* scripts/dpkg-source.pl: New option --require-valid-signature.
* scripts/Dpkg/Source/Package.pm (check_signature): Updated to use
Dpkg::IPC and to implement the checks related to
--require-valid-signature.
* man/dpkg-source.1: Document the new option.
+2008-06-23 Raphael Hertzog <hertzog@debian.org>
+
+ * scripts/dpkg-source.pl: New option --require-valid-signature.
+ * scripts/Dpkg/Source/Package.pm (check_signature): Updated to use
+ Dpkg::IPC and to implement the checks related to
+ --require-valid-signature.
+ * man/dpkg-source.1: Document the new option.
+
2008-06-23 Raphael Hertzog <hertzog@debian.org>
* scripts/Dpkg/IPC.pm (fork_and_exec): New nocheck option that is
They are mostly obsolete for APT users. Closes: #481185
* Add new option --listpackage to dpkg-divert. Thanks to Timothy G Abbott
<tabbott@MIT.EDU> for the patch. Closes: #485012
+ * Add new option --require-valid-signature to dpkg-source. Closes: #390282
[ Pierre Habouzit ]
* Add a --query option to update-alternatives. Closes: #336091, #441904
.TP
.BI \-\-no\-check
Do not check signatures and checksums before unpacking.
+.TP
+.BI \-\-require\-valid\-signature
+Refuse to unpack the source package if it doesn't contain an OpenPGP
+signature that can be verified either with the user's keyring or one
+of the official Debian keyrings
+(\fI/usr/share/keyrings/debian-keyring.gpg\fP
+and \fI/usr/share/keyrings/debian-maintainers.gpg\fP).
.SH SOURCE PACKAGE FORMATS
.SS Format: 1.0
use Dpkg::Compression;
use Dpkg::Exit;
use Dpkg::Path qw(check_files_are_the_same);
+use Dpkg::IPC;
use POSIX;
use File::Basename;
my ($self) = @_;
my $dsc = $self->get_filename();
if (-x '/usr/bin/gpg') {
- my $gpg_command = 'gpg -q --verify ';
+ my @exec = ("gpg", "-q", "--verify");
if (-r '/usr/share/keyrings/debian-keyring.gpg') {
- $gpg_command = $gpg_command.'--keyring /usr/share/keyrings/debian-keyring.gpg ';
+ push @exec, "--keyring", "/usr/share/keyrings/debian-keyring.gpg";
}
- $gpg_command = $gpg_command.quotemeta($dsc).' 2>&1';
-
- #TODO: cleanup here
- my @gpg_output = `$gpg_command`;
- my $gpg_status = $? >> 8;
- if ($gpg_status) {
- print STDERR join("",@gpg_output);
- error(_g("failed to verify signature on %s"), $dsc)
- if ($gpg_status == 1);
+ if (-r '/usr/share/keyrings/debian-maintainers.gpg') {
+ push @exec, "--keyring", "/usr/share/keyrings/debian-maintainers.gpg";
+ }
+ push @exec, $dsc;
+
+ my ($stdout, $stderr);
+ fork_and_exec('exec' => \@exec, wait_child => 1, nocheck => 1,
+ to_string => \$stdout, error_to_string => \$stderr);
+ if (WIFEXITED($?)) {
+ my $gpg_status = WEXITSTATUS($?);
+ print STDERR "$stdout$stderr" if $gpg_status;
+ if ($gpg_status == 1 or ($gpg_status &&
+ $self->{'options'}{'require_valid_signature'}))
+ {
+ error(_g("failed to verify signature on %s"), $dsc);
+ }
+ } else {
+ subprocerr("@exec");
}
} else {
- warning(_g("could not verify signature on %s since gpg isn't installed"),
- $dsc);
+ if ($self->{'options'}{'require_valid_signature'}) {
+ error(_g("could not verify signature on %s since gpg isn't installed"), $dsc);
+ } else {
+ warning(_g("could not verify signature on %s since gpg isn't installed"), $dsc);
+ }
}
}
# Misc options
copy_orig_tarballs => 1,
no_check => 0,
+ require_valid_signature => 0,
);
# Fields to remove/override
$options{'copy_orig_tarballs'} = 0;
} elsif (m/^--no-check$/) {
$options{'no_check'} = 1;
+ } elsif (m/^--require-valid-signature$/) {
+ $options{'require_valid_signature'} = 1;
} elsif (m/^-V(\w[-:0-9A-Za-z]*)[=:]/) {
$substvars->set($1, $POSTMATCH);
warning(_g("substvars support is deprecated (see README.feature-removal-schedule)"));
if ($srcpkg->is_signed()) {
$srcpkg->check_signature();
} else {
- warning(_g("extracting unsigned source package (%s)"), $dsc);
+ if ($options{'require_valid_signature'}) {
+ error(_g("%s doesn't contain a valid OpenPGP signature"), $dsc);
+ } else {
+ warning(_g("extracting unsigned source package (%s)"), $dsc);
+ }
}
$srcpkg->check_checksums();
}
Extract options:
--no-copy don't copy .orig tarballs
- --no-check don't check signature and checksums before
- unpacking
+ --no-check don't check signature and checksums before unpacking
+ --require-valid-signature abort if the package doesn't have a valid signature
General options:
-h, --help show this help message.
projects / dpkg / commitdiff