You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by he...@apache.org on 2022/04/28 19:02:16 UTC
svn commit: r1900368 - /spamassassin/trunk/sa-update.raw
Author: hege
Date: Thu Apr 28 19:02:15 2022
New Revision: 1900368
URL: http://svn.apache.org/viewvc?rev=1900368&view=rev
Log:
Improve docs and --install errors
Modified:
spamassassin/trunk/sa-update.raw
Modified: spamassassin/trunk/sa-update.raw
URL: http://svn.apache.org/viewvc/spamassassin/trunk/sa-update.raw?rev=1900368&r1=1900367&r2=1900368&view=diff
==============================================================================
--- spamassassin/trunk/sa-update.raw (original)
+++ spamassassin/trunk/sa-update.raw Thu Apr 28 19:02:15 2022
@@ -626,10 +626,10 @@ foreach my $channel (@channels) {
my $GPG;
if ($instfile) {
- dbg("channel: using --install files $instfile\{,.sha256,.sha512,.asc\}");
+ dbg("channel: using --install files $instfile\{,.asc,.sha512,.sha256\}");
$content = read_install_file($instfile);
- if ( -s "$instfile.sha512" ) { $SHA512 = read_install_file($instfile.".sha512"); }
- if ( -s "$instfile.sha256" ) { $SHA256 = read_install_file($instfile.".sha256"); }
+ if ( -f "$instfile.sha512" ) { $SHA512 = read_install_file($instfile.".sha512"); }
+ if ( -f "$instfile.sha256" ) { $SHA256 = read_install_file($instfile.".sha256"); }
$GPG = read_install_file($instfile.".asc") if $GPG_ENABLED;
} else { # not an install file, obtain fresh rules from network
@@ -863,7 +863,11 @@ foreach my $channel (@channels) {
}
unless ($content && (($GPG_ENABLED && $GPG) || (!$GPG_ENABLED && ($SHA512 || $SHA256)))) {
- channel_failed("channel '$channel': could not find working mirror");
+ if ($instfile) {
+ channel_failed("channel '$channel': missing checksum files $instfile\{,.sha512,.sha256\}");
+ } else {
+ channel_failed("channel '$channel': could not find working mirror");
+ }
next;
}
@@ -1297,6 +1301,7 @@ sub read_install_file {
my $all;
{ local $/ = undef; $all = <IN> }
close IN or die "cannot close $file: $!";
+ defined $all && $all ne '' or die "empty file $file\n";
return $all;
}
@@ -2014,9 +2019,9 @@ Options:
Use multiple times for multiple channels
--channelfile file Retrieve updates from the channels in the file
--checkonly Check for update availability, do not install
- --install filename Install updates directly from this file. Signature
- verification will use "file.asc", "file.sha256",
- and "file.sha512".
+ --install file Install updates directly from this file. Signature
+ verification will use "file.asc", or "file.sha512"
+ or "file.sha256".
--allowplugins Allow updates to load plugin code (DANGEROUS)
--gpgkey key Trust the key id to sign releases
Use multiple times for multiple keys
@@ -2055,8 +2060,9 @@ configuration, based on channels. The d
I<updates.spamassassin.org>, which has updated rules since the previous
release.
-Update archives are verified using SHA256 and SHA512 hashes and GPG signatures,
-by default.
+Update archives are verified using GPG signatures by default. If GPG is
+disabled (not recommended), file integrity is checked with SHA512 or SHA256
+checksums.
Note that C<sa-update> will not restart C<spamd> or otherwise cause
a scanner to reload the now-updated ruleset automatically. Instead,
@@ -2104,10 +2110,10 @@ The exit code will be C<0> or C<1> as de
Install updates "offline", from the named tar.gz file, instead of performing
DNS lookups and HTTP invocations.
-Files named B<file>.sha256, B<file>.sha512, and B<file>.asc will be used for
-the SHA256 and SHA512 hashes and the GPG signature, respectively. The filename
-provided must contain a version number of at least 3 digits, which will be used
-as the channel's update version number.
+Files named B<file>.asc, B<file>.sha512, or B<file>.sha256 will be used for
+GPG signature, and the SHA256 and SHA512 checksums, respectively. The
+filename provided must contain a version number of at least 3 digits, which
+will be used as the channel's update version number.
Multiple B<--channel> switches cannot be used with B<--install>. To install
multiple channels from tarballs, run C<sa-update> multiple times with different