archrelease: ensure we check the checksum of the package
Signed-off-by: Morten Linderud <foxboron@archlinux.org>
This commit is contained in:
parent
b6f5220bed
commit
f7d122044b
|
@ -42,6 +42,17 @@ if git rev-parse "$pkgver" >/dev/null 2>&1; then
|
|||
die "archrelease: the tag $pkgver already exists in the repository!"
|
||||
fi
|
||||
|
||||
# If the tag exists we check if it's properly signed and that it
|
||||
# matches the working directory PKGBUILD.
|
||||
if git tag --verify "$pkgver" &> /dev/null; then
|
||||
cwd_checksum=$(sha256sum PKGBUILD|cut -d' ' -f1)
|
||||
tag_checksum=$(git show $pkgver:PKGBUILD | sha256sum |cut -d' ' -f1)
|
||||
if [[ "$cwd_checksum" != "$tag_checksum" ]]; then
|
||||
die "tagged PKGBUILD is not the same as the working dir PKGBUILD"
|
||||
fi
|
||||
exit 0
|
||||
fi
|
||||
|
||||
stat_busy "Releasing package"
|
||||
printf -v tag_list ", %s" "$@"; tag_list="${tag_list#, }"
|
||||
git tag -s -m "archrelease: released $pkgbase-$pkgver to $tag_list" "$pkgver" || abort
|
||||
|
|
Loading…
Reference in New Issue