[dpkg] 149/200: dpkg-buildpackage: Make --unsigned-changes not sign .buildinfo either
Ximin Luo
infinity0 at debian.org
Wed Apr 5 15:17:31 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch master
in repository dpkg.
commit 5124722df07abb3f440221c28bc578ed82844446
Author: Guillem Jover <guillem at debian.org>
Date: Sat Jan 28 00:04:33 2017 +0100
dpkg-buildpackage: Make --unsigned-changes not sign .buildinfo either
There was no option to disable signing globally, so many users and
tools rely on the two existing options to disable it. But with the
introduction of signed .buildinfo files, there is no way for old tools
to request the right thing.
Abuse --unsigned-changes to mean not signing .buildinfo either.
Closes: #852822
---
debian/changelog | 3 +++
man/dpkg-buildpackage.man | 6 ++++--
scripts/dpkg-buildpackage.pl | 3 ++-
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 9363b7e..919cc8c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ dpkg (1.18.20) UNRELEASED; urgency=medium
[ Guillem Jover ]
* Add a new --no-sign option to dpkg-buildpackage, to make it possible to
disable all signing in a future-proof way.
+ * Make dpkg-buildpackage --unsigned-changes not sign .buildinfo either.
+ This breaks the expectations of users and tools, because there was no
+ way previously to request no signing at all. Closes: #852822
* Perl modules:
- Mask the machine bits for SH and MIPS in the ELF processor flags in
Dpkg::Shlibs::Objdump. These do not define the ABI, and make the
diff --git a/man/dpkg-buildpackage.man b/man/dpkg-buildpackage.man
index 98f2ab1..712a447 100644
--- a/man/dpkg-buildpackage.man
+++ b/man/dpkg-buildpackage.man
@@ -94,7 +94,8 @@ It runs the \fBsign\fP hook and calls \fBgpg2\fP or \fBgpg\fP (as long as it
is not an UNRELEASED build, or \-\-no\-sign is specified) to sign the
\fB.dsc\fP file (if any, unless
\fB\-us\fP or \fB\-\-unsigned\-source\fP is specified), the \fB.buildinfo\fP
-file (unless \fB\-ui\fP or \fB\-\-unsigned\-buildinfo\fP is specified) and
+file (unless \fB\-ui\fP, \fB\-\-unsigned\-buildinfo\fP,
+\fB\-uc\fP or \fB\-\-unsigned\-changes\fP is specified) and
the \fB.changes\fP file (unless \fB\-uc\fP or \fB\-\-unsigned\-changes\fP
is specified).
.IP \fB12.\fP 3
@@ -402,7 +403,8 @@ Do not sign the source package (long option since dpkg 1.18.8).
Do not sign the \fB.buildinfo\fP file (since dpkg 1.18.19).
.TP
.BR \-uc ", " \-\-unsigned\-changes
-Do not sign the \fB.changes\fP file (long option since dpkg 1.18.8).
+Do not sign the \fB.buildinfo\fP and \fB.changes\fP files
+(long option since dpkg 1.18.8).
.TP
.B \-\-no\-sign
Do not sign any file, this includes the source package, the \fB.buildinfo\fP
diff --git a/scripts/dpkg-buildpackage.pl b/scripts/dpkg-buildpackage.pl
index 0afb977..60e01f5 100755
--- a/scripts/dpkg-buildpackage.pl
+++ b/scripts/dpkg-buildpackage.pl
@@ -104,7 +104,7 @@ sub usage {
-ap, --sign-pause add pause before starting signature process.
-us, --unsigned-source unsigned source package.
-ui, --unsigned-buildinfo unsigned .buildinfo file.
- -uc, --unsigned-changes unsigned .changes file.
+ -uc, --unsigned-changes unsigned .buildinfo and .changes file.
--no-sign do not sign any file.
--force-sign force signing the resulting files.
--admindir=<directory> change the administrative directory.
@@ -264,6 +264,7 @@ while (@ARGV) {
} elsif (/^-ui$/ or /^--unsigned-buildinfo$/) {
$signbuildinfo = 0;
} elsif (/^-uc$/ or /^--unsigned-changes$/) {
+ $signbuildinfo = 0;
$signchanges = 0;
} elsif (/^-ap$/ or /^--sign-pausa$/) {
$signpause = 1;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list