Hi, On Wed, Jun 25, 2008 at 07:13:47PM +0100, Adam D. Barratt wrote: > On Thu, 2008-06-26 at 01:37 +0900, Osamu Aoki wrote: > > But the root cause is debsign tries to create temporary file on the > > directory where files to be signed exist. There is no gurantee. We > > should use standard complying tempfile creation. Since some of the > > devscripts programs uses `tempfile` command, I followed as the > > attached patch (copyright donated to main authors of this script). > > debsign itself already uses mktemp, however :-)
Then just do somthing along: ASCII_SIGNED_FILE=`mktemp $1.XXXXXXXXXXX.asc` Both are good solution and will do without increasing dependency and do not assume any permission on unknown directory. (Some other devscripts uses tempfile.) > > This enables us to sign files as long as they are readable and writable file > > where ever they are as long as the file system is RW. > > Thanks for the patch. Unfortunately, the last hunk reverts a change that > was introduced in 2.10.28 to allow files with odd permissions to be > updated; specifically, this section: > > - mv -f -- "$1.asc" "$1" > + cat "$ASCII_SIGNED_FILE" > "$1" > > If the file is mode 444, for example, but in a directory to which the > user has write access, cat will fail to overwrite it, whilst the mv -f > will succeed; in the case you mention, the reverse is true. That is very odd which I do not care much. If that is important to be addressed, let's go pedantic with file type check. if [ -w "$1" ]; then cat "$ASCII_SIGNED_FILE" > "$1"; rm "$ASCII_SIGNED_FILE" elif [ -f "$1" ]; then rm "$1"; mv "$ASCII_SIGNED_FILE" "$1" else echo "You have to have file $1 to sign." ls -l $1 fi At least script is readable. Of course, defining function such repeat will be smarter thing to do. > There are a couple of places where the script will still fail with the > patch applied, for the same reasons as above: > > - after signing the .dsc - the .changes file is copied to a temporary > file (using mktemp), the size and checksums of the .dsc's entries in the > temporary file are updated and it's then moved back over the > original .changes (using mv -f) OK. > - if either the .dsc or .changes files are already signed then a > temporary copy without the signature is created and mved back > > I suspect all of the above would be solvable by something along the > lines of > > cat "$TEMPFILE" > "$1" 2> /dev/null || mv -f -- "$TEMPFILE" "$1" This is shorter ... > but that seems overly complicated. :-/ (the cat must be tried first, for > fairly obvious reasons). Or you can use "if [ -w "$1" ];...". Osamu -- To unsubscribe, send mail to [EMAIL PROTECTED]
