[devscripts] 01/01: uscan: check for likely upstream signatures if none are known (Closes: #732449)
Paul Wise
pabs at moszumanska.debian.org
Thu May 8 12:01:59 UTC 2014
This is an automated email from the git hooks/post-receive script.
pabs pushed a commit to branch master
in repository devscripts.
commit 663fd42238ef75d1e6ba0735164fbbcf6f861f76
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Thu May 8 19:54:10 2014 +0800
uscan: check for likely upstream signatures if none are known (Closes: #732449)
Make uscan try to fetch the usual suffixes (.asc, .gpg, .pgp, .sig)
appended to the tarball URL to see if we can find a likely-looking
cryptographic signature.
If one is found, uscan suggests that the package maintainer to investigate
it and encourage them set up future checks.
---
debian/changelog | 3 +++
scripts/uscan.pl | 10 ++++++++++
2 files changed, 13 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index b81e48f..88784ad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,9 @@ devscripts (2.14.2) UNRELEASED; urgency=medium
* Use HTTPS for the buildd logs to avoid a redirect
* Fix scraping of the wnpp web pages due to https links
+ [ Daniel Kahn Gillmor ]
+ * uscan: check for likely upstream signatures if none are known (Closes: #732449)
+
[ Cyril Brulebois ]
* deb-reversion: Add support for udebs. (Closes: #739437)
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index 90eec82..8ea1942 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -1449,6 +1449,16 @@ EOF
'--keyring', $keyring,
"$destdir/$newfile_base.pgp", "$destdir/$newfile_base") >> 8 == 0
or uscan_die("$progname warning: OpenPGP signature did not verify.\n");
+ } else {
+ print "-- Checking for common possible upsteam OpenPGP signatures\n" if $verbose;
+ foreach my $suffix (qw(asc gpg pgp sig)) {
+ my $sigrequest = HTTP::Request->new('GET' => "$upstream_url.$suffix");
+ my $sigresponse = $user_agent->request($sigrequest);
+ if ($sigresponse->is_success()) {
+ uscan_warn "$pkg: Possible OpenPGP signature found at:\n $upstream_url.$suffix.\n Please consider adding opts=pgpsigurlmangle=s/\$/.$suffix/\n to debian/watch. see uscan(1) for more details.\n";
+ last;
+ }
+ }
}
# Call mk-origtargz (renames, repacks, etc.)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git
More information about the devscripts-devel
mailing list