From 2c6bc47741366f51ad4307780d47b12784526242 Mon Sep 17 00:00:00 2001
From: merakor <cem@ckyln.com>
Date: Wed, 22 Apr 2020 08:12:19 +0000
Subject: kiss: Abort install if file missing in manifest

FossilOrigin-Name: 3209758848b137dd4e799b426ec3a2147ceeef8c0551620946965593e55aa88a
---
 kiss | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/kiss b/kiss
index e2d093e..04b3735 100755
--- a/kiss
+++ b/kiss
@@ -983,6 +983,12 @@ pkg_install() {
     [ -f "$tar_dir/$pkg_name/$pkg_db/$pkg_name/manifest" ] ||
         die "'${tar_file##*/}' is not a valid KISS package"
 
+    # Ensure that the tarball's manifest is correct by checking that
+    # each file and directory inside of it actually exists.
+    while read -r line; do [ -e "$tar_dir/$pkg_name/$line" ] ||
+        die "File $line missing from tarball but mentioned in manifest"
+    done < "$tar_dir/$pkg_name/$pkg_db/$pkg_name/manifest"
+
     # Make sure that all run-time dependencies are installed prior to
     # installing the package.
     [ -f "$tar_dir/$pkg_name/$pkg_db/$pkg_name/depends" ] &&
-- 
cgit v1.2.3