diff options
| author | Bruno Pagani | 2016-12-22 19:50:14 +0100 |
|---|---|---|
| committer | Bruno Pagani | 2016-12-22 19:50:14 +0100 |
| commit | 1eee46e9a2a0bf517b4ee6d67e95b7849b0307a1 (patch) | |
| tree | 547d39b2b4cd97d387dccc91635be88ce16e9063 | |
| parent | a4fc0f9da66f2019abce8ac333c94bec1724ad70 (diff) | |
| download | aur-1eee46e9a2a0bf517b4ee6d67e95b7849b0307a1.tar.gz | |
upgpkg: firefox-nightly-fr 53.0a1.20161222-1
Improve PKGBUILD.
Download checksums file only once and use the same instance to verify
sum and GPG signature. This fix a potential security issue where the
sum used for verifying the tarball could be different of the GPG
verified one.
Clean pkgver() (previous one wasn’t working in a chroot building BTW).
| -rw-r--r-- | .SRCINFO | 8 | ||||
| -rw-r--r-- | PKGBUILD | 29 |
2 files changed, 15 insertions, 22 deletions
@@ -1,7 +1,7 @@ pkgbase = firefox-nightly-fr pkgdesc = Standalone Web Browser from Mozilla — Nightly build (fr) - pkgver = 53.0a1.20161116 - pkgrel = 3 + pkgver = 53.0a1.20161222 + pkgrel = 1 url = https://nightly.mozilla.org/ arch = i686 arch = x86_64 @@ -28,13 +28,13 @@ pkgbase = firefox-nightly-fr source_i686 = https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central-l10n/firefox-53.0a1.fr.linux-i686.tar.bz2 source_i686 = https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central-l10n/firefox-53.0a1.fr.linux-i686.checksums source_i686 = https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central-l10n/firefox-53.0a1.fr.linux-i686.checksums.asc - sha512sums_i686 = 3254b9eb6675066cfbb78a42b4c31cc691190960920ed608701ae0c1678104c6f8010c8931c76de0c3b4480521d18b00eb6a649c58e372ffafa6f7ec5f0beb4b + sha512sums_i686 = 9001922e53cf39dd424f41c7c256888258f00654ab03e028b712d8910e1cbf691d1addf9fe2e80350c57f66d20c6ef13866e955aebf08f9fdebc4bd6d1184bb2 sha512sums_i686 = SKIP sha512sums_i686 = SKIP source_x86_64 = https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central-l10n/firefox-53.0a1.fr.linux-x86_64.tar.bz2 source_x86_64 = https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central-l10n/firefox-53.0a1.fr.linux-x86_64.checksums source_x86_64 = https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central-l10n/firefox-53.0a1.fr.linux-x86_64.checksums.asc - sha512sums_x86_64 = 205bc7a8358dc3e51e8f177a2cab2fdc51144aa3a59a997381f567a4b553548035b5ce041f06c7a3f31f376a0a16c71633ef72b45c9530d5c2bb423ed7ba6e37 + sha512sums_x86_64 = 4919e4c4595295573d7857694372a9fa4337641c03181846274eea3eab1e9d12f62a993910f8f275d0eb1533c6fef107e2797f3e71d18fb28f7fca70db8d0e29 sha512sums_x86_64 = SKIP sha512sums_x86_64 = SKIP @@ -10,8 +10,8 @@ pkgname=${_full_name}-${_lang} pkgdesc="Standalone Web Browser from Mozilla — Nightly build (${_lang})" url="https://nightly.mozilla.org/" _version='53.0a1' -pkgver=53.0a1.20161116 -pkgrel=3 +pkgver=53.0a1.20161222 +pkgrel=1 arch=('i686' 'x86_64') license=('MPL' 'GPL' 'LGPL') depends=('dbus-glib' 'gtk2' 'gtk3' 'libxt' 'nss' 'mime-types') @@ -24,40 +24,33 @@ _url_l10n="${_url}-l10n" _src="${_name}-${_version}.${_lang}.linux" _file_i686="${_src}-i686.tar.bz2" _file_x86_64="${_src}-x86_64.tar.bz2" -_sums_i686="${_url_l10n}/${_src}-i686.checksums" -_sums_x86_64="${_url_l10n}/${_src}-x86_64.checksums" +_sums_i686="${_src}-i686.checksums" +_sums_x86_64="${_src}-x86_64.checksums" source=( 'firefox-nightly.desktop' 'firefox-nightly-safe.desktop' 'vendor.js' ) -source_i686=("${_url_l10n}/${_file_i686}" "${_sums_i686}"{,.asc}) -source_x86_64=("${_url_l10n}/${_file_x86_64}" "${_sums_x86_64}"{,.asc}) +source_i686=("${_url_l10n}"/{"${_file_i686}","${_sums_i686}"{,.asc}}) +source_x86_64=("${_url_l10n}"/{"${_file_x86_64}","${_sums_x86_64}"{,.asc}}) sha512sums=( '725babc1365e02a30f50aafbc069b04a97cd247f76240b99b0a734dcce0e560f30cfd441efe9b0b9edcc48f327c8adad34e1ae45c2ba047205c84921d5e43e59' '2df6b84978ec459ffad3e0d285c816da07a890db30284d3b2bec250472c10e08003edf705278cb97e02a52fb5f1325d962c08d5fbcf98f484e982a97e381407b' 'bae5a952d9b92e7a0ccc82f2caac3578e0368ea6676f0a4bc69d3ce276ef4f70802888f882dda53f9eb8e52911fb31e09ef497188bcd630762e1c0f5293cc010' ) -_srcsum_i686="$(curl -s "${_sums_i686}" | grep "${_file_i686}" | grep sha512 | cut -d " " -f1)" -_srcsum_x86_64="$(curl -s "${_sums_x86_64}" | grep "${_file_x86_64}" | grep sha512 | cut -d " " -f1)" -sha512sums_i686=("${_srcsum_i686}" 'SKIP' 'SKIP') -sha512sums_x86_64=("${_srcsum_x86_64}" 'SKIP' 'SKIP') +_getsum_i686="$(curl -O ${_url_l10n}/${_sums_i686})" +_getsum_x86_64="$(curl -O ${_url_l10n}/${_sums_x86_64})" +sha512sums_i686=("$(grep ${_file_i686} ${_sums_i686} | grep sha512 | cut -d " " -f1)" 'SKIP' 'SKIP') +sha512sums_x86_64=("$(grep ${_file_x86_64} ${_sums_x86_64} | grep sha512 | cut -d " " -f1)" 'SKIP' 'SKIP') validpgpkeys=('14F26682D0916CDD81E37B6D61B7B526D98F0353') # Mozilla’s GnuPG release key pkgver() { - SRC_VER="${_name}-${_version}.en-US.linux-${CARCH}.txt" - curl -OR "${_url}/${SRC_VER}" - msg "${_version}.$(head -n1 ${SRC_VER} | cut -c -8)" - echo "${_version}.$(head -n1 ${SRC_VER} | cut -c -8)" + echo "${_version}.$(curl -s ${_url}/${_name}-${_version}.en-US.linux-${CARCH}.txt | head -n1 | cut -c -8)" } package() { OPT_PATH="/opt/${_full_name}" - # Loop (Firefox Hello) and GetPocket (Pocket proprietary service) extensions. - # Uncomment this line if you want to remove them, or use pacman NoExtract option. - #rm -rf ${_name}/browser/features/{loop@mozilla.org.xpi,firefox@getpocket.com.xpi} - # Install the package files install -d "${pkgdir}"/{usr/{bin,share/applications},opt} cp -r ${_name} "${pkgdir}/${OPT_PATH}" |