You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2020/12/01 12:18:09 UTC
[whimsy] branch master updated: Always match sigs and hashes
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new cb4639f Always match sigs and hashes
cb4639f is described below
commit cb4639fd65b7b5f27ebb9e40e6abf52bb6097307
Author: Sebb <se...@apache.org>
AuthorDate: Tue Dec 1 12:17:53 2020 +0000
Always match sigs and hashes
Only warn for off-site binary hashes
---
tools/download_check.rb | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tools/download_check.rb b/tools/download_check.rb
index 312bbc9..3f9ceba 100755
--- a/tools/download_check.rb
+++ b/tools/download_check.rb
@@ -234,7 +234,11 @@ def check_hash_loc(h,tlp)
W "Unexpected hash location #{h} for #{tlp}" unless $vercheck[$3][0] == 'maven'
return $2,$3,$4
else
- E "Unexpected hash location #{h} for #{tlp}"
+ if h =~ %r{-bin-}
+ W "Unexpected bin hash location #{h} for #{tlp}"
+ else
+ E "Unexpected hash location #{h} for #{tlp}"
+ end
nil
end
end
@@ -448,7 +452,8 @@ def _checkDownloadPage(path, tlp, version)
links.each do |h,t|
# Must occur before mirror check below
- if h =~ %r{^https?://(?:(?:archive\.|www\.)?apache\.org/dist|downloads\.apache\.org|repo\d?\.maven\.org/maven2/.+?)/(.+\.(asc|sha\d+|md5|sha))$}
+ # match all hashes and sigs here (invalid locations are detected later)
+ if h =~ %r{^https?://.+?/([^/]+\.(asc|sha\d+|md5|sha))$}
base = File.basename($1)
ext = $2
stem = base[0..-(2+ext.length)]