1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-22 15:58:50 -05:00

makepkg: more control of skipping integrity checks

Allows the skipping of all integrity checks (checksum and PGP) or
either the checksum or PGP checks individually.

Original-patch-by: Wieland Hoffman <theminew@googlemail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Allan McRae 2011-07-16 22:42:32 +10:00 committed by Dan McGee
parent 94f61c5b29
commit 2b3405e01b
2 changed files with 36 additions and 15 deletions

View File

@ -85,10 +85,13 @@ Options
using "`makepkg -g >> PKGBUILD`". using "`makepkg -g >> PKGBUILD`".
*--skipinteg*:: *--skipinteg*::
Do not perform any integrity checks, just print a warning instead. Do not perform any integrity checks (checksum and PGP) on source files.
*\--skipchecksums*::
Do not verify checksums of source files.
*\--skippgpcheck*:: *\--skippgpcheck*::
Do not verify PGP signatures of the source files. Do not verify PGP signatures of source files.
*-h, \--help*:: *-h, \--help*::
Output syntax and command line options. Output syntax and command line options.

View File

@ -56,7 +56,7 @@ DEP_BIN=0
FORCE=0 FORCE=0
INFAKEROOT=0 INFAKEROOT=0
GENINTEG=0 GENINTEG=0
SKIPINTEG=0 SKIPCHECKSUMS=0
SKIPPGPCHECK=0 SKIPPGPCHECK=0
INSTALL=0 INSTALL=0
NOBUILD=0 NOBUILD=0
@ -641,6 +641,7 @@ generate_checksums() {
} }
check_checksums() { check_checksums() {
(( SKIPCHECKSUMS )) && return 0
(( ! ${#source[@]} )) && return 0 (( ! ${#source[@]} )) && return 0
local correlation=0 local correlation=0
@ -1603,7 +1604,7 @@ check_software() {
fi fi
# openssl - checksum operations # openssl - checksum operations
if (( ! SKIPINTEG )); then if (( ! SKIPCHECKSUMS )); then
if ! type -p openssl >/dev/null; then if ! type -p openssl >/dev/null; then
error "$(gettext "Cannot find the %s binary required for validating sourcefile checksums.")" "openssl" error "$(gettext "Cannot find the %s binary required for validating sourcefile checksums.")" "openssl"
ret=1 ret=1
@ -1838,7 +1839,8 @@ usage() {
echo "$(gettext " --nosign Do not create a signature for the package")" echo "$(gettext " --nosign Do not create a signature for the package")"
echo "$(gettext " --pkg <list> Only build listed packages from a split package")" echo "$(gettext " --pkg <list> Only build listed packages from a split package")"
printf "$(gettext " --sign Sign the resulting package with %s")\n" "gpg" printf "$(gettext " --sign Sign the resulting package with %s")\n" "gpg"
echo "$(gettext " --skipinteg Do not fail when integrity checks are missing")" echo "$(gettext " --skipchecksums Do not verify checksums of the source files")"
echo "$(gettext " --skipinteg Do not perform any verification checks on source files")"
echo "$(gettext " --skippgpcheck Do not verify source files with pgp signatures")" echo "$(gettext " --skippgpcheck Do not verify source files with pgp signatures")"
echo "$(gettext " --source Generate a source-only tarball without downloaded sources")" echo "$(gettext " --source Generate a source-only tarball without downloaded sources")"
echo echo
@ -1876,7 +1878,9 @@ OPT_SHORT="AcdefFghiLmop:rRsV"
OPT_LONG="allsource,asroot,ignorearch,check,clean,nodeps" OPT_LONG="allsource,asroot,ignorearch,check,clean,nodeps"
OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver,skippgpcheck" OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver,skippgpcheck"
OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps" OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps"
OPT_LONG+=",repackage,skipinteg,skippgpcheck,sign,source,syncdeps,version,config:" OPT_LONG+=",repackage,skipchecksums,skipinteg,skippgpcheck,sign,source,syncdeps"
OPT_LONG+=",version,config:"
# Pacman Options # Pacman Options
OPT_LONG+=",noconfirm,noprogressbar" OPT_LONG+=",noconfirm,noprogressbar"
if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then if ! OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@")"; then
@ -1917,7 +1921,8 @@ while true; do
--pkg) shift; PKGLIST=($1) ;; --pkg) shift; PKGLIST=($1) ;;
-r|--rmdeps) RMDEPS=1 ;; -r|--rmdeps) RMDEPS=1 ;;
-R|--repackage) REPKG=1 ;; -R|--repackage) REPKG=1 ;;
--skipinteg) SKIPINTEG=1 ;; --skipchecksums) SKIPCHECKSUMS=1 ;;
--skipinteg) SKIPCHECKSUMS=1; SKIPPGPCHECK=1 ;;
--skippgpcheck) SKIPPGPCHECK=1;; --skippgpcheck) SKIPPGPCHECK=1;;
--sign) SIGNPKG='y' ;; --sign) SIGNPKG='y' ;;
--source) SOURCEONLY=1 ;; --source) SOURCEONLY=1 ;;
@ -2239,15 +2244,22 @@ if (( SOURCEONLY )); then
mkdir -p "$srcdir" mkdir -p "$srcdir"
chmod a-s "$srcdir" chmod a-s "$srcdir"
cd "$srcdir" cd "$srcdir"
if (( ! SKIPINTEG || SOURCEONLY == 2 )); then if ( (( ! SKIPCHECKSUMS )) || \
( (( ! SKIPPGPCHECK )) && source_has_signatures ) ) || \
(( SOURCEONLY == 2 )); then
download_sources download_sources
fi fi
if (( ! SKIPINTEG )); then if (( SKIPCHECKSUMS && SKIPPGPCHECK )); then
# We can only check checksums if we have all files. warning "$(gettext "Skipping all source file integrity checks.")"
elif (( SKIPCHECKSUMS )); then
warning "$(gettext "Skipping verification of source file checksums.")"
check_pgpsigs
elif (( SKIPPGPCHECK )); then
warning "$(gettext "Skipping verification of source file PGP signatures.")"
check_checksums
else
check_checksums check_checksums
check_pgpsigs check_pgpsigs
else
warning "$(gettext "Skipping integrity checks.")"
fi fi
cd "$startdir" cd "$startdir"
@ -2322,11 +2334,17 @@ elif (( REPKG )); then
fi fi
else else
download_sources download_sources
if (( ! SKIPINTEG )); then if (( SKIPCHECKSUMS && SKIPPGPCHECK )); then
warning "$(gettext "Skipping all source file integrity checks.")"
elif (( SKIPCHECKSUMS )); then
warning "$(gettext "Skipping verification of source file checksums.")"
check_pgpsigs
elif (( SKIPPGPCHECK )); then
warning "$(gettext "Skipping verification of source file PGP signatures.")"
check_checksums
else
check_checksums check_checksums
check_pgpsigs check_pgpsigs
else
warning "$(gettext "Skipping integrity checks.")"
fi fi
extract_sources extract_sources
fi fi