-
Alad Wenter authored
If package builds are skipped (because the names are already in the local repository, create_package=0), but the signatures are sparse, running `gpg` in `$var_tmp` ensures that the build user (--user) always has write access, and that `gpg` does not operate directly on the local repository. [1] Furthermore, only write to the result file after the packages were moved successfully to the local repository (`create_package=1`). [1] The multiple cases that need to be considered are formulated in the small proof below. %<--------- let $PWD == $var_tmp, $db_root != $var_tmp, $p absolute path to package, $p_base = basename $p assumption: --sign not specified to makepkg (otherwise, $var_tmp already contains a signature) package existing, signature in local repo we have: ! -f $p_base.sig => ! -f $p_base.sig [preserve signature] -f $p.sig ! -f $p_base -f $p package existing, no signature in local repo we have: ! -f $p_base.sig => -f $p_base.sig [write new signature] ! -f $p.sig ! -f $p_base -f $p new package was built, basename identical to entry in local repo (--rebuild) we have: ! -f $p_base.sig => -f $p_base.sig -f $p.sig -f $p_base -f $p new package was built, basename does not exist in local repo we have: ! -f $p_base.sig => -f $p_base.sig ! -f $p.sig -f $p_base ! -f $p89a603a1
