Created
August 11, 2018 15:50
-
-
Save kpcyrd/c9769e0b307ac751485e606a30b83612 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in | |
index 2ac1bbca..3fbfc5a7 100644 | |
--- a/scripts/makepkg.sh.in | |
+++ b/scripts/makepkg.sh.in | |
@@ -55,6 +55,7 @@ splitpkg_overrides=('pkgdesc' 'arch' 'url' 'license' 'groups' 'depends' | |
readonly -a build_options splitpkg_overrides | |
known_hash_algos=('md5' 'sha1' 'sha224' 'sha256' 'sha384' 'sha512' 'whirlpool') | |
+secure_hash_algos=('sha224' 'sha256' 'sha384' 'sha512' 'whirlpool') | |
# Options | |
ASDEPS=0 | |
@@ -1012,6 +1013,28 @@ check_software() { | |
fi | |
fi | |
+ # check for secure checksums | |
+ if (( ! GENINTEG )) && ! source_has_signatures; then | |
+ local insecure=1 | |
+ | |
+ local integlist | |
+ IFS=$'\n' read -rd '' -a integlist < <(get_integlist) | |
+ | |
+ local integ secure_integ | |
+ for integ in "${integlist[@]}"; do | |
+ for secure_integ in "${secure_hash_algos[@]}"; do | |
+ if [[ "$integ" == "$secure" ]]; then | |
+ insecure=0 | |
+ break 2 | |
+ fi | |
+ done | |
+ done | |
+ | |
+ if [[ $insecure == 1 ]]; then | |
+ warning "$(gettext "The package doesn't have a cryptographic checksum or signature")" | |
+ fi | |
+ fi | |
+ | |
# checksum operations | |
if (( GENINTEG || ! SKIPCHECKSUMS )); then | |
local integlist |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment