[Build-common-hackers] a WAF class for CDBS

Rémi Thebault remi.thebault at gmail.com
Wed Dec 29 16:39:47 UTC 2010 

Le mercredi 29 décembre 2010 à 14:11 +0100, Jonas Smedegaard a écrit :

> On Wed, Dec 29, 2010 at 10:23:35AM +0100, Rémi Thebault wrote:
> >
> >
> >> >I don't get this. Do you expect a cdbs script to unpack the waf file 
> >> >(I don't know the format, but it is probably not so hard) and to 
> >> >checksum each file inside ?
> >>
> >> Nah, not checksum each file separately - unless it turns out that it 
> >> is indeed helpful to track the contained files individually.
> >>
> >> For now I "just" suggest to unpack the blob when failing, and 
> >> emitting a message to first check those files, then delete them and 
> >> then apply the magic checksum.
> >>
> >
> >
> >If I understand well:
> >1. If no safetybelt, we checksum the waf file with debian/waf.sha1sum
> >2. If the checksum fail, we unpack waf and display a relevant mesg like
> >     "waf checksum failed, check the content in debian/wafunpacked and
> >do `sha1sum ./waf > debian/waf.sha1sum`"
> >3. adding "rm -rf debian/wafunpacked" in clean target (could depend on
> >the safety belt)
> >
> >Is this correct ?
> 
> I guess you mean _unless_ no safetybelt at 1).
> 
> Here's a proposed pseudo-code:
> 
> If not safetybelt-off; then
>    do-checksum
>    mesg checksum
>    if checksum-match-fail (including no stored checksum at all); then
>      unpack-waf
>      error "waf checksum failed. inspect unpacked waf, and if ok
>             store above calculated checksum as debian/waf.sha1sum
>             and remove the unpacked files"
> else
>    warning "WARNING: waf file is executed without prior inspection!
>             this might be unsafe - you have been warned...!"
> 
> I.e. a little more than your summary, but not much.  does that look 
> sane?

OK I will work this way.

Rémi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/build-common-hackers/attachments/20101229/16cc29bb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/build-common-hackers/attachments/20101229/16cc29bb/attachment.pgp>

More information about the Build-common-hackers mailing list