romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-18 23:05:37 +03:00
Code Issues Projects Releases Packages Wiki Activity
39022 commits 20 branches 229 tags 262 MiB
Commit graph

5 commits

Author SHA1 Message Date
Daniel Stenberg
7f57aeec40
verify-release: don't unpack in git repo 
- Clarify that the tarball to verify should be put in the same dir you
  run the script.

- Verify that the curl version number in the file name matches the
  version number within the tarball. To reduce risk for mistakes.

- When verifying using git, do not unpack the tarball. It avoids the
  security risk with malicious tarball contents playing tricks on git.

- Only unpack the tarball for git-less verfication.

- Move the source tarball into _tarballs/ instead of overwriting it,
  which can be useful in case the verification fails

Closes #22032
 2026-06-15 22:35:33 +02:00
Daniel Stenberg
6ce740403e
verify-release: verify more thoroughly with git 
If the script is invoked in a git repository it verifies the tarball
better.

Closes #22018
 2026-06-15 15:44:08 +02:00
Viktor Szakats
a8e46c5ab1
verify-release: update to avoid shellcheck warning SC2034 
```
SC2034: dl appears unused
```

Also to shorten the code.

Closes #19449
 2025-11-10 16:06:48 +01:00
Daniel Stenberg
ed2850456c
configure: fail if PSL is not disabled but not found 
Regression since 9b3f67e (shipped in 8.7.0)
Reported-by: Ryan Carsten Schmidt
Fixes #14373
Assisted-by: Viktor Szakats
Closes #14379
 2024-08-05 08:33:58 +02:00
Daniel Stenberg
86039e6e42
verify-release: shell script that verifies a release tarball 
This script remakes a provided curl release and verifies that the newly
built version is identical to the original file.

Due to bugs in releases up to and including curl 8.9.1, it does not work
on tarballs generated before commit 754acd1a9d.

Closes #14350
 2024-08-02 23:05:41 +02:00