| Message ID | 20180612135954.25614-1-eschwartz@archlinux.org |
|---|---|
| State | Under Review |
| Headers | show |
On 06/12/2018 09:59 AM, Eli Schwartz wrote: > The newly changed print_all_package_names function can iterate over the > list of all package files that will be created; this avoids the need to > independently recreate those filenames here. But, if we accept my patch to let --ignorearch and --packagelist work together, then people who *build* with --ignorearch will be generating more filenames to loop through here. > Additionally, since debug packages may not actually exist, check if the > package file exists first. If the main package does not exist then > makepkg will have aborted before now, so there is no need to > special-case that here. There's really no way to know if a debug package should exist once we moved it out of fakeroot. So we try, secure in the knowledge that bigger issues are at hand if the debug package fails to exist but there's a cached one from a previous run, with the exact same arch and version. But printing all arch package names here could result in accidentally signing packages that were not generated at this time. Which is something we don't want. > Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> > --- > > v2: forgot to use -r in read > > .../integrity/generate_signature.sh.in | 17 ++--------------- > 1 file changed, 2 insertions(+), 15 deletions(-) > > diff --git a/scripts/libmakepkg/integrity/generate_signature.sh.in b/scripts/libmakepkg/integrity/generate_signature.sh.in > index 442fe031..261b18f7 100644 > --- a/scripts/libmakepkg/integrity/generate_signature.sh.in > +++ b/scripts/libmakepkg/integrity/generate_signature.sh.in > @@ -50,25 +50,12 @@ create_package_signatures() { > if [[ $SIGNPKG != 'y' ]]; then > return 0 > fi > - local pkg pkgarch pkg_file > - local fullver=$(get_full_version) > > msg "$(gettext "Signing package(s)...")" > > - for pkg in "${pkgname[@]}"; do > - pkgarch=$(get_pkg_arch $pkg) > - pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}" > - > - create_signature "$pkg_file" > - done > - > - # check if debug package needs a signature > - if ! check_option "debug" "y" || ! check_option "strip" "y"; then > - pkg=$pkgbase-@DEBUGSUFFIX@ > - pkgarch=$(get_pkg_arch) > - pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}" > + print_all_package_names | while read -r pkg_file; do > if [[ -f $pkg_file ]]; then > create_signature "$pkg_file" > fi > - fi > + done > } >
diff --git a/scripts/libmakepkg/integrity/generate_signature.sh.in b/scripts/libmakepkg/integrity/generate_signature.sh.in index 442fe031..261b18f7 100644 --- a/scripts/libmakepkg/integrity/generate_signature.sh.in +++ b/scripts/libmakepkg/integrity/generate_signature.sh.in @@ -50,25 +50,12 @@ create_package_signatures() { if [[ $SIGNPKG != 'y' ]]; then return 0 fi - local pkg pkgarch pkg_file - local fullver=$(get_full_version) msg "$(gettext "Signing package(s)...")" - for pkg in "${pkgname[@]}"; do - pkgarch=$(get_pkg_arch $pkg) - pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}" - - create_signature "$pkg_file" - done - - # check if debug package needs a signature - if ! check_option "debug" "y" || ! check_option "strip" "y"; then - pkg=$pkgbase-@DEBUGSUFFIX@ - pkgarch=$(get_pkg_arch) - pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}" + print_all_package_names | while read -r pkg_file; do if [[ -f $pkg_file ]]; then create_signature "$pkg_file" fi - fi + done }
The newly changed print_all_package_names function can iterate over the list of all package files that will be created; this avoids the need to independently recreate those filenames here. Additionally, since debug packages may not actually exist, check if the package file exists first. If the main package does not exist then makepkg will have aborted before now, so there is no need to special-case that here. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> --- v2: forgot to use -r in read .../integrity/generate_signature.sh.in | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-)