[devscripts] 01/02: Refactor code and add support for signing .buildinfo files directly

Ximin Luo infinity0 at debian.org
Thu Feb 16 17:45:54 UTC 2017


This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch pu/debsign-buildinfo
in repository devscripts.

commit 0b4258b893617d69d0a840da4bf2341299d5afb4
Author: Ximin Luo <infinity0 at debian.org>
Date:   Thu Feb 16 17:24:35 2017 +0100

    Refactor code and add support for signing .buildinfo files directly
---
 scripts/debsign.sh | 248 ++++++++++++++++++++++++++++++++---------------------
 1 file changed, 150 insertions(+), 98 deletions(-)

diff --git a/scripts/debsign.sh b/scripts/debsign.sh
index 91dd9b7..633ae52 100755
--- a/scripts/debsign.sh
+++ b/scripts/debsign.sh
@@ -27,6 +27,8 @@ set -e
 PRECIOUS_FILES=0
 PROGNAME=`basename $0`
 MODIFIED_CONF_MSG='Default settings modified by devscripts configuration files:'
+HAVE_SIGNED=""
+NUM_SIGNED=0
 
 # Temporary directories
 signingdir=""
@@ -160,11 +162,14 @@ mustsetvar () {
 # of dpkg-buildpackage, because we do not know all of the necessary
 # information when this function is read first.
 signfile () {
+    local type="$1"
+    local file="$2"
+    local signas="$3"
     local savestty=$(stty -g 2>/dev/null) || true
     mksigningdir
-    UNSIGNED_FILE="$signingdir/$(basename "$1")"
+    UNSIGNED_FILE="$signingdir/$(basename "$file")"
     ASCII_SIGNED_FILE="${UNSIGNED_FILE}.asc"
-    (cat "$1" ; echo "") > "$UNSIGNED_FILE"
+    (cat "$file" ; echo "") > "$UNSIGNED_FILE"
 
     gpgversion=`$signcommand --version | head -n 1 | cut -d' ' -f3`
     gpgmajorversion=`echo $gpgversion | cut -d. -f1`
@@ -172,7 +177,7 @@ signfile () {
 
     if [ $gpgmajorversion -gt 1 -o $gpgminorversion -ge 4 ]
     then
-	    $signcommand --local-user "$2" --clearsign \
+	    $signcommand --local-user "$signas" --clearsign \
 		--list-options no-show-policy-urls \
 		--armor --textmode --output "$ASCII_SIGNED_FILE"\
 		"$UNSIGNED_FILE" || \
@@ -182,7 +187,7 @@ signfile () {
 	      exit $SAVESTAT
 	    }
     else
-	    $signcommand --local-user "$2" --clearsign \
+	    $signcommand --local-user "$signas" --clearsign \
 		--no-show-policy-url \
 		--armor --textmode --output "$ASCII_SIGNED_FILE" \
 		"$UNSIGNED_FILE" || \
@@ -195,7 +200,9 @@ signfile () {
     stty $savestty 2>/dev/null || true
     echo
     PRECIOUS_FILES=$(($PRECIOUS_FILES + 1))
-    movefile "$ASCII_SIGNED_FILE" "$1"
+    HAVE_SIGNED="${HAVE_SIGNED:+${HAVE_SIGNED}, }$type"
+    NUM_SIGNED=$((NUM_SIGNED + 1))
+    movefile "$ASCII_SIGNED_FILE" "$file"
 }
 
 withecho () {
@@ -381,7 +388,10 @@ ensure_local_copy() {
     local type="$4"
     if [ -n "$remotehost" ]
     then
-	withecho scp "$remotehost:$remotefile" "$file"
+	if [ ! -f "$file" ]
+	then
+	    withecho scp "$remotehost:$remotefile" "$file"
+	fi
     fi
 
     if [ ! -f "$file" -o ! -r "$file" ]
@@ -487,6 +497,106 @@ guess_signas() {
     echo "${signkey:-$maintainer}"
 }
 
+maybesign_dsc() {
+    local signas="$1"
+    local remotehost="$2"
+    local remotedsc="$3"
+    local dsc="$4"
+
+    ensure_local_copy "$remotehost" "$remotedsc" "$dsc" dsc
+    if check_already_signed "$dsc" dsc; then
+	echo "Leaving current signature unchanged." >&2
+	return
+    fi
+
+    withecho signfile dsc "$dsc" "$signas"
+
+    if [ -n "$remotehost" ]
+    then
+	withecho scp "$dsc" "$remotehost:$remotedsc"
+	PRECIOUS_FILES=$(($PRECIOUS_FILES - 1))
+    fi
+}
+
+maybesign_buildinfo() {
+    local signas="$1"
+    local remotehost="$2"
+    local remotebuildinfo="$3"
+    local buildinfo="$4"
+    local remotedsc="$5"
+    local dsc="$6"
+
+    ensure_local_copy "$remotehost" "$remotebuildinfo" "$buildinfo" buildinfo
+    if check_already_signed "$buildinfo" "buildinfo"; then
+       echo "Leaving current signature unchanged." >&2
+       return
+    fi
+
+    if grep -q `basename "$dsc"` "$buildinfo"; then
+	maybesign_dsc "$signas" "$remotehost" "$remotedsc" "$dsc"
+	withtempfile buildinfo "$buildinfo" fixup_buildinfo "$dsc"
+    fi
+
+    withecho signfile buildinfo "$buildinfo" "$signas"
+
+    if [ -n "$remotehost" ]
+    then
+	withecho scp "$buildinfo" "$remotehost:$remotebuildinfo"
+	PRECIOUS_FILES=$(($PRECIOUS_FILES - 1))
+    fi
+}
+
+maybesign_changes() {
+    local signas="$1"
+    local remotehost="$2"
+    local remotechanges="$3"
+    local changes="$4"
+    local remotebuildinfo="$5"
+    local buildinfo="$6"
+    local remotedsc="$7"
+    local dsc="$8"
+
+    ensure_local_copy "$remotehost" "$remotechanges" "$changes" changes
+    if check_already_signed "$changes" "changes"; then
+	echo "Leaving current signature unchanged." >&2
+	return
+    fi
+
+    hasdsc="$(to_bool grep -q `basename "$dsc"` "$changes")"
+    hasbuildinfo="$(to_bool grep -q `basename "$buildinfo"` "$changes")"
+
+    if $hasbuildinfo; then
+	# assume that this will also sign the same dsc if it's available
+	maybesign_buildinfo "$signas" "$remotehost" \
+	    "$remotebuildinfo" "$buildinfo" \
+	    "$remotedsc" "$dsc"
+    elif $hasdsc; then
+	maybesign_dsc "$signas" "$remotehost" "$remotedsc" "$dsc"
+    fi
+
+    if $hasdsc; then
+	withtempfile changes "$changes" fixup_changes dsc "$dsc"
+    fi
+    if $hasbuildinfo; then
+	withtempfile changes "$changes" fixup_changes buildinfo "$buildinfo"
+    fi
+    withecho signfile changes "$changes" "$signas"
+
+    if [ -n "$remotehost" ]
+    then
+	withecho scp "$changes" "$remotehost:$remotechanges"
+	PRECIOUS_FILES=$(($PRECIOUS_FILES - 1))
+    fi
+}
+
+report_signed() {
+    if [ $NUM_SIGNED -eq 1 ]; then
+	echo "Successfully signed $HAVE_SIGNED file"
+    elif [ $NUM_SIGNED -gt 0 ]; then
+	echo "Successfully signed $HAVE_SIGNED files"
+    fi
+}
+
 dosigning() {
     # Do we have to download the changes file?
     if [ -n "$remotehost" ]
@@ -504,22 +614,13 @@ dosigning() {
 	dsc=`basename "$dsc"`
 	commands=`basename "$commands"`
 
-	if [ -n "$changes" ]
-	then
-	    if [ ! -f "$changes" ]
-	    then
-		withecho scp "$remotehost:$remotechanges" .
-	    fi
-	elif [ -n "$dsc" ]
-	then withecho scp "$remotehost:$remotedsc" "$dsc"
-	else withecho scp "$remotehost:$remotecommands" "$commands"
-	fi
-
 	if [ -n "$changes" ] && echo "$changes" | egrep -q '[][*?]'
 	then
+	    withecho scp "$remotehost:$remotechanges" .
 	    for changes in $changes
 	    do
 		printf "\n"
+		buildinfo="${remotedir+$remotedir/}${changes%.changes}.buildinfo"
 		dsc=`echo "${remotedir+$remotedir/}$changes" | \
 		    perl -pe 's/\.changes$/.dsc/; s/(.*)_(.*)_(.*)\.dsc/\1_\2.dsc/'`
 		dosigning;
@@ -528,71 +629,7 @@ dosigning() {
 	fi
     fi
 
-    if [ -n "$changes" ]
-    then
-	signas="$(guess_signas "$changes")"
-	hasdsc="$(to_bool grep -q `basename "$dsc"` "$changes")"
-	hasbuildinfo="$(to_bool grep -q `basename "$buildinfo"` "$changes")"
-
-	ensure_local_copy "" "" "$changes" changes
-	if check_already_signed "$changes" "changes"; then
-	   echo "Leaving current signature unchanged." >&2
-	else
-
-	    if $hasbuildinfo; then
-		ensure_local_copy "$remotehost" "$remotebuildinfo" "$buildinfo" buildinfo
-		if check_already_signed "$buildinfo" "buildinfo"; then
-		   echo "Leaving current signature unchanged." >&2
-		else
-		    if $hasdsc; then
-			ensure_local_copy "$remotehost" "$remotedsc" "$dsc" dsc
-			check_already_signed "$dsc" dsc || withecho signfile "$dsc" "$signas"
-			withtempfile "buildinfo" "$buildinfo" fixup_buildinfo "$dsc"
-			withtempfile "changes" "$changes" fixup_changes dsc "$dsc"
-		    fi
-		    withecho signfile "$buildinfo" "$signas"
-		    withtempfile "changes" "$changes" fixup_changes buildinfo "$buildinfo"
-		fi
-	    elif $hasdsc; then
-		ensure_local_copy "$remotehost" "$remotedsc" "$dsc" dsc
-		check_already_signed "$dsc" dsc || withecho signfile "$dsc" "$signas"
-		withtempfile "changes" "$changes" fixup_changes dsc "$dsc"
-	    fi
-
-	    withecho signfile "$changes" "$signas"
-	fi
-
-	case "$hasdsc $hasbuildinfo" in
-	"false false")
-	    filetypes="changes file"
-	    filessigned=1
-	    withecho_scp() { withecho scp "$changes" "$@"; }
-	    ;;
-	"true false")
-	    filetypes="dsc and changes files"
-	    filessigned=2
-	    withecho_scp() { withecho scp "$changes" "$dsc" "$@"; }
-	    ;;
-	"false true")
-	    filetypes="buildinfo and changes files"
-	    filessigned=2
-	    withecho_scp() { withecho scp "$changes" "$buildinfo" "$@"; }
-	    ;;
-	"true true")
-	    filetypes="dsc, buildinfo and changes files"
-	    filessigned=3
-	    withecho_scp() { withecho scp "$changes" "$buildinfo" "$dsc" "$@"; }
-	    ;;
-	esac
-
-	if [ -n "$remotehost" ]
-	then
-	    withecho_scp "$remotehost:$remotedir"
-	    PRECIOUS_FILES=$(($PRECIOUS_FILES - filessigned))
-	fi
-
-	echo "Successfully signed $filetypes"
-    elif [ -n "$commands" ] # sign .commands file
+    if [ -n "$commands" ] # sign .commands file
     then
 	if [ ! -f "$commands" -o ! -r "$commands" ]
 	then
@@ -600,6 +637,7 @@ dosigning() {
 	    exit 1
 	fi
 
+	ensure_local_copy "$remotehost" "$remotecommands" "$commands" commands
 	check_already_signed "$commands" commands && {
 	    echo "Leaving current signature unchanged." >&2
 	    return
@@ -651,7 +689,7 @@ for valid format" >&2;
 
 	signas="${signkey:-$maintainer}"
 
-	withecho signfile "$commands" "$signas"
+	withecho signfile commands "$commands" "$signas"
 
 	if [ -n "$remotehost" ]
 	then
@@ -659,24 +697,31 @@ for valid format" >&2;
 	    PRECIOUS_FILES=$(($PRECIOUS_FILES - 1))
 	fi
 
-	echo "Successfully signed commands file"
-    else # only a dsc file to sign; much easier
+	report_signed
+
+    elif [ -n "$changes" ]
+    then
 	signas="$(guess_signas "$changes")"
+	maybesign_changes "$signas" "$remotehost" \
+	    "$remotechanges" "$changes" \
+	    "$remotebuildinfo" "$buildinfo" \
+	    "$remotedsc" "$dsc"
+	report_signed
 
-	ensure_local_copy "" "" "$dsc" dsc
-	check_already_signed "$dsc" dsc && {
-	    echo "Leaving current signature unchanged." >&2
-	    return
-	}
-	withecho signfile "$dsc" "$signas"
+    elif [ -n "$buildinfo" ]
+    then
+	signas="$(guess_signas "$buildinfo")"
+	maybesign_buildinfo "$signas" "$remotehost" \
+	    "$remotebuildinfo" "$buildinfo" \
+	    "$remotedsc" "$dsc"
+	report_signed
 
-	if [ -n "$remotehost" ]
-	then
-	    withecho scp "$dsc" "$remotehost:$remotedsc"
-	    PRECIOUS_FILES=$(($PRECIOUS_FILES - 1))
-	fi
+    else
+	signas="$(guess_signas "$dsc")"
+	maybesign_dsc "$signas" "$remotehost" \
+	    "$remotedsc" "$dsc"
+	report_signed
 
-	echo "Successfully signed dsc file"
     fi
 }
 
@@ -725,7 +770,7 @@ case $# in
 	changes="$debsdir/$pva.changes"
 	if [ -n "$multiarch" -o ! -r $changes ]; then
 	    changes=$(ls "$debsdir/${package}_${sversion}_*+*.changes" "$debsdir/${package}_${sversion}_multi.changes" 2>/dev/null | head -1)
-	    # TODO: what about buildinfo?
+	    # TODO: dpkg-cross does not yet do buildinfo, so don't worry about it here
 	    if [ -z "$multiarch" ]; then
 		if [ -n "$changes" ]; then
 		    echo "$PROGNAME: could not find normal .changes file but found multiarch file:" >&2
@@ -752,6 +797,13 @@ case $# in
 		    dsc=$1
 		    commands=
 		    ;;
+	        *.buildinfo)
+		    changes=
+		    buildinfo=$1
+		    dsc=`echo $buildinfo | \
+			perl -pe 's/\.buildinfo$/.dsc/; s/(.*)_(.*)_(.*)\.dsc/\1_\2.dsc/'`
+		    commands=
+		    ;;
 	        *.changes)
 		    changes=$1
 		    buildinfo="${changes%.changes}.buildinfo"

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git



More information about the devscripts-devel mailing list