[whimsy] branch master updated: Always match sigs and hashes

[se...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new cb4639f  Always match sigs and hashes
cb4639f is described below

commit cb4639fd65b7b5f27ebb9e40e6abf52bb6097307
Author: Sebb <se...@apache.org>
AuthorDate: Tue Dec 1 12:17:53 2020 +0000

    Always match sigs and hashes
    
    Only warn for off-site binary hashes
---
 tools/download_check.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/tools/download_check.rb b/tools/download_check.rb
index 312bbc9..3f9ceba 100755
--- a/tools/download_check.rb
+++ b/tools/download_check.rb
@@ -234,7 +234,11 @@ def check_hash_loc(h,tlp)
     W "Unexpected hash location #{h} for #{tlp}" unless $vercheck[$3][0] == 'maven'
     return $2,$3,$4
   else
-    E "Unexpected hash location #{h} for #{tlp}"
+    if h =~ %r{-bin-}
+      W "Unexpected bin hash location #{h} for #{tlp}"
+    else
+      E "Unexpected hash location #{h} for #{tlp}"
+    end
     nil
   end
 end
@@ -448,7 +452,8 @@ def _checkDownloadPage(path, tlp, version)
 
   links.each do |h,t|
     # Must occur before mirror check below
-    if h =~ %r{^https?://(?:(?:archive\.|www\.)?apache\.org/dist|downloads\.apache\.org|repo\d?\.maven\.org/maven2/.+?)/(.+\.(asc|sha\d+|md5|sha))$}
+    # match all hashes and sigs here (invalid locations are detected later)
+    if h =~ %r{^https?://.+?/([^/]+\.(asc|sha\d+|md5|sha))$}
         base = File.basename($1)
         ext = $2
         stem = base[0..-(2+ext.length)]