From 4e92df1b2e1c18898a3438ff0b188bdfaba3664a Mon Sep 17 00:00:00 2001
From: merakor <cem@ckyln.com>
Date: Wed, 2 Feb 2022 09:41:23 +0000
Subject: pkg_verify(): fix checksum verification bug where extra sources could

get away with not being verified.


FossilOrigin-Name: 5cfeb17ba29e7948c744db229bca0284eebb3add0098ddda3eb072459cea5f2f
---
 src/cpt-lib.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cpt-lib.in b/src/cpt-lib.in
index 57c8e05..7659e39 100644
--- a/src/cpt-lib.in
+++ b/src/cpt-lib.in
@@ -1294,7 +1294,7 @@ pkg_checksums() {
 pkg_verify() {
     # Verify all package checksums. This is achieved by generating a new set of
     # checksums and then comparing those with the old set.
-    vcmd="NR==FNR{a[\$1];next}/^git  .*/{next}!((\$1)in a){exit 1}"
+    vcmd="NR==FNR{a[\$1];next}/^git .*/{next}!((\$1)in a){exit 1}END{if(NR/2!=FNR)exit 1}"
 
     for pkg; do
         repo_dir=$(pkg_find "$pkg")
-- 
cgit v1.2.3