[Reproducible-commits] [dpkg] 19/105: dpkg: Search for debsig-verify in PATH instead of using an absolute path

Niko Tyni ntyni at moszumanska.debian.org
Mon May 2 13:49:48 UTC 2016 

This is an automated email from the git hooks/post-receive script.

ntyni pushed a commit to branch ntyni/reproducible_builds
in repository dpkg.

commit 94e11e11b5a77d3be7b049316971a9b617b5cc54
Author: Guillem Jover <guillem at debian.org>
Date:   Sun Mar 15 00:41:59 2015 +0100

    dpkg: Search for debsig-verify in PATH instead of using an absolute path
    
    Check that the command exists in the PATH before using it. This makes it
    future proof, and friendlier to other systems that might not be using
    the same filesystem layout.
    
    It also makes it possible to use a local debsig-verify in a path such as
    /usr/local/bin.
---
 debian/changelog | 1 +
 lib/dpkg/dpkg.h  | 2 +-
 src/unpack.c     | 7 ++++---
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 4cbdffe..dd063e4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -43,6 +43,7 @@ dpkg (1.18.5) UNRELEASED; urgency=medium
     Closes: #719845
     - Use it with dpkg --recursive option.
   * Unify start-stop-daemon --help output with the rest of the tools.
+  * Search for debsig-verify in PATH instead of using an absolute path.
   * Portability:
     - Move DPKG_ADMINDIR environment variable name out from update-alternatives
       code, to make life easier for non-dpkg-based systems.
diff --git a/lib/dpkg/dpkg.h b/lib/dpkg/dpkg.h
index 769a302..c7ada8a 100644
--- a/lib/dpkg/dpkg.h
+++ b/lib/dpkg/dpkg.h
@@ -104,7 +104,7 @@ DPKG_BEGIN_DECLS
 #define DPKGSTAT	"dpkg-statoverride"
 #define DPKGTRIGGER	"dpkg-trigger"
 #define DPKG		"dpkg"
-#define DEBSIGVERIFY	"/usr/bin/debsig-verify"
+#define DEBSIGVERIFY	"debsig-verify"
 
 #define RM		"rm"
 #define CAT		"cat"
diff --git a/src/unpack.c b/src/unpack.c
index 8d10cc5..04594da 100644
--- a/src/unpack.c
+++ b/src/unpack.c
@@ -129,17 +129,18 @@ deb_reassemble(const char **filename, const char **pfilename)
 static void
 deb_verify(const char *filename)
 {
-  struct stat stab;
   pid_t pid;
 
-  if (stat(DEBSIGVERIFY, &stab) < 0)
+  /* We have to check on every unpack, in case the debsig-verify package
+   * gets installed or removed. */
+  if (!find_command(DEBSIGVERIFY))
     return;
 
   printf(_("Authenticating %s ...\n"), filename);
   fflush(stdout);
   pid = subproc_fork();
   if (!pid) {
-    execl(DEBSIGVERIFY, DEBSIGVERIFY, "-q", filename, NULL);
+    execlp(DEBSIGVERIFY, DEBSIGVERIFY, "-q", filename, NULL);
     ohshite(_("unable to execute %s (%s)"),
             _("package signature verification"), DEBSIGVERIFY);
   } else {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list