From 4e92df1b2e1c18898a3438ff0b188bdfaba3664a Mon Sep 17 00:00:00 2001 From: merakor Date: Wed, 2 Feb 2022 09:41:23 +0000 Subject: pkg_verify(): fix checksum verification bug where extra sources could get away with not being verified. FossilOrigin-Name: 5cfeb17ba29e7948c744db229bca0284eebb3add0098ddda3eb072459cea5f2f --- src/cpt-lib.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cpt-lib.in b/src/cpt-lib.in index 57c8e05..7659e39 100644 --- a/src/cpt-lib.in +++ b/src/cpt-lib.in @@ -1294,7 +1294,7 @@ pkg_checksums() { pkg_verify() { # Verify all package checksums. This is achieved by generating a new set of # checksums and then comparing those with the old set. - vcmd="NR==FNR{a[\$1];next}/^git .*/{next}!((\$1)in a){exit 1}" + vcmd="NR==FNR{a[\$1];next}/^git .*/{next}!((\$1)in a){exit 1}END{if(NR/2!=FNR)exit 1}" for pkg; do repo_dir=$(pkg_find "$pkg") -- cgit v1.2.3