desc
>
> * * * *# add base64'd PGP signature
> - * * * if [[ -f $startdir/$pkgfile.sig ]]; then
> + * * * if [[ -f "$startdir/$pkgfile.sig" ]]; then
> * * * * * * * *pgpsig=$(openssl base64 -in "$startdir/$pkgfile.sig" | tr -d '
')
> * * * * * * * *echo -e "%PGPSIG%
$pgpsig
" >>desc
> * * * *fi
> --
> 1.7.4.1
>
>
>
 
Old 03-24-2011, 09:05 PM
Ray Kohler
 
Default Fix use of relative paths for packages in repo-add

Move checksum and pgpsig calcluation before changing into the
tmpdir, otherwise we can't find the files if a relative path
was used.

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
---
scripts/repo-add.sh.in | 26 ++++++++++++++------------
1 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 59e98cf..4e7e00b 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -265,6 +265,18 @@ db_write_entry()

csize=$(@SIZECMD@ "$pkgfile")

+ # compute checksums
+ msg2 "$(gettext "Computing checksums...")"
+ md5sum="$(openssl dgst -md5 "$pkgfile")"
+ md5sum="${md5sum##* }"
+ sha256sum="$(openssl dgst -sha256 "$pkgfile")"
+ sha256sum="${sha256sum##* }"
+
+ # compute base64'd PGP signature
+ if [[ -f "$pkgfile.sig" ]]; then
+ pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '
')
+ fi
+
# ensure $pkgname and $pkgver variables were found
if [[ -z $pkgname || -z $pkgver ]]; then
error "$(gettext "Invalid package file '%s'.")" "$pkgfile"
@@ -284,13 +296,6 @@ db_write_entry()
fi
fi

- # compute checksums
- msg2 "$(gettext "Computing checksums...")"
- md5sum="$(openssl dgst -md5 "$pkgfile")"
- md5sum="${md5sum##* }"
- sha256sum="$(openssl dgst -sha256 "$pkgfile")"
- sha256sum="${sha256sum##* }"
-
# remove an existing entry if it exists, ignore failures
db_remove_entry "$pkgname"

@@ -316,11 +321,8 @@ db_write_entry()
echo -e "%MD5SUM%
$md5sum
" >>desc
echo -e "%SHA256SUM%
$sha256sum
" >>desc

- # add base64'd PGP signature
- if [[ -f $startdir/$pkgfile.sig ]]; then
- pgpsig=$(openssl base64 -in "$startdir/$pkgfile.sig" | tr -d '
')
- echo -e "%PGPSIG%
$pgpsig
" >>desc
- fi
+ # add PGP sig
+ [[ -n $pgpsig ]] && echo -e "%PGPSIG%
$pgpsig
" >>desc

[[ -n $url ]] && echo -e "%URL%
$url
" >>desc
write_list_entry "LICENSE" "$_licenses" "desc"
--
1.7.4.1
 
Old 03-24-2011, 09:16 PM
Dan McGee
 
Default Fix use of relative paths for packages in repo-add

On Thu, Mar 24, 2011 at 5:05 PM, Ray Kohler <ataraxia937@gmail.com> wrote:
> Move checksum and pgpsig calcluation before changing into the
> tmpdir, otherwise we can't find the files if a relative path
> was used.

Thanks! I made a few small touchups to the local var declaration to
ensure sha256sum and pgpsig made it into there as well.

> Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
> ---
> *scripts/repo-add.sh.in | * 26 ++++++++++++++------------
> *1 files changed, 14 insertions(+), 12 deletions(-)
>
> diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
> index 59e98cf..4e7e00b 100644
> --- a/scripts/repo-add.sh.in
> +++ b/scripts/repo-add.sh.in
> @@ -265,6 +265,18 @@ db_write_entry()
>
> * * * *csize=$(@SIZECMD@ "$pkgfile")
>
> + * * * # compute checksums
> + * * * msg2 "$(gettext "Computing checksums...")"
> + * * * md5sum="$(openssl dgst -md5 "$pkgfile")"
> + * * * md5sum="${md5sum##* }"
> + * * * sha256sum="$(openssl dgst -sha256 "$pkgfile")"
> + * * * sha256sum="${sha256sum##* }"
> +
> + * * * # compute base64'd PGP signature
> + * * * if [[ -f "$pkgfile.sig" ]]; then
> + * * * * * * * pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '
')
> + * * * fi
> +
> * * * *# ensure $pkgname and $pkgver variables were found
> * * * *if [[ -z $pkgname || -z $pkgver ]]; then
> * * * * * * * *error "$(gettext "Invalid package file '%s'.")" "$pkgfile"
> @@ -284,13 +296,6 @@ db_write_entry()
> * * * * * * * *fi
> * * * *fi
>
> - * * * # compute checksums
> - * * * msg2 "$(gettext "Computing checksums...")"
> - * * * md5sum="$(openssl dgst -md5 "$pkgfile")"
> - * * * md5sum="${md5sum##* }"
> - * * * sha256sum="$(openssl dgst -sha256 "$pkgfile")"
> - * * * sha256sum="${sha256sum##* }"
> -
> * * * *# remove an existing entry if it exists, ignore failures
> * * * *db_remove_entry "$pkgname"
>
> @@ -316,11 +321,8 @@ db_write_entry()
> * * * *echo -e "%MD5SUM%
$md5sum
" >>desc
> * * * *echo -e "%SHA256SUM%
$sha256sum
" >>desc
>
> - * * * # add base64'd PGP signature
> - * * * if [[ -f $startdir/$pkgfile.sig ]]; then
> - * * * * * * * pgpsig=$(openssl base64 -in "$startdir/$pkgfile.sig" | tr -d '
')
> - * * * * * * * echo -e "%PGPSIG%
$pgpsig
" >>desc
> - * * * fi
> + * * * # add PGP sig
> + * * * [[ -n $pgpsig ]] && echo -e "%PGPSIG%
$pgpsig
" >>desc
>
> * * * *[[ -n $url ]] && echo -e "%URL%
$url
" >>desc
> * * * *write_list_entry "LICENSE" "$_licenses" "desc"
> --
> 1.7.4.1
>
>
>
 

Thread Tools




All times are GMT. The time now is 08:27 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org