FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 07-06-2011, 11:02 AM
Wieland Hoffmann
 
Default makepkg: Add --skipchecksums

With two integrity check methods available (checksums and pgp
signatures) it should be possible to skip only one of them.
When checksums are disabled and the public key of one source file
signature is unknown, stop the build process.
---
doc/makepkg.8.txt | 3 +++
scripts/makepkg.sh.in | 8 ++++++--
2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/doc/makepkg.8.txt b/doc/makepkg.8.txt
index bc1ffc1..b032fd4 100644
--- a/doc/makepkg.8.txt
+++ b/doc/makepkg.8.txt
@@ -90,6 +90,9 @@ Options
*--skippgpcheck*::
Do not verify PGP signatures of the source files.

+*--skipchecksums*::
+ Do not verify source files with checksums.
+
*-h, --help*::
Output syntax and command line options.

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 20ba431..b28c702 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -58,6 +58,7 @@ INFAKEROOT=0
GENINTEG=0
SKIPINTEG=0
SKIPPGPCHECK=0
+SKIPCHECKSUMS=0
INSTALL=0
NOBUILD=0
NODEPS=0
@@ -631,6 +632,7 @@ generate_checksums() {

check_checksums() {
(( ! ${#source[@]} )) && return 0
+ (( SKIPCHECKSUMS )) && return 0

local correlation=0
local integ required
@@ -719,7 +721,7 @@ check_pgpsigs() {
if ! gpg --quiet --batch --status-file "$statusfile" --verify "$file" "$sourcefile" 2> /dev/null; then
if grep "NO_PUBKEY" "$statusfile" > /dev/null; then
echo "$(gettext "Warning: Unknown public key") $(awk '/NO_PUBKEY/ {print $3}' $statusfile)" >&2
- warnings=1
+ (( SKIPCHECKSUMS )) && errors=1 || warnings=1
else
echo "$(gettext "FAILED")" >&2
errors=1
@@ -1802,6 +1804,7 @@ usage() {
printf "$(gettext " --sign Sign the resulting package with %s")
" "gpg"
echo "$(gettext " --skipinteg Do not fail when integrity checks are missing")"
echo "$(gettext " --skippgpcheck Do not verify source files with pgp signatures")"
+ echo "$(gettext " --skipchecksums Do not verify source files with checksums")"
echo "$(gettext " --source Generate a source-only tarball without downloaded sources")"
echo
printf "$(gettext "These options can be passed to %s:")
" "pacman"
@@ -1840,7 +1843,7 @@ OPT_LONG+=",noextract,force,forcever:,geninteg,hel p,holdver,skippgpcheck"
OPT_LONG+=",install,key:,log,nocolor,nobuild,noche ck,nosign,pkg:,rmdeps"
OPT_LONG+=",repackage,skipinteg,sign,source,syncde ps,version,config:"
# Pacman Options
-OPT_LONG+=",noconfirm,noprogressbar"
+OPT_LONG+=",noconfirm,noprogressbar,skipchecksums "
OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@" || echo 'PARSE_OPTIONS FAILED')"
if [[ $OPT_TEMP = *'PARSE_OPTIONS FAILED'* ]]; then
# This is a small hack to stop the script bailing with 'set -e'
@@ -1879,6 +1882,7 @@ while true; do
-o|--nobuild) NOBUILD=1 ;;
-p) shift; BUILDFILE=$1 ;;
--skippgpcheck) SKIPPGPCHECK=1;;
+ --skipchecksums) SKIPCHECKSUMS=1;;
--pkg) shift; PKGLIST=($1) ;;
-r|--rmdeps) RMDEPS=1 ;;
-R|--repackage) REPKG=1 ;;
--
1.7.6
 
Old 07-16-2011, 12:55 PM
Allan McRae
 
Default makepkg: Add --skipchecksums

On 06/07/11 21:02, Wieland Hoffmann wrote:

With two integrity check methods available (checksums and pgp
signatures) it should be possible to skip only one of them.


There were a few more places in makepkg where this needed some more
attention so I took this patch and added to it. It will soon follow to
the list.



When checksums are disabled and the public key of one source file
signature is unknown, stop the build process.


I removed this as I do not like the behaviour of signature checking to
change based on a flag for another check type.


Allan
 
Old 07-19-2011, 11:39 AM
Wieland Hoffmann
 
Default makepkg: Add --skipchecksums

Hallo, Allan McRae:
> I removed this as I do not like the behaviour of signature checking
> to change based on a flag for another check type.

Then it should be mentioned in the manpage that disabling the checksum
checks leads to disabling integrity checks completely if the user does
not have the public key that signed the sources in his keyring.
 

Thread Tools




All times are GMT. The time now is 04:33 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org