[Reproducible-commits] [dpkg] 88/105: Dpkg::Source::Package: Include upstream orig tarball signatures

[Niko Tyni]

This is an automated email from the git hooks/post-receive script.

ntyni pushed a commit to branch ntyni/reproducible_builds
in repository dpkg.

commit c26060b71e8c69e2306fa570628b58ab306c99d8
Author: Guillem Jover <guillem at debian.org>
Date:   Wed Sep 2 13:37:53 2015 +0200

    Dpkg::Source::Package: Include upstream orig tarball signatures
    
    If there are upstream signatures for orig.tar files, pick them up and
    include them in the .dsc file.
    
    See: #759478
---
 debian/changelog                  | 2 ++
 man/dpkg-source.1                 | 8 ++++++++
 scripts/Dpkg/Source/Package/V1.pm | 3 +++
 scripts/Dpkg/Source/Package/V2.pm | 2 ++
 scripts/dpkg-genchanges.pl        | 1 +
 5 files changed, 16 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f828918..89d14a7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -114,6 +114,8 @@ dpkg (1.18.5) UNRELEASED; urgency=medium
       changelog entry header lines.
     - Allow detached upstream orig tarball signatures when extracting
       version 1.0 non-native source packages.
+    - Include upstream orig tarball signatures in source packages.
+      See #759478.
   * Build system:
     - Fix building development documentation.
     - Remove unused UA_LIBS variable.
diff --git a/man/dpkg-source.1 b/man/dpkg-source.1
index 389cf9e..3d1f1d7 100644
--- a/man/dpkg-source.1
+++ b/man/dpkg-source.1
@@ -282,6 +282,9 @@ deployment of those formats within Debian.
 A source package in this format consists either of a \fB.orig.tar.gz\fP
 associated to a \fB.diff.gz\fP or a single \fB.tar.gz\fP (in that case
 the package is said to be \fInative\fP).
+Optionally the original tarball might be accompanied by a detached
+upstream signature \fB.orig.tar.gz.asc\fP, extraction and building
+supported since dpkg 1.18.5.
 
 .B Extracting
 
@@ -456,6 +459,11 @@ an original tarball (\fB.orig.tar.\fP\fIext\fP where \fIext\fP can be
 tarballs (\fB.orig\-\fP\fIcomponent\fP\fB.tar.\fP\fIext\fP).
 \fIcomponent\fP can only contain alphanumeric characters and hyphens
 (\(oq\-\(cq).
+Optionally each original tarball can be accompanied by a detached
+upstream signature (\fB.orig.tar.\fP\fIext\fP\fB.asc\fP and
+\fB.orig\-\fP\fIcomponent\fP\fB.tar.\fP\fIext\fP\fB.asc\fP), extraction
+supported since dpkg 1.17.20, building supported since dpkg 1.18.5.
+
 .PP
 .B Extracting
 .PP
diff --git a/scripts/Dpkg/Source/Package/V1.pm b/scripts/Dpkg/Source/Package/V1.pm
index 5959b6e..8e5fa7f 100644
--- a/scripts/Dpkg/Source/Package/V1.pm
+++ b/scripts/Dpkg/Source/Package/V1.pm
@@ -345,6 +345,7 @@ sub do_build {
     }
 
     my ($tarname, $tardirname, $tardirbase);
+    my $tarsign;
     if ($sourcestyle ne 'n') {
 	my ($origdirname, $origdirbase) = fileparse($origdir);
 
@@ -357,6 +358,7 @@ sub do_build {
         $tardirname = $origdirname;
 
 	$tarname = $origtargz || "$basename.orig.tar.gz";
+	$tarsign = "$tarname.asc";
 	unless ($tarname =~ /\Q$basename\E\.orig\.tar\.gz/) {
 	    warning(g_('.orig.tar name %s is not <package>_<upstreamversion>' .
 	               '.orig.tar (wanted %s)'),
@@ -399,6 +401,7 @@ sub do_build {
     }
 
     $self->add_file($tarname) if $tarname;
+    $self->add_file($tarsign) if $tarsign and -e $tarsign;
 
     if ($sourcestyle =~ m/[kpKP]/) {
         if (stat($origdir)) {
diff --git a/scripts/Dpkg/Source/Package/V2.pm b/scripts/Dpkg/Source/Package/V2.pm
index 83611a3..6268b55 100644
--- a/scripts/Dpkg/Source/Package/V2.pm
+++ b/scripts/Dpkg/Source/Package/V2.pm
@@ -405,10 +405,12 @@ sub generate_patch {
             $tarfile = $file;
             push @origtarballs, $file;
             $self->add_file($file);
+            $self->add_file("$file.asc") if -e "$file.asc";
         } elsif ($file =~ /\.orig-([[:alnum:]-]+)\.tar\.$comp_ext_regex$/) {
             $addonfile{$1} = $file;
             push @origtarballs, $file;
             $self->add_file($file);
+            $self->add_file("$file.asc") if -e "$file.asc";
         }
     }
 
diff --git a/scripts/dpkg-genchanges.pl b/scripts/dpkg-genchanges.pl
index 0c47bd5..1455b5d 100755
--- a/scripts/dpkg-genchanges.pl
+++ b/scripts/dpkg-genchanges.pl
@@ -270,6 +270,7 @@ if (build_has_any(BUILD_SOURCE)) {
         $origsrcmsg = g_('not including original source code in upload');
         foreach my $f (grep { m/\.orig(-.+)?\.tar\.$ext$/ } $checksums->get_files()) {
             $checksums->remove_file($f);
+            $checksums->remove_file("$f.asc");
         }
     } else {
         if ($sourcestyle =~ m/d/ &&

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git