<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.30.3">
</HEAD>
<BODY>
<BR>
<BLOCKQUOTE TYPE=CITE>
<PRE>
Here's a proposed pseudo-code:
If not safetybelt-off; then
do-checksum
mesg checksum
if checksum-match-fail (including no stored checksum at all); then
unpack-waf
error "waf checksum failed. inspect unpacked waf, and if ok
store above calculated checksum as debian/waf.sha1sum
and remove the unpacked files"
else
warning "WARNING: waf file is executed without prior inspection!
this might be unsafe - you have been warned...!"
</PRE>
</BLOCKQUOTE>
It's now implemented in waf.mk.in.<BR>
unpack is done by a separate python script. (still must I test it on various waf versions).<BR>
<BR>
I just have a little concern : the messages are drawn in too many output since I do the tests with shell if and everything is echoed.<BR>
I could put all those test and unpacking in a separate shell script and echo only what I need. Or do you prefer implementation only in makefile ?<BR>
<BR>
regards<BR>
Rémi
</BODY>
</HTML>