From 1741bdaf81cc7c0881ee7a26861b3d94c384f13f Mon Sep 17 00:00:00 2001
From: Eli Schwartz <eschwartz@archlinux.org>
Date: Wed, 9 May 2018 00:17:10 -0400
Subject: libmakepkg/integrity: determine what is a signature preferring local
 filename

Checking the file extension to determine if something is a signature is
currently done in three places:
- verify_file_signature: uses $file to print status, reuses it for
  comparison
- source_has_signatures: uses $netfile, but removes url component if
  filename component exists
- generate_one_checksum: uses $netfile and fails to detect renamed files

This leads to inconsistent behavior when trying to use a signature of
the form "foo-1.0.tar.gz.asc::https://example.com/foo-1.0.tar.gz.pgp"

Fix this by treating the third case like the second case.

Reported-by: Giancarlo Razzolini <grazzolini@archlinux.org>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
---
 scripts/libmakepkg/integrity/generate_checksum.sh.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/libmakepkg/integrity/generate_checksum.sh.in b/scripts/libmakepkg/integrity/generate_checksum.sh.in
index fdee0d72..eb9b74fc 100644
--- a/scripts/libmakepkg/integrity/generate_checksum.sh.in
+++ b/scripts/libmakepkg/integrity/generate_checksum.sh.in
@@ -56,7 +56,7 @@ generate_one_checksum() {
 				sum="SKIP"
 				;;
 			*)
-				if [[ $netfile != *.@(sig?(n)|asc) ]]; then
+				if [[ ${netfile%%::*} != *.@(sig?(n)|asc) ]]; then
 					local file
 					file="$(get_filepath "$netfile")" || missing_source_file "$netfile"
 					sum="$("${integ}sum" "$file")"
-- 
cgit v1.2.3-24-g4f1b