On 04/29/2018 06:28 AM, Allan McRae wrote: > On 04/04/18 07:50, Eli Schwartz wrote: >> --verifysource is often used to validate the PKGBUILD before uploading >> to the AUR, but currently there is no way to trivially check all sources. >> By default we don't check sources we won't use, because it forces >> downloading those sources, but in certain cases the user might need to >> check them regardless... >> > > We looked at this when architecture dependent sources were added and > many or even most packages with architecture independent sources have > sources with the same filename from a different source path, or change > the source to have the same filename to make the rest of the PKGBUILD > easier. So that was not implemented.
As mentioned on IRC, this means --allsource is broken too, as we use download_sources allarch followed by check_source_integrity all. In fact, now I remember part of why I wanted this patch implemented, is because the alternative which *works today* is to use --allsource, then discard the source package. We at least need to be consistent here. My $0.02: people who change the filename to use the same filename on all arches, should use $CARCH in their build/package functions instead, and name the files something CARCH-dependent if it isn't that way by default. Extracted archives don't even need to worry about this, as they will presumably use the extracted paths which are identical in $srcdir regardless of the tarball filename in $SRCDEST! -- Eli Schwartz Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
