From: Frank Lichtenheld Date: Wed, 18 Jan 2006 12:49:34 +0000 (+0000) Subject: Check the gpg signatures of .dsc files before unpacking. See X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e541adde4a9da8807c1e9a264c334395c1f7005d;p=dpkg Check the gpg signatures of .dsc files before unpacking. See the upstream changelog for a full description of the semantics. Based on a patch by Matt Zimmerman. Closes: #48711 --- diff --git a/ChangeLog b/ChangeLog index 3b200de1..a137b746 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,16 @@ the .dsc when building. This also normalizes the fields. +2005-10-03 Matt Zimmerman , + Frank Lichtenheld + + * scripts/dpkg-source.pl: If gpg is installed, check + the signature of the .dsc file before unpacking. + Allow the unpacking to suceed if the .dsc is unsigned + but error out if the signature is bad. If gpg exits + with a code >2 (e.g. missing key), show the user the gpg + output but continue. + 2005-10-03 Frank Lichtenheld * scripts/dpkg-source.pl: Try to chown files extracted from diff --git a/debian/changelog b/debian/changelog index c0ef7725..2e5db56f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,9 @@ dpkg (1.13.12~) unstable; urgency=low * Let dpkg-source -b check the build relation fields before putting them into the .dsc. As a side effect they also get normalized. Closes: #254449 + * Check the gpg signatures of .dsc files before unpacking. See + the upstream changelog for a full description of the semantics. + Based on a patch by Matt Zimmerman. Closes: #48711 -- diff --git a/scripts/dpkg-source.pl b/scripts/dpkg-source.pl index 6256b3b2..4c01cb45 100755 --- a/scripts/dpkg-source.pl +++ b/scripts/dpkg-source.pl @@ -516,7 +516,7 @@ if ($opmode eq 'build') { } exit(0); -} else { +} else { # -> opmode ne 'build' $sourcestyle =~ y/X/p/; $sourcestyle =~ m/[pun]/ || @@ -535,6 +535,32 @@ if ($opmode eq 'build') { ! -e $newdirectory || &error("unpack target exists: $newdirectory"); } + my $is_signed = 0; + open(DSC,"< $dsc") || &error("cannot open .dsc file $dsc: $!"); + while () { + next if /^\s*$/o; + $is_signed = 1 if /^-----BEGIN PGP SIGNED MESSAGE-----$/o; + last; + } + close(DSC); + + if ($is_signed) { + if (-x '/usr/bin/gpg') { + my $gpg_command = 'gpg -q --verify '.quotemeta($dsc).' 2>&1'; + my @gpg_output = `$gpg_command`; + my $gpg_status = $? >> 8; + if ($gpg_status) { + print STDERR join("",@gpg_output); + &error("failed to verify signature on $dsc") + if ($gpg_status == 1); + } + } else { + &warn("could not verify signature on $dsc since gpg isn't installed"); + } + } else { + &warn("extracting unsigned source package ($dsc)"); + } + open(CDATA,"< $dsc") || &error("cannot open .dsc file $dsc: $!"); &parsecdata('S',-1,"source control file $dsc"); close(CDATA);