summaryrefslogtreecommitdiff
path: root/scripts/libmakepkg/integrity/generate_signature.sh.in
diff options
context:
space:
mode:
authorEli Schwartz <eschwartz@archlinux.org>2018-03-14 20:42:11 -0400
committerAllan McRae <allan@archlinux.org>2018-03-15 11:30:20 +1000
commit9c8d7a80932e23baed1fc247b56b4c5725f9eff4 (patch)
treeffce67f3b962f064853d4371e44e1a4b677f906e /scripts/libmakepkg/integrity/generate_signature.sh.in
parentc54621d81986e14c7d112350fdf288e74df7a8a8 (diff)
downloadpacman-9c8d7a80932e23baed1fc247b56b4c5725f9eff4.tar.xz
libmakepkg/integrity: fix regression that broke --install
In commit c6b04c04653ba9933fe978829148312e412a9ea7 package signing was moved out of fakeroot, and as part of this process, the global pkgname variable was modified in order to extract the built package names. However, if a debug package was not available and added to the list of packages, the function was aborted early, before the pkgname array was restored, thereby corrupting the later stages of makepkg and specifically the install_package function which needs to know which pkgnames to install. Fix this by inlining the debug package signing inside the `if` check, and as added security switch to using `for pkg in "${pkgname[@]}"` as is done in many other parts of makepkg, since package signing does not depend on the value of pkgname for anything. Additionally, since debug packages may not actually exist, check if the package file exists first. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/libmakepkg/integrity/generate_signature.sh.in')
-rw-r--r--scripts/libmakepkg/integrity/generate_signature.sh.in23
1 files changed, 10 insertions, 13 deletions
diff --git a/scripts/libmakepkg/integrity/generate_signature.sh.in b/scripts/libmakepkg/integrity/generate_signature.sh.in
index df76fbbd..442fe031 100644
--- a/scripts/libmakepkg/integrity/generate_signature.sh.in
+++ b/scripts/libmakepkg/integrity/generate_signature.sh.in
@@ -50,28 +50,25 @@ create_package_signatures() {
if [[ $SIGNPKG != 'y' ]]; then
return 0
fi
- local pkgarch pkg_file
- local pkgname_backup=("${pkgname[@]}")
+ local pkg pkgarch pkg_file
local fullver=$(get_full_version)
msg "$(gettext "Signing package(s)...")"
- for pkgname in ${pkgname_backup[@]}; do
- pkgarch=$(get_pkg_arch $pkgname)
- pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
+ for pkg in "${pkgname[@]}"; do
+ pkgarch=$(get_pkg_arch $pkg)
+ pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}"
create_signature "$pkg_file"
done
# check if debug package needs a signature
if ! check_option "debug" "y" || ! check_option "strip" "y"; then
- return
+ pkg=$pkgbase-@DEBUGSUFFIX@
+ pkgarch=$(get_pkg_arch)
+ pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}"
+ if [[ -f $pkg_file ]]; then
+ create_signature "$pkg_file"
+ fi
fi
-
- pkgname=$pkgbase-@DEBUGSUFFIX@
- pkgarch=$(get_pkg_arch)
- pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
- create_signature "$pkg_file"
-
- pkgname=("${pkgname_backup[@]}")
}