[Reproducible-commits] [dpkg] 87/105: Dpkg::Source::Package::V1: Allow detached upstream orig tarball signatures

Niko Tyni ntyni at moszumanska.debian.org
Mon May 2 13:49:56 UTC 2016 

This is an automated email from the git hooks/post-receive script.

ntyni pushed a commit to branch ntyni/reproducible_builds
in repository dpkg.

commit d01212f2d7e59fc713c66b5d60421ac2296c1463
Author: Guillem Jover <guillem at debian.org>
Date:   Sat Apr 23 18:34:31 2016 +0200

    Dpkg::Source::Package::V1: Allow detached upstream orig tarball signatures
    
    Upstream orig tarballs usually come with detached signatures, which would
    be useful to have in the source package, as an additional check that could
    be performed to verify its integrity and provenance.
    
    Fixes: #759478
    Suggested-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
 debian/changelog                  | 2 ++
 scripts/Dpkg/Source/Package/V1.pm | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f7a178c..f828918 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -112,6 +112,8 @@ dpkg (1.18.5) UNRELEASED; urgency=medium
       in Dpkg::Source::Package.
     - Handle undef versions in Dpkg::Changelog from empty versions in
       changelog entry header lines.
+    - Allow detached upstream orig tarball signatures when extracting
+      version 1.0 non-native source packages.
   * Build system:
     - Fix building development documentation.
     - Remove unused UA_LIBS variable.
diff --git a/scripts/Dpkg/Source/Package/V1.pm b/scripts/Dpkg/Source/Package/V1.pm
index 45b0522..5959b6e 100644
--- a/scripts/Dpkg/Source/Package/V1.pm
+++ b/scripts/Dpkg/Source/Package/V1.pm
@@ -164,10 +164,13 @@ sub do_extract {
 
     # V1.0 only supports gzip compression
     my ($tarfile, $difffile);
+    my $tarsign;
     foreach my $file ($self->get_files()) {
 	if ($file =~ /^(?:\Q$basename\E\.orig|\Q$basenamerev\E)\.tar\.gz$/) {
             error(g_('multiple tarfiles in v1.0 source package')) if $tarfile;
             $tarfile = $file;
+        } elsif ($file =~ /^\Q$basename\E\.orig\.tar\.gz\.asc$/) {
+            $tarsign = $file;
 	} elsif ($file =~ /^\Q$basenamerev\E\.diff\.gz$/) {
 	    $difffile = $file;
 	} else {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list