[dpkg] 170/192: Dpkg::Source::Package: Auto-convert binary signatures to OpenPGP ASCII Armor
Ximin Luo
infinity0 at debian.org
Tue Oct 17 11:04:15 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch pu/reproducible_builds
in repository dpkg.
commit 0b1391fd2c30e9ad955fde84c90c30509877b5c4
Author: Guillem Jover <guillem at debian.org>
Date: Sun Aug 20 02:22:16 2017 +0200
Dpkg::Source::Package: Auto-convert binary signatures to OpenPGP ASCII Armor
When we are building a source package, if we find a binary signature in
the form of a .sig file, we should try to auto-convert it to the format
that we expect to include in the source package, which is an OpenPGP
ASCII Armor.
---
debian/changelog | 2 +
scripts/Dpkg/OpenPGP.pm | 80 +++++++++++++++++++++
scripts/Dpkg/Source/Package/V1.pm | 4 ++
scripts/Dpkg/Source/Package/V2.pm | 7 ++
scripts/Makefile.am | 5 ++
scripts/po/POTFILES.in | 1 +
scripts/t/Dpkg_OpenPGP.t | 56 +++++++++++++++
.../t/Dpkg_OpenPGP/package_1.0.orig.tar | 0
scripts/t/Dpkg_OpenPGP/package_1.0.orig.tar.asc | 16 +++++
scripts/t/Dpkg_OpenPGP/package_1.0.orig.tar.sig | Bin 0 -> 566 bytes
10 files changed, 171 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index be4d7d5..f2230e3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -102,6 +102,8 @@ dpkg (1.19.0) UNRELEASED; urgency=medium
method, by storing the first character in a variable.
- Optimize field/value parsing in Dpkg::Control::HashCore parse method,
by switching from a capturing regex to split() plus a checking regex.
+ - Auto-convert binary signatures to OpenPGP ASCII Armor in
+ Dpkg::Source::Package when building source packages.
* Documentation:
- Document currently accepted syntax for changelogs in deb-changelog(5).
Closes: #858579
diff --git a/scripts/Dpkg/OpenPGP.pm b/scripts/Dpkg/OpenPGP.pm
new file mode 100644
index 0000000..858d3ef
--- /dev/null
+++ b/scripts/Dpkg/OpenPGP.pm
@@ -0,0 +1,80 @@
+# Copyright © 2017 Guillem Jover <guillem at debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+package Dpkg::OpenPGP;
+
+use strict;
+use warnings;
+
+use Exporter qw(import);
+use File::Copy;
+
+use Dpkg::Gettext;
+use Dpkg::ErrorHandling;
+use Dpkg::Path qw(find_command);
+
+our $VERSION = '0.01';
+our @EXPORT = qw(
+ openpgp_sig_to_asc
+);
+
+sub openpgp_sig_to_asc
+{
+ my ($sig, $asc) = @_;
+
+ if (-e $sig) {
+ my $is_openpgp_ascii_armor = 0;
+
+ open my $fh_sig, '<', $sig or syserr(g_('cannot open %s'), $sig);
+ while (<$fh_sig>) {
+ if (m/^-----BEGIN PGP /) {
+ $is_openpgp_ascii_armor = 1;
+ last;
+ }
+ }
+ close $fh_sig;
+
+ if ($is_openpgp_ascii_armor) {
+ notice(g_('signature file is already OpenPGP ASCII armor, copying'));
+ copy($sig, $asc);
+ return;
+ }
+
+ if (not find_command('gpg')) {
+ warning(g_('cannot OpenPGP ASCII armor signature file due to missing gpg'));
+ }
+
+ open my $fh_asc, '>', $asc
+ or syserr(g_('cannot create signature file %s'), $asc);
+ open my $fh_gpg, '-|', 'gpg', '-o', '-', '--enarmor', $sig
+ or syserr(g_('cannot execute %s program'), 'gpg');
+ while (my $line = <$fh_gpg>) {
+ next if $line =~ m/^Comment: /;
+
+ $line =~ s/ARMORED FILE/SIGNATURE/;
+
+ print { $fh_asc } $line;
+ }
+
+ close $fh_gpg or subprocerr('gpg');
+ close $fh_asc or syserr(g_('cannot write signature file %s'), $asc);
+
+ return $sig;
+ }
+
+ return;
+}
+
+1;
diff --git a/scripts/Dpkg/Source/Package/V1.pm b/scripts/Dpkg/Source/Package/V1.pm
index 10d33b4..e7748c0 100644
--- a/scripts/Dpkg/Source/Package/V1.pm
+++ b/scripts/Dpkg/Source/Package/V1.pm
@@ -36,6 +36,7 @@ use Dpkg::Source::Patch;
use Dpkg::Exit qw(push_exit_handler pop_exit_handler);
use Dpkg::Source::Functions qw(erasedir);
use Dpkg::Source::Package::V3::Native;
+use Dpkg::OpenPGP;
use parent qw(Dpkg::Source::Package);
@@ -409,6 +410,9 @@ sub do_build {
}
$self->add_file($tarname) if $tarname;
+ if (-e "$tarname.sig" and not -e "$tarname.asc") {
+ openpgp_sig_to_asc("$tarname.sig", "$tarname.asc");
+ }
$self->add_file($tarsign) if $tarsign and -e $tarsign;
if ($sourcestyle =~ m/[kpKP]/) {
diff --git a/scripts/Dpkg/Source/Package/V2.pm b/scripts/Dpkg/Source/Package/V2.pm
index 4abb786..818e32d 100644
--- a/scripts/Dpkg/Source/Package/V2.pm
+++ b/scripts/Dpkg/Source/Package/V2.pm
@@ -42,6 +42,7 @@ use Dpkg::Source::Functions qw(erasedir is_binary fs_time);
use Dpkg::Vendor qw(run_vendor_hook);
use Dpkg::Control;
use Dpkg::Changelog::Parse;
+use Dpkg::OpenPGP;
use parent qw(Dpkg::Source::Package);
@@ -408,11 +409,17 @@ sub _generate_patch {
$tarfile = $file;
push @origtarballs, $file;
$self->add_file($file);
+ if (-e "$file.sig" and not -e "$file.asc") {
+ openpgp_sig_to_asc("$file.sig", "$file.asc");
+ }
$self->add_file("$file.asc") if -e "$file.asc";
} elsif ($file =~ /\.orig-([[:alnum:]-]+)\.tar\.$comp_ext_regex$/) {
$addonfile{$1} = $file;
push @origtarballs, $file;
$self->add_file($file);
+ if (-e "$file.sig" and not -e "$file.asc") {
+ openpgp_sig_to_asc("$file.sig", "$file.asc");
+ }
$self->add_file("$file.asc") if -e "$file.asc";
}
}
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 3dac552..28bb4a7 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -89,6 +89,7 @@ nobase_dist_perllib_DATA = \
Dpkg/Interface/Storable.pm \
Dpkg/IPC.pm \
Dpkg/Lock.pm \
+ Dpkg/OpenPGP.pm \
Dpkg/Package.pm \
Dpkg/Path.pm \
Dpkg/Shlibs.pm \
@@ -228,6 +229,7 @@ test_scripts = \
t/Dpkg_Path.t \
t/Dpkg_Vars.t \
t/Dpkg_Interface_Storable.t \
+ t/Dpkg_OpenPGP.t \
t/Dpkg_Vendor.t \
t/Dpkg_Changelog.t \
t/Dpkg_Changelog_Ubuntu.t \
@@ -251,6 +253,9 @@ test_scripts = \
$(nil)
test_data = \
+ t/Dpkg_OpenPGP/package_1.0.orig.tar \
+ t/Dpkg_OpenPGP/package_1.0.orig.tar.asc \
+ t/Dpkg_OpenPGP/package_1.0.orig.tar.sig \
t/Dpkg_Shlibs/symbols.blacklisted \
t/Dpkg_Shlibs/symbols.blacklist-groups \
t/Dpkg_Shlibs/symbols.blacklist-filter \
diff --git a/scripts/po/POTFILES.in b/scripts/po/POTFILES.in
index 7584619..dea8cde 100644
--- a/scripts/po/POTFILES.in
+++ b/scripts/po/POTFILES.in
@@ -56,6 +56,7 @@ scripts/Dpkg/IPC.pm
scripts/Dpkg/Index.pm
scripts/Dpkg/Interface/Storable.pm
scripts/Dpkg/Lock.pm
+scripts/Dpkg/OpenPGP.pm
scripts/Dpkg/Package.pm
scripts/Dpkg/Path.pm
scripts/Dpkg/Shlibs.pm
diff --git a/scripts/t/Dpkg_OpenPGP.t b/scripts/t/Dpkg_OpenPGP.t
new file mode 100644
index 0000000..ee78da6
--- /dev/null
+++ b/scripts/t/Dpkg_OpenPGP.t
@@ -0,0 +1,56 @@
+#!/usr/bin/perl
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+use strict;
+use warnings;
+
+use Test::More tests => 3;
+use Test::Dpkg qw(:paths);
+
+use File::Compare;
+
+use Dpkg::ErrorHandling;
+
+BEGIN {
+ use_ok('Dpkg::OpenPGP');
+}
+
+report_options(quiet_warnings => 1);
+
+my $datadir = test_get_data_path('t/Dpkg_OpenPGP');
+my $tmpdir = 't.tmp/Dpkg_OpenPGP';
+
+mkdir $tmpdir;
+
+openpgp_sig_to_asc("$datadir/package_1.0.orig.tar.sig",
+ "$tmpdir/package_1.0.orig.tar.sig2asc");
+
+ok(compare("$tmpdir/package_1.0.orig.tar.sig2asc",
+ "$datadir/package_1.0.orig.tar.asc") == 0,
+ 'binary signature converted to OpenPGP ASCII Armor');
+
+# Grab the output messages.
+eval {
+ openpgp_sig_to_asc("$datadir/package_1.0.orig.tar.asc",
+ "$tmpdir/package_1.0.orig.tar.asc2asc");
+};
+
+ok(compare("$tmpdir/package_1.0.orig.tar.asc2asc",
+ "$datadir/package_1.0.orig.tar.asc") == 0,
+ 'OpenPGP ASCII Armor copied to destination');
+
+# TODO: Add actual test cases.
+
+1;
diff --git a/man/po/zh_CN.add b/scripts/t/Dpkg_OpenPGP/package_1.0.orig.tar
similarity index 100%
copy from man/po/zh_CN.add
copy to scripts/t/Dpkg_OpenPGP/package_1.0.orig.tar
diff --git a/scripts/t/Dpkg_OpenPGP/package_1.0.orig.tar.asc b/scripts/t/Dpkg_OpenPGP/package_1.0.orig.tar.asc
new file mode 100644
index 0000000..06f2ab0
--- /dev/null
+++ b/scripts/t/Dpkg_OpenPGP/package_1.0.orig.tar.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAlnijuMACgkQuXK/PqSu
+V6Oiuw/+P0+5BMH/WfsyhDrykF90tp2q6+eQvbgny8Mo1SJT647cS0bXFrZqd1Zr
+22hFouKLbbqmJVm7GqIyWzg6mWvRJ85tvKMhwaUHiNKBrwOguw6crk8TdRidvS1p
+m7E70wYdoPGvLt0Sr7nDWyaj82r3QkqTWTMxiD9jD4Z3w5Ztz08rpho6CJcGcAlv
+09WGRVo+AiQLDRT70T7598lilHviFNGJdC9sVOrkEyFVDJZirnTvqXgqTJAy5Lve
+DjTnfYAzmivtsQUXkYIj31XWLsiFa5mfpl6FSmFUSBPXALO++sZrL+mQZoUqnBv/
+bxCg3RYbPA6dpZ9IB/gyAvvEOEECeA4v5gDqGn67FeZsALPOEhvAYclkMtLOQBxr
+sJD9GPCQtT2QfObmaUlqabXASNjzguayprh+a8CJChyBKWSvn6LoSdsBzesPT/bh
+DJenc5M9jvIVShiwqQYCdYotebdKYDIvelblz0TbaTs5RZNGrizgj4Mrl0CaKVHs
+51M8Vpb+w1TM+jm3b+5Na+v9TuS0TxGKI1FTyfjZMjF92AF3A13KanSWMg+37eE1
+R1R4pPuJ2s4xYULQNh+BTHlrGso43nxzc2gkJbsPRa6n3fZFRVdYfkIJgv4kzaQD
+Lgsnhzrz1onBWvfnFWlJaRZ/ti4/3EEHAFvt25ZLMyJC2WOCG4I=
+=N2cG
+-----END PGP SIGNATURE-----
diff --git a/scripts/t/Dpkg_OpenPGP/package_1.0.orig.tar.sig b/scripts/t/Dpkg_OpenPGP/package_1.0.orig.tar.sig
new file mode 100644
index 0000000..a15acec
Binary files /dev/null and b/scripts/t/Dpkg_OpenPGP/package_1.0.orig.tar.sig differ
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list