Bug#757529: devscripts: script for diffing packages on snapshot.debian.org
On Mon, Aug 11, 2014 at 10:57 PM, James McCoy wrote: > On Sat, Aug 09, 2014 at 12:29:08PM -0400, Michael Gilbert wrote: >> Found out about debsnap today, which simplifies things a lot. Please >> see attached revision. > > Why not use dscverify to do the verification? A man page would also be > useful. Hi, Thanks for the suggestions. I've updated to use dscverify and written a manpage. Please see attached. Best wishes, Mike snapdiff.sh Description: Bourne shell script snapdiff.1 Description: Binary data ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
Bug#757529: devscripts: script for diffing packages on snapshot.debian.org
On Sat, Aug 09, 2014 at 12:29:08PM -0400, Michael Gilbert wrote: > Found out about debsnap today, which simplifies things a lot. Please > see attached revision. Why not use dscverify to do the verification? A man page would also be useful. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy signature.asc Description: Digital signature ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
Bug#757529: devscripts: script for diffing packages on snapshot.debian.org
On Sat, Aug 9, 2014 at 12:29 PM, Michael Gilbert wrote: > Found out about debsnap today, which simplifies things a lot. Please > see attached revision. And should solve the problems pointed out by Jakub (saw that just after pressing send, thanks for the review) since the munging is replaced by calls to debsnap. Best wishes, Mike ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
Bug#757529: devscripts: script for diffing packages on snapshot.debian.org
Found out about debsnap today, which simplifies things a lot. Please see attached revision. Best wishes, Mike snapdiff.sh Description: Bourne shell script ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
Bug#757529: devscripts: script for diffing packages on snapshot.debian.org
Hi Michael, This part doesn't look good: info=$(wget $url/mr/file/$hash/info -q -O-) name=$(echo $info | grep -Po '"'"name"'"\s*:\s*"\K([^"]*)') if test $name = $1_$2.dsc; then path=$(echo $info | grep -Po '"'"path"'"\s*:\s*"\K([^"]*)') date=$(echo $info | grep -Po '"'"first_seen"'"\s*:\s*"\K([^"]*)') dget --quiet --download-only $dget $url/archive/debian/$date$path/$1\_$2.dsc >&2 A MITM attacker could inject options to the dget command-line. Conveniently for the attacker, --build seems to take precedence over --download-only, so it can be abused to execute arbitrary code. -- Jakub Wilk ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
Bug#757529: devscripts: script for diffing packages on snapshot.debian.org
package: devscripts severity: wishlist version: 2.14.6 tags: patch I find myself often wanting to quickly diff two known package versions (without the hassle of website navigation), so I wrote a script to do it: snapdiff. I think a good home for it would be devscripts. Let me know what you think. Best wishes, Mike snapdiff.sh Description: Bourne shell script ___ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel