[Bug 1342938] [NEW] dpkg-sig --verify fails on packages compressed with xz

Wed, 16 Jul 2014 13:26:33 -0700 

Public bug reported:

On small packages, everything is hunky-dory:

$ apt-get download dpkg-sig
$ ar t dpkg-sig*deb
debian-binary
control.tar.gz
data.tar.gz
$ dpkg-sig --sign builder dpkg-sig_0.13.1+nmu1_all.deb
Processing dpkg-sig_0.13.1+nmu1_all.deb...
Signed deb dpkg-sig_0.13.1+nmu1_all.deb
$ dpkg-sig --verify dpkg-sig_0.13.1+nmu1_all.deb 
Processing dpkg-sig_0.13.1+nmu1_all.deb...
GOODSIG _gpgbuilder 9B9AB05C20B3C823F2F4BE92B5CA465083E11B33 1405541567

But on large packages, it's a bit pear-shaped:

$ apt-get download perl
$ ar t perl*deb
debian-binary
control.tar.gz
data.tar.xz
$ dpkg-sig --sign builder perl*deb
Processing perl_5.18.2-2ubuntu1_amd64.deb...
Signed deb perl_5.18.2-2ubuntu1_amd64.deb
$ dpkg-sig --verify perl*deb 
Processing perl_5.18.2-2ubuntu1_amd64.deb...
BADSIG _gpgbuilder

The following patch seems to fix the problem:

--- dpkg-sig-0.13.1+nmu1/dpkg-sig       2013-10-25 11:04:33.000000000 -0700
+++ dpkg-sig-0.13.1+nmu1.new/dpkg-sig   2014-07-16 13:03:15.103728779 -0700
@@ -634,7 +634,7 @@
        }
 
        return "FORCE_BAD" unless ($seen_files{"control.tar.gz"} &&
-                            $seen_files{"data.tar.gz"} &&
+                            ($seen_files{"data.tar.gz"} || 
$seen_files{"data.tar.xz"}) &&
                             $seen_files{"debian-binary"});
 
        return "GOOD";

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: dpkg-sig 0.13.1+nmu1
ProcVersionSignature: Ubuntu 3.13.0-30.55-generic 3.13.11.2
Uname: Linux 3.13.0-30-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Jul 16 13:04:46 2014
InstallationDate: Installed on 2014-04-07 (99 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Beta amd64 (20140326)
PackageArchitecture: all
SourcePackage: dpkg-sig
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: dpkg-sig (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342938

Title:
  dpkg-sig --verify fails on packages compressed with xz

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpkg-sig/+bug/1342938/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to