[devscripts] 03/05: uscan: reorganize to handle self-signature on tar.gz

Sat Aug 19 21:55:36 UTC 2017

This is an automated email from the git hooks/post-receive script.

osamu pushed a commit to branch master
in repository devscripts.

commit 90e7504e7584486d8fb1e64c9ee7b66536d112a8
Author: Osamu Aoki <osamu at debian.org>
Date:   Sun Aug 20 03:01:40 2017 +0900

    uscan: reorganize to handle self-signature on tar.gz
---
 scripts/uscan.pl | 63 +++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 37 insertions(+), 26 deletions(-)

diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index b20f714..1584bc7 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -3481,6 +3481,8 @@ EOF
 
     # Download tarball
     my $download_available;
+    my $signature_available;
+    my $sigfile;
     my $sigfile_base = $newfile_base;
     if ($options{'pgpmode'} ne 'previous') {
 	# try download package
@@ -3507,8 +3509,36 @@ EOF
 	    $download_available = 0;
 	    dehs_verbose "Not downloading upstream package: $newfile_base\n";
 	}
+    }
+    if ($options{'pgpmode'} eq 'self') {
+	$gpghome = tempdir(CLEANUP => 1);
+	$sigfile_base =~ s/^(.*?)\.[^\.]+$/$1/; # drop .gpg, .asc, ...
+	if ($signature == -1) {
+	    uscan_warn("SKIP Checking OpenPGP signature (by request).\n");
+	    $download_available = -1; # can't proceed with self-signature archive
+	    $signature_available = 0;
+	} elsif (! defined $keyring) {
+	    uscan_die("FAIL Checking OpenPGP signature (no keyring).\n");
+	} elsif ($download_available == 0) {
+	    uscan_warn "FAIL Checking OpenPGP signature (no signed upstream tarball downloaded).\n";
+	    return 1;
+	} else {
+	    uscan_verbose "Verifying OpenPGP self signature of $newfile_base and extract $sigfile_base\n";
+	    unless (system($havegpg, '--homedir', $gpghome,
+		    '--no-options', '-q', '--batch', '--no-default-keyring',
+		    '--keyring', $keyring, '--trust-model', 'always', '--decrypt', '-o',
+		    "$destdir/$sigfile_base", "$destdir/$newfile_base") >> 8 == 0) {
+		uscan_die("OpenPGP signature did not verify.\n");
+	    }
+	    # XXX FIXME XXX extract signature as detached signature to $destdir/$sigfile
+	    $sigfile = $newfile_base; # XXX FIXME XXX place holder
+	    $newfile_base = $sigfile_base;
+	    $signature_available = 3;
+	}
+    }
+    if ($options{'pgpmode'} ne 'previous') {
 	# Decompress archive if requested and applicable
-	if ($download_available and $options{'decompress'}) {
+	if ($download_available == 1 and $options{'decompress'}) {
 	    my $suffix = $sigfile_base;
 	    $suffix =~ s/.*?(\.gz|\.xz|\.bz2|\.lzma)?$/$1/;
 	    if ($suffix eq '.gz') {
@@ -3552,8 +3582,6 @@ EOF
 
     # Download signature
     my $pgpsig_url;
-    my $sigfile;
-    my $signature_available;
     if (($options{'pgpmode'} eq 'default' or $options{'pgpmode'} eq 'auto') and $signature == 1) {
 	uscan_verbose "Start checking for common possible upstream OpenPGP signature files\n";
 	foreach my $suffix (qw(asc gpg pgp sig sign)) {
@@ -3649,27 +3677,6 @@ EOF
 	$previous_newversion = $newversion;
 	$previous_download_available = $download_available;
     } elsif ($options{'pgpmode'} eq 'self') {
-	$gpghome = tempdir(CLEANUP => 1);
-	$newfile_base = $sigfile_base;
-	$newfile_base =~ s/^(.*?)\.[^\.]+$/$1/;
-	if ($signature == -1) {
-	    uscan_warn("SKIP Checking OpenPGP signature (by request).\n");
-	} elsif (! defined $keyring) {
-	    uscan_die("FAIL Checking OpenPGP signature (no keyring).\n");
-	} elsif ($download_available == 0) {
-	    uscan_warn "FAIL Checking OpenPGP signature (no signed upstream tarball downloaded).\n";
-	    return 1;
-	} else {
-	    uscan_verbose "Verifying OpenPGP self signature of $sigfile_base and extract $newfile_base\n";
-	    unless (system($havegpg, '--homedir', $gpghome,
-		    '--no-options', '-q', '--batch', '--no-default-keyring',
-		    '--keyring', $keyring, '--trust-model', 'always', '--decrypt', '-o',
-		    "$destdir/$newfile_base", "$destdir/$sigfile_base") >> 8 == 0) {
-		uscan_die("OpenPGP signature did not verify.\n");
-	    }
-	    # XXX FIXME XXX extract signature as detached signature to $destdir/$sigfile_base
-	    $signature_available = 3;
-	}
 	$previous_newfile_base = undef;
 	$previous_sigfile_base = undef;
 	$previous_newversion = undef;
@@ -3714,6 +3721,10 @@ EOF
 	uscan_warn "No upstream tarball downloaded.  No further processing with mk_origtargz ...\n";
 	return 1;
     }
+    if ($download_available == -1) {
+	uscan_warn "No upstream tarball unpacked from self signature file.  No further processing with mk_origtargz ...\n";
+	return 1;
+    }
     if ($signature_available == 1 and $options{'decompress'}) {
 	$signature_available = 2;
     }
@@ -3748,9 +3759,9 @@ EOF
 	push @cmd, '--repack-suffix', $options{repacksuffix} if defined $options{repacksuffix};
 	push @cmd, "--rename" if $symlink eq "rename";
 	push @cmd, "--copy"   if $symlink eq "copy";
-	push @cmd, "--signature $signature_available" 
+	push @cmd, "--signature", $signature_available
             if ($signature_available != 0);
-	push @cmd, "--signature-file $destdir/$sigfile" 
+	push @cmd, "--signature-file", "$destdir/$sigfile" 
             if ($signature_available == 1 and $signature_available == 2);
 	push @cmd, "--repack" if $options{'repack'};
 	push @cmd, "--component", $options{'component'} if defined $options{'component'};

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git

