[devscripts] 03/04: explicitly dearmor, rather than --import upstream signing key

James McCoy jamessan at debian.org
Sat Jan 3 14:49:43 UTC 2015 

This is an automated email from the git hooks/post-receive script.

jamessan pushed a commit to branch master
in repository devscripts.

commit 73de654226354b50af6911ab5e34ab85c8b6f03a
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Thu Nov 6 12:08:31 2014 -0500

    explicitly dearmor, rather than --import upstream signing key
    
    gnupg 2.1 handles --import by generating a pubring.kbx file, not a
    pubring.gpg file.  So when gnupg 2.1 is installed verifying upstream
    signatures failed when the upstream signing key was ascii-armored.
    
    With this patch, we explicitly dearmor the .asc, rather than relying
    on side effects that aren't true for all gpg versions.
    
    Signed-off-by: James McCoy <jamessan at debian.org>
---
 debian/changelog | 4 ++++
 scripts/uscan.pl | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 94864fa..e36f634 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,10 @@ devscripts (2.15.1+exp1) UNRELEASED; urgency=medium
   [ Dominique Dumont ]
   * licensecheck: handle license like GPL version 2 or 3 (which is not GPL-2+)
 
+  [ Daniel Kahn Gillmor ]
+  * uscan: explicitly dearmor, rather than --import upstream signing key
+    (Closes: #768345)
+
  -- James McCoy <jamessan at debian.org>  Sat, 03 Jan 2015 00:47:36 -0500
 
 devscripts (2.15.1) unstable; urgency=medium
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index c8038fc..bd1a851 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -872,9 +872,10 @@ sub process_watchline ($$$$$$)
 		}
 		# Need to convert an armored key to binary for use by gpgv
 		$gpghome = tempdir(CLEANUP => 1);
-		spawn(exec => [$havegpg, '--homedir', $gpghome, '--no-options', '-q', '--batch', '--no-default-keyring', '--import', $keyring],
+		my $newkeyring = "$gpghome/trustedkeys.gpg";
+		spawn(exec => [$havegpg, '--homedir', $gpghome, '--no-options', '-q', '--batch', '--no-default-keyring', '--output', $newkeyring, '--dearmor', $keyring],
 		      wait_child => 1);
-		$keyring = "$gpghome/pubring.gpg";
+		$keyring = $newkeyring
 	    }
 	}
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git

More information about the devscripts-devel mailing list