The following commit has been merged in the master branch:
commit f9b0d01949e798cb9ac9577cd269d580a94896a8
Author: James Vega <[email protected]>
Date: Tue Sep 20 21:05:27 2011 -0400
Remove support for PGP-style commands from debsign/debrsign.
Closes: #639204
Signed-off-by: James Vega <[email protected]>
diff --git a/debian/NEWS b/debian/NEWS
index b22f9d7..4045edf 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,10 @@
+devscripts (2.11.2) UNRELEASED; urgency=low
+
+ Support for pgp-style commands has been removed from debsign/debrsign. As
+ such, the DEBSIGN_SIGNLIKE configuration variable has also been removed.
+
+ -- James Vega <[email protected]> Tue, 20 Sep 2011 20:53:10 -0400
+
devscripts (2.10.54) unstable; urgency=low
manpage-alert now, as originally intended, prints out the full path to the
diff --git a/debian/changelog b/debian/changelog
index 9ef8f2e..1b17ec5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,11 @@ devscripts (2.11.2) UNRELEASED; urgency=low
* Remove the word "of" from the BSD 3 clause check, it might not be in
there.
+ [ James Vega ]
+ * Remove support for PGP-style commands from debsign/debrsign. (Closes:
+ #639204)
+ + DEBSIGN_SIGNLIKE config variable removed
+
-- Gerfried Fuchs <[email protected]> Fri, 26 Aug 2011 21:09:51 +0200
devscripts (2.11.1) unstable; urgency=low
diff --git a/scripts/debsign.1 b/scripts/debsign.1
index b66632a..c8dd237 100644
--- a/scripts/debsign.1
+++ b/scripts/debsign.1
@@ -47,9 +47,8 @@ directory. \fBscp\fR will be used for the copying. The
permitted as an alternative. Wildcards (\fB*\fR etc.) are allowed.
.TP
.B \-p\fIprogname\fR
-\fIprogname\fR is one of \fBpgp\fR or \fBgpg\fR, and specifies which
-signing program is to be called. The default is \fBgpg\fR if
-\fI~/.gnupg/secring.gpg\fR exists and \fBpgp\fR otherwise.
+When \fBdebsign\fR needs to execute GPG to sign it will run \fIprogname\fR
+(searching the \fBPATH\fR if necessary), instead of gpg.
.TP
.B \-m\fImaintainer\fR
Specify the maintainer name to be used for signing. (See
@@ -67,10 +66,6 @@ Same as \fB\-m\fR but takes precedence over it.
Specify the key ID to be used for signing; overrides any \fB\-m\fR
and \fB\-e\fR options.
.TP
-\fB\-spgp\fR, \fB\-sgpg\fR
-Whether the signing program is to be called with command line
-arguments like those of \fBpgp\fR or \fBgpg\fR.
-.TP
\fB\-S\fR
Look for a source-only \fI.changes\fR file instead of a binary-build
changes file.
@@ -118,10 +113,6 @@ purpose. The currently recognised variables are:
.B DEBSIGN_PROGRAM
Setting this is equivalent to giving a \fB\-p\fR option.
.TP
-.B DEBSIGN_SIGNLIKE
-This must be \fIgpg\fR or \fIpgp\fR and is equivalent to using either
-\fB\-sgpg\fR or \fB\-spgp\fR respectively.
-.TP
.B DEBSIGN_MAINT
This is the \fB\-m\fR option.
.TP
diff --git a/scripts/debsign.sh b/scripts/debsign.sh
index 0969bce..6030975 100755
--- a/scripts/debsign.sh
+++ b/scripts/debsign.sh
@@ -1,14 +1,12 @@
#! /bin/sh
-# This program is designed to PGP sign a .dsc and .changes file pair
+# This program is designed to GPG sign a .dsc and .changes file pair
# in the form needed for a legal Debian upload. It is based in part
# on dpkg-buildpackage. It takes one argument: the name of the
# .changes file. It also takes some options:
# -e<maintainer> Sign using key of <maintainer> (takes precedence over -m)
# -m<maintainer> Sign using key of <maintainer>
-# -k<key> The PGP/GPG key ID to use; overrides -m
-# -p<type> <type> is either pgp or gpg to specify which to use
-# -spgp,-sgpg The program takes arguments like pgp or gpg respectively
+# -k<key> The GPG key ID to use; overrides -m
# -S Source-only .changes file
# -a<arch> Debian architecture
# -t<type> GNU machine type
@@ -79,8 +77,6 @@ usage () {
such a case
-k<keyid> The key to use for signing
-p<sign-command> The command to use for signing
- -sgpg The sign-command is called like GPG
- -spgp The sign-command is called like PGP
-e<maintainer> Sign using key of <maintainer> (takes precedence over -m)
-m<maintainer> The same as -e
-S Use changes file made for source-only upload
@@ -176,37 +172,31 @@ signfile () {
ASCII_SIGNED_FILE="${UNSIGNED_FILE}.asc"
(cat "$1" ; echo "") > "$UNSIGNED_FILE"
- if [ $signinterface = gpg ]
- then
- gpgversion=`gpg --version | head -n 1 | cut -d' ' -f3`
- gpgmajorversion=`echo $gpgversion | cut -d. -f1`
- gpgminorversion=`echo $gpgversion | cut -d. -f2`
+ gpgversion=`$signcommand --version | head -n 1 | cut -d' ' -f3`
+ gpgmajorversion=`echo $gpgversion | cut -d. -f1`
+ gpgminorversion=`echo $gpgversion | cut -d. -f2`
- if [ $gpgmajorversion -gt 1 -o $gpgminorversion -ge 4 ]
- then
- $signcommand --local-user "$2" --clearsign \
- --list-options no-show-policy-urls \
- --armor --textmode --output "$ASCII_SIGNED_FILE"\
- "$UNSIGNED_FILE" || \
- { SAVESTAT=$?
- echo "$PROGNAME: gpg error occurred! Aborting...." >&2
- stty $savestty 2>/dev/null || true
- exit $SAVESTAT
- }
- else
- $signcommand --local-user "$2" --clearsign \
- --no-show-policy-url \
- --armor --textmode --output "$ASCII_SIGNED_FILE" \
- "$UNSIGNED_FILE" || \
- { SAVESTAT=$?
- echo "$PROGNAME: gpg error occurred! Aborting...." >&2
- stty $savestty 2>/dev/null || true
- exit $SAVESTAT
- }
- fi
+ if [ $gpgmajorversion -gt 1 -o $gpgminorversion -ge 4 ]
+ then
+ $signcommand --local-user "$2" --clearsign \
+ --list-options no-show-policy-urls \
+ --armor --textmode --output "$ASCII_SIGNED_FILE"\
+ "$UNSIGNED_FILE" || \
+ { SAVESTAT=$?
+ echo "$PROGNAME: $signcommand error occurred! Aborting...." >&2
+ stty $savestty 2>/dev/null || true
+ exit $SAVESTAT
+ }
else
- $signcommand -u "$2" +clearsig=on -fast \
- < "$UNSIGNED_FILE" > "$ASCII_SIGNED_FILE"
+ $signcommand --local-user "$2" --clearsign \
+ --no-show-policy-url \
+ --armor --textmode --output "$ASCII_SIGNED_FILE" \
+ "$UNSIGNED_FILE" || \
+ { SAVESTAT=$?
+ echo "$PROGNAME: $signcommand error occurred! Aborting...." >&2
+ stty $savestty 2>/dev/null || true
+ exit $SAVESTAT
+ }
fi
stty $savestty 2>/dev/null || true
echo
@@ -263,11 +253,10 @@ unset GREP_OPTIONS
# Boilerplate: set config variables
DEFAULT_DEBSIGN_ALWAYS_RESIGN=
DEFAULT_DEBSIGN_PROGRAM=
-DEFAULT_DEBSIGN_SIGNLIKE=
DEFAULT_DEBSIGN_MAINT=
DEFAULT_DEBSIGN_KEYID=
DEFAULT_DEBRELEASE_DEBS_DIR=..
-VARS="DEBSIGN_ALWAYS_RESIGN DEBSIGN_PROGRAM DEBSIGN_SIGNLIKE DEBSIGN_MAINT"
+VARS="DEBSIGN_ALWAYS_RESIGN DEBSIGN_PROGRAM DEBSIGN_MAINT"
VARS="$VARS DEBSIGN_KEYID DEBRELEASE_DEBS_DIR"
if [ "$1" = "--no-conf" -o "$1" = "--noconf" ]; then
@@ -295,12 +284,6 @@ else
set | egrep '^(DEBSIGN|DEBRELEASE|DEVSCRIPTS)_')
- # check sanity
- case "$DEBSIGN_SIGNLIKE" in
- gpg|pgp) ;;
- *) DEBSIGN_SIGNLIKE= ;;
- esac
-
# We do not replace this with a default directory to avoid accidentally
# signing a broken package
DEBRELEASE_DEBS_DIR="`echo \"$DEBRELEASE_DEBS_DIR\" | sed -e 's%/\+%/%g;
s%\(.\)/$%\1%;'`"
@@ -332,24 +315,15 @@ signcommand=''
if [ -n "$DEBSIGN_PROGRAM" ]; then
signcommand="$DEBSIGN_PROGRAM"
else
- if [ \( -n "$GNUPGHOME" -a -e "$GNUPGHOME" \) -o -e $HOME/.gnupg ] && \
- command -v gpg > /dev/null 2>&1; then
+ if command -v gpg > /dev/null 2>&1; then
signcommand=gpg
- elif command -v pgp > /dev/null 2>&1; then
- signcommand=pgp
fi
fi
-if [ -n "$DEBSIGN_SIGNLIKE" ]; then
- forcesigninterface="$DEBSIGN_SIGNLIKE"
-fi
-
while [ $# != 0 ]
do
value="`echo x\"$1\" | sed -e 's/^x-.//'`"
case "$1" in
- -spgp) forcesigninterface=pgp ;;
- -sgpg) forcesigninterface=gpg ;;
-p*) signcommand="$value" ;;
-m*) maint="$value" ;;
-e*) maint="$value" ;; # Order matters: -m before -e!
@@ -408,18 +382,7 @@ if ! [ -d "$debsdir" ]; then
fi
if [ -z "$signcommand" ]; then
- echo "Could not find a signing program (pgp or gpg)!" >&2
- exit 1
-fi
-
-if test -n "$forcesigninterface" ; then
- signinterface=$forcesigninterface
-else
- signinterface=$signcommand
-fi
-
-if [ "$signinterface" != gpg -a "$signinterface" != pgp ]; then
- echo "Unknown signing interface $signinterface; please specify -spgp or
-sgpg" >&2
+ echo "Could not find a signing program!" >&2
exit 1
fi
--
Git repository for devscripts
--
To unsubscribe, send mail to [email protected].
