From 1741bdaf81cc7c0881ee7a26861b3d94c384f13f Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Wed, 9 May 2018 00:17:10 -0400 Subject: libmakepkg/integrity: determine what is a signature preferring local filename Checking the file extension to determine if something is a signature is currently done in three places: - verify_file_signature: uses $file to print status, reuses it for comparison - source_has_signatures: uses $netfile, but removes url component if filename component exists - generate_one_checksum: uses $netfile and fails to detect renamed files This leads to inconsistent behavior when trying to use a signature of the form "foo-1.0.tar.gz.asc::https://example.com/foo-1.0.tar.gz.pgp" Fix this by treating the third case like the second case. Reported-by: Giancarlo Razzolini Signed-off-by: Eli Schwartz Signed-off-by: Allan McRae --- scripts/libmakepkg/integrity/generate_checksum.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/libmakepkg/integrity/generate_checksum.sh.in b/scripts/libmakepkg/integrity/generate_checksum.sh.in index fdee0d72..eb9b74fc 100644 --- a/scripts/libmakepkg/integrity/generate_checksum.sh.in +++ b/scripts/libmakepkg/integrity/generate_checksum.sh.in @@ -56,7 +56,7 @@ generate_one_checksum() { sum="SKIP" ;; *) - if [[ $netfile != *.@(sig?(n)|asc) ]]; then + if [[ ${netfile%%::*} != *.@(sig?(n)|asc) ]]; then local file file="$(get_filepath "$netfile")" || missing_source_file "$netfile" sum="$("${integ}sum" "$file")" -- cgit v1.2.3-24-g4f1b