[devscripts] 01/01: uscan: if signature available
This is an automated email from the git hooks/post-receive script.
osamu pushed a commit to branch master
in repository devscripts.
commit bae7972c955d304599e84d44f37b29905d4fb36a
Author: Osamu Aoki
Date: Sun Aug 20 15:28:18 2017 +0900
uscan: if signature available
Thanks Maximiliano Curia
---
scripts/uscan.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index 1584bc7..458e40e 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -3762,7 +3762,7 @@ EOF
push @cmd, "--signature", $signature_available
if ($signature_available != 0);
push @cmd, "--signature-file", "$destdir/$sigfile"
-if ($signature_available == 1 and $signature_available == 2);
+if ($signature_available != 0);
push @cmd, "--repack" if $options{'repack'};
push @cmd, "--component", $options{'component'} if defined
$options{'component'};
push @cmd, "--compression", $compression;
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/collab-maint/devscripts.git
___
devscripts-devel mailing list
devscripts-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
[devscripts] branch master updated (6e112e4 -> bae7972)
This is an automated email from the git hooks/post-receive script. osamu pushed a change to branch master in repository devscripts. from 6e112e4 uscan, mk-origtargz: detached signature handling new bae7972 uscan: if signature available The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: scripts/uscan.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
Processed: Bug#870281 marked as pending
Processing commands for cont...@bugs.debian.org: > tag 870281 pending Bug #870281 [devscripts] uscan: symlink/rename detached upstream signature files when symlinking/renaming the orig file Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 870281: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870281 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
Processed: Bug#832267 marked as pending
Processing commands for cont...@bugs.debian.org: > tag 832267 pending Bug #832267 [devscripts] uupdate: convert .sig to .asc Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 832267: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832267 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
[devscripts] 03/05: uscan: reorganize to handle self-signature on tar.gz
This is an automated email from the git hooks/post-receive script.
osamu pushed a commit to branch master
in repository devscripts.
commit 90e7504e7584486d8fb1e64c9ee7b66536d112a8
Author: Osamu Aoki
Date: Sun Aug 20 03:01:40 2017 +0900
uscan: reorganize to handle self-signature on tar.gz
---
scripts/uscan.pl | 63 +---
1 file changed, 37 insertions(+), 26 deletions(-)
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index b20f714..1584bc7 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -3481,6 +3481,8 @@ EOF
# Download tarball
my $download_available;
+my $signature_available;
+my $sigfile;
my $sigfile_base = $newfile_base;
if ($options{'pgpmode'} ne 'previous') {
# try download package
@@ -3507,8 +3509,36 @@ EOF
$download_available = 0;
dehs_verbose "Not downloading upstream package: $newfile_base\n";
}
+}
+if ($options{'pgpmode'} eq 'self') {
+ $gpghome = tempdir(CLEANUP => 1);
+ $sigfile_base =~ s/^(.*?)\.[^\.]+$/$1/; # drop .gpg, .asc, ...
+ if ($signature == -1) {
+ uscan_warn("SKIP Checking OpenPGP signature (by request).\n");
+ $download_available = -1; # can't proceed with self-signature
archive
+ $signature_available = 0;
+ } elsif (! defined $keyring) {
+ uscan_die("FAIL Checking OpenPGP signature (no keyring).\n");
+ } elsif ($download_available == 0) {
+ uscan_warn "FAIL Checking OpenPGP signature (no signed upstream
tarball downloaded).\n";
+ return 1;
+ } else {
+ uscan_verbose "Verifying OpenPGP self signature of $newfile_base
and extract $sigfile_base\n";
+ unless (system($havegpg, '--homedir', $gpghome,
+ '--no-options', '-q', '--batch', '--no-default-keyring',
+ '--keyring', $keyring, '--trust-model', 'always',
'--decrypt', '-o',
+ "$destdir/$sigfile_base", "$destdir/$newfile_base") >> 8 ==
0) {
+ uscan_die("OpenPGP signature did not verify.\n");
+ }
+ # XXX FIXME XXX extract signature as detached signature to
$destdir/$sigfile
+ $sigfile = $newfile_base; # XXX FIXME XXX place holder
+ $newfile_base = $sigfile_base;
+ $signature_available = 3;
+ }
+}
+if ($options{'pgpmode'} ne 'previous') {
# Decompress archive if requested and applicable
- if ($download_available and $options{'decompress'}) {
+ if ($download_available == 1 and $options{'decompress'}) {
my $suffix = $sigfile_base;
$suffix =~ s/.*?(\.gz|\.xz|\.bz2|\.lzma)?$/$1/;
if ($suffix eq '.gz') {
@@ -3552,8 +3582,6 @@ EOF
# Download signature
my $pgpsig_url;
-my $sigfile;
-my $signature_available;
if (($options{'pgpmode'} eq 'default' or $options{'pgpmode'} eq 'auto')
and $signature == 1) {
uscan_verbose "Start checking for common possible upstream OpenPGP
signature files\n";
foreach my $suffix (qw(asc gpg pgp sig sign)) {
@@ -3649,27 +3677,6 @@ EOF
$previous_newversion = $newversion;
$previous_download_available = $download_available;
} elsif ($options{'pgpmode'} eq 'self') {
- $gpghome = tempdir(CLEANUP => 1);
- $newfile_base = $sigfile_base;
- $newfile_base =~ s/^(.*?)\.[^\.]+$/$1/;
- if ($signature == -1) {
- uscan_warn("SKIP Checking OpenPGP signature (by request).\n");
- } elsif (! defined $keyring) {
- uscan_die("FAIL Checking OpenPGP signature (no keyring).\n");
- } elsif ($download_available == 0) {
- uscan_warn "FAIL Checking OpenPGP signature (no signed upstream
tarball downloaded).\n";
- return 1;
- } else {
- uscan_verbose "Verifying OpenPGP self signature of $sigfile_base
and extract $newfile_base\n";
- unless (system($havegpg, '--homedir', $gpghome,
- '--no-options', '-q', '--batch', '--no-default-keyring',
- '--keyring', $keyring, '--trust-model', 'always',
'--decrypt', '-o',
- "$destdir/$newfile_base", "$destdir/$sigfile_base") >> 8 ==
0) {
- uscan_die("OpenPGP signature did not verify.\n");
- }
- # XXX FIXME XXX extract signature as detached signature to
$destdir/$sigfile_base
- $signature_available = 3;
- }
$previous_newfile_base = undef;
$previous_sigfile_base = undef;
$previous_newversion = undef;
@@ -3714,6 +3721,10 @@ EOF
uscan_warn "No upstream tarball downloaded. No further processing with
mk_origtargz ...\n";
return 1;
}
+if ($download_available == -1) {
+ uscan_warn "No upstream tarball unpacked from self signature file. No
further processing with mk_origtargz ...\n";
+ return 1;
+}
if ($signature_available == 1 a
[devscripts] 04/05: mk-origtargz: initial signature handling
This is an automated email from the git hooks/post-receive script.
osamu pushed a commit to branch master
in repository devscripts.
commit ec71d9feb04adc1a73471b24d09289e59e925cb8
Author: Osamu Aoki
Date: Sun Aug 20 05:00:08 2017 +0900
mk-origtargz: initial signature handling
---
scripts/mk-origtargz.pl | 55 +
1 file changed, 55 insertions(+)
diff --git a/scripts/mk-origtargz.pl b/scripts/mk-origtargz.pl
index d8eaf70..6bd0be5 100644
--- a/scripts/mk-origtargz.pl
+++ b/scripts/mk-origtargz.pl
@@ -104,6 +104,28 @@ Both the B<--exclude-file> and B<--copyright-file> options
amend the list of
patterns found in F. If you do not want to read that file,
you will have to use B<--package>.
+=item B<--signature> I
+
+Set I:
+
+=over
+
+=item 0 for no signature
+
+=item 1 for normal detached signature
+
+=item 2 for signature on decompressed
+
+=item 3 for self signature
+
+=back
+
+=item B<--signature-file> I
+
+Use I as the signature file corresponding to the Debian source
+package to create a B (post-stretch) compatible signature file.
+(optional)
+
=back
=head2 Action options
@@ -227,6 +249,9 @@ my $suffix = '';
my $upstream = undef;
+my $signature = 0;
+my $signature_file = "";
+
# option parsing
sub die_opts ($) {
@@ -247,6 +272,8 @@ GetOptions(
"component|c=s" => \$component,
"exclude-file=s" => \@exclude_globs,
"copyright-file=s" => \@copyright_files,
+"signature=i" => \$signature,
+"signature-file=s" => \$signature_file,
"compression=s" => \$compression,
"symlink" => \&setmode,
"rename" => \&setmode,
@@ -386,6 +413,10 @@ if ($is_tarfile and not $repack) {
}
}
+# Gather information about the signature file.
+
+my $is_ascfile = $signature_file =~ /\.asc$/i;
+my $is_gpgfile = $signature_file =~ /\.(gpg|pgp|sig|sign)$/i;
# Now we know what the final filename will be
my $destfilebase = sprintf "%s_%s.%s.tar", $package, $version, $orig;
@@ -393,6 +424,30 @@ my $destfiletar = sprintf "%s/%s", $destdir, $destfilebase;
my $destext = compression_get_property($compression, "file_ext");
my $destfile = sprintf "%s.%s", $destfiletar, $destext;
+my $destsigfile;
+if ($signature == 1) {
+$destsigfile = sprintf "%s.asc", $destfile;
+} elsif ($signature == 2) {
+$destsigfile = sprintf "%s.asc", $destfiletar;
+} else {
+# XXX FIXME XXX place holder
+$destsigfile = sprintf "%s.asc", $destfile;
+}
+
+if ($signature != 0) {
+if ($is_gpgfile) {
+ my $enarmor = `gpg --output - --enarmor $signature_file 2>&1`;
+ $? == 0 or die "mk-origtargz: Failed to convert $signature_file to
*.asc\n";
+ $enarmor =~ s/ARMORED FILE/SIGNATURE/;
+ $enarmor =~ /^Comment:/d;
+ open(DESTSIG, ">> $destsigfile") or die "mk-origtargz: Failed to open
$destsigfile for append: $!\n";
+ print DESTSIG $enarmor;
+} else {
+ if (abs_path($signature_file) ne abs_path($destsigfile)) {
+ copy $signature_file, $destsigfile;
+ }
+}
+}
# $upstream_tar is $upstream, unless the latter was a zip file.
my $upstream_tar = $upstream;
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/collab-maint/devscripts.git
___
devscripts-devel mailing list
devscripts-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
[devscripts] 01/05: uscan: MUT, allow "orig-" in the filename
This is an automated email from the git hooks/post-receive script. osamu pushed a commit to branch master in repository devscripts. commit b7c55eef6716b9c78bb28349434a7e942be8bcca Author: Osamu Aoki Date: Sun Aug 20 01:36:00 2017 +0900 uscan: MUT, allow "orig-" in the filename --- scripts/uscan.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/uscan.pl b/scripts/uscan.pl index 7d1c738..2cb803a 100755 --- a/scripts/uscan.pl +++ b/scripts/uscan.pl @@ -3744,7 +3744,7 @@ EOF $path = $1 if $mk_origtargz_out =~ /Successfully .* (?:to|as) ([^,]+)(?:,.*)?\.$/; $path = $1 if $mk_origtargz_out =~ /Leaving (.*) where it is/; $target = basename($path); - $common_mangled_newversion = $1 if $target =~ m/[^_]+_(.+)\.orig\.tar\.(?:gz|bz2|lzma|xz)$/; + $common_mangled_newversion = $1 if $target =~ m/[^_]+_(.+)\.orig(?:-.+)?\.tar\.(?:gz|bz2|lzma|xz)$/; uscan_verbose "New orig.tar.* tarball version (after mk-origtargz): $common_mangled_newversion\n"; } push @origtars, $target; -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
[devscripts] 02/05: uscan: Copy and rename signature
This is an automated email from the git hooks/post-receive script.
osamu pushed a commit to branch master
in repository devscripts.
commit 0932c8b42293a5f82cb0b4fbbc1cc6388e00699f
Author: Osamu Aoki
Date: Sun Aug 20 01:32:22 2017 +0900
uscan: Copy and rename signature
Currently support only if the upstream sign with a detached signature
---
scripts/uscan.pl | 30 +-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index 2cb803a..b20f714 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -3507,7 +3507,6 @@ EOF
$download_available = 0;
dehs_verbose "Not downloading upstream package: $newfile_base\n";
}
-
# Decompress archive if requested and applicable
if ($download_available and $options{'decompress'}) {
my $suffix = $sigfile_base;
@@ -3668,6 +3667,8 @@ EOF
"$destdir/$newfile_base", "$destdir/$sigfile_base") >> 8 ==
0) {
uscan_die("OpenPGP signature did not verify.\n");
}
+ # XXX FIXME XXX extract signature as detached signature to
$destdir/$sigfile_base
+ $signature_available = 3;
}
$previous_newfile_base = undef;
$previous_sigfile_base = undef;
@@ -3713,7 +3714,30 @@ EOF
uscan_warn "No upstream tarball downloaded. No further processing with
mk_origtargz ...\n";
return 1;
}
+if ($signature_available == 1 and $options{'decompress'}) {
+ $signature_available = 2;
+}
+#
+# upstream tar file and, if available, signature file are downloaded
+# by parsing a watch file line.
+#
+# upstream tarball: $destdir/$newfile_base -- original tar.gz-like
+# upstream tarball: $destdir/$sigfile_base -- decompressed tar if
requested
+# * for pgpmode=self-- the tarball as gpg
extracted
+# * for other cases -- the tarball as downloaded
+# signature file: $destdir/$sigfile"
+# * for $signature_available = 0-- no signature file
+# * for $signature_available = 1-- normal signature file
+# * for $signature_available = 2-- signature file on
decompressed
+# * for $signature_available = 3-- non-detached signature
(XXX FIXME XXX)
+# If pgpmode=self case in the above is fixed, below
+# " and ($options{'pgpmode'} ne 'self')" may be dropped.
+# New version after making the new orig[-component].tar.gz:
+# $common_mangled_newversion
+# -- this is true when repacksuffix isn't used.
+#
# Call mk-origtargz (renames, repacks, etc.)
+#
my $mk_origtargz_out;
my $path = "$destdir/$newfile_base";
my $target = $newfile_base;
@@ -3724,6 +3748,10 @@ EOF
push @cmd, '--repack-suffix', $options{repacksuffix} if defined
$options{repacksuffix};
push @cmd, "--rename" if $symlink eq "rename";
push @cmd, "--copy" if $symlink eq "copy";
+ push @cmd, "--signature $signature_available"
+if ($signature_available != 0);
+ push @cmd, "--signature-file $destdir/$sigfile"
+if ($signature_available == 1 and $signature_available == 2);
push @cmd, "--repack" if $options{'repack'};
push @cmd, "--component", $options{'component'} if defined
$options{'component'};
push @cmd, "--compression", $compression;
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/collab-maint/devscripts.git
___
devscripts-devel mailing list
devscripts-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
[devscripts] 05/05: uscan, mk-origtargz: detached signature handling
This is an automated email from the git hooks/post-receive script. osamu pushed a commit to branch master in repository devscripts. commit 6e112e42c28ae567a5565f33261bd769a2d98455 Author: Osamu Aoki Date: Sun Aug 20 06:51:16 2017 +0900 uscan, mk-origtargz: detached signature handling This leaves us with the non-detached signature handling as remaining task. --- debian/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/debian/changelog b/debian/changelog index 26b6214..70be47e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -27,6 +27,9 @@ devscripts (2.17.10) UNRELEASED; urgency=medium + Fix example URL for pagemangle. Closes: #864914 + Set $origcount to 0 for each watch file. Closes: #840232 + Don't fail on pgpmode=auto. Closes: #852537 ++ Rename and convert the detached signature with updated mk-origtargz. + * mk-origtargz ++ Rename and convert the detached signature. Closes: #832267, #870281 -- Mattia Rizzolo Tue, 25 Jul 2017 14:18:24 +0200 -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
[devscripts] branch master updated (d3582de -> 6e112e4)
This is an automated email from the git hooks/post-receive script. osamu pushed a change to branch master in repository devscripts. from d3582de uscan: reset count for each watchfile new b7c55ee uscan: MUT, allow "orig-" in the filename new 0932c8b uscan: Copy and rename signature new 90e7504 uscan: reorganize to handle self-signature on tar.gz new ec71d9f mk-origtargz: initial signature handling new 6e112e4 uscan, mk-origtargz: detached signature handling The 5 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: debian/changelog| 3 ++ scripts/mk-origtargz.pl | 55 +++ scripts/uscan.pl| 87 +++-- 3 files changed, 121 insertions(+), 24 deletions(-) -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
How to handle upstream tarbell signature
Hi, I was trying to update uscan and realized few problems which are not addressed by the discussion here. There are many things to consider. On Fri, Aug 18, 2017 at 02:43:58PM +0200, Mattia Rizzolo wrote: > On Fri, Aug 18, 2017 at 07:48:24AM -0400, Daniel Kahn Gillmor wrote: > > I confess that i've been taking the boring/silly/cheating way out and if > > upstream ships a detached binary signature as foo-1.2.3.tar.gz.sig, i've > > just been manually renaming it to foo_1.2.3.orig.tar.gz.asc (without > > even converting its contents to ASCII-armored form) and the rest of the > > toolchain seems to just happily accept it -- it'd be even nicer if dpkg > > and/or uscan was to normalize the contents to match the file extension. > > That's because TTBOMK there is *nothing* atm actually validating that > file, and AFAIK (please correct me if I'm wrong) dpkg-source just picks > up whatever file, no matter the contents. If the watch file is properly configured, uscan verifies signature. You should have upstream keyring stored in debian/upstream/signing-key.asc > > Lastly, it's conceivable that we might want to take an already-armored > > .asc, and "launder" the armor, to stabilize it (e.g. stripping > > non-cryptographically-relevant comments, other weird OpenPGP packets, > > etc, which could all be stuffed into the detached signature). > > I'd love if something did this for me, pretty much like I'd love > something like that does a pretty output to debian/upstream/signing-key > like > https://sources.debian.net/src/inkscape/0.92.2-1/debian/upstream/signing-key.asc/ > (that's > https://anonscm.debian.org/git/reproducible/misc.git/tree/dump-gpg-keys.sh) > > IOW: Guillem: I second merging that sig→asc converter into dpkg-source! > :) 1. There are different ways of signature * files used * detached signature gpg -sb (easy) * non-detached signature gpg -s(No answer) * format used * binary (.gpg, ...) (easy but who convert) * ascii (.asc) (easy) 2. What to do if upstream is repacked. * uscan can confirm but where to put the result in case it is repacked. * If we leave upstream keyring at debian/upstream/signing-key.asc, it has no value to the generated Debian packages. (A new *.asc can be added by maintainer but that's its useless since we upload with signed *.dsc. We need to look into debian/copyright to see if this is repacked or not. But people may use different way to repack. So it is confusing to have keyring. There should be clear way to identify if it is repackaged or not easily.) Does anyone have clear idea on "gpg -s" case for 1 and answer for 2? These affects how I write uscan. Osamu ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
