[Reproducible-commits] [dpkg] 40/105: Dpkg::Source::Package: Error out on sources w/o any strong digest
Niko Tyni
ntyni at moszumanska.debian.org
Mon May 2 13:49:50 UTC 2016
This is an automated email from the git hooks/post-receive script.
ntyni pushed a commit to branch ntyni/reproducible_builds
in repository dpkg.
commit 040973c7a1e50b78ef042ef5ffbfff0440c24700
Author: Guillem Jover <guillem at debian.org>
Date: Wed Mar 23 10:25:47 2016 +0100
Dpkg::Source::Package: Error out on sources w/o any strong digest
This is used by dpkg-source --extract, which can still be disabled with
--no-check.
---
debian/changelog | 3 +++
scripts/Dpkg/Source/Package.pm | 7 ++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 9b379c8..dc4ad16 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -76,6 +76,9 @@ dpkg (1.18.5) UNRELEASED; urgency=medium
- Add new functions to validate and parse architecture names in Dpkg::Arch.
- Make the dependency parser more strict in Dpkg::Deps. Closes: #784806
- Add strong digest marking support to Dpkg::Checksums.
+ - Error out on source packages without any strong digests in
+ Dpkg::Source::Package, used by dpkg-source --extract, which can still
+ be disabled with --no-check.
* Build system:
- Fix building development documentation.
- Remove unused UA_LIBS variable.
diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm
index de48bc6..9abe444 100644
--- a/scripts/Dpkg/Source/Package.pm
+++ b/scripts/Dpkg/Source/Package.pm
@@ -328,15 +328,20 @@ sub get_files {
Verify the checksums embedded in the DSC file. It requires the presence of
the other files constituting the source package. If any inconsistency is
-discovered, it immediately errors out.
+discovered, it immediately errors out. It will make sure at least one strong
+checksum is present.
=cut
sub check_checksums {
my $self = shift;
my $checksums = $self->{checksums};
+
# add_from_file verify the checksums if they are already existing
foreach my $file ($checksums->get_files()) {
+ if (not $checksums->has_strong_checksums($file)) {
+ error(g_('source package uses only weak checksums'));
+ }
$checksums->add_from_file($self->{basedir} . $file, key => $file);
}
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list