From 9ee1d5a9c484b7c3f41102044465089924da2a38 Mon Sep 17 00:00:00 2001 From: Raphael Hertzog Date: Mon, 23 Jun 2008 22:22:34 +0200 Subject: [PATCH] dpkg-source: new option --require-valid-signature * scripts/dpkg-source.pl: New option --require-valid-signature. * scripts/Dpkg/Source/Package.pm (check_signature): Updated to use Dpkg::IPC and to implement the checks related to --require-valid-signature. * man/dpkg-source.1: Document the new option. --- ChangeLog | 8 +++++++ debian/changelog | 1 + man/dpkg-source.1 | 7 ++++++ scripts/Dpkg/Source/Package.pm | 39 ++++++++++++++++++++++------------ scripts/dpkg-source.pl | 13 +++++++++--- 5 files changed, 52 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 37838394..683dbc4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2008-06-23 Raphael Hertzog + + * scripts/dpkg-source.pl: New option --require-valid-signature. + * scripts/Dpkg/Source/Package.pm (check_signature): Updated to use + Dpkg::IPC and to implement the checks related to + --require-valid-signature. + * man/dpkg-source.1: Document the new option. + 2008-06-23 Raphael Hertzog * scripts/Dpkg/IPC.pm (fork_and_exec): New nocheck option that is diff --git a/debian/changelog b/debian/changelog index f4f27ced..be8de9fa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -53,6 +53,7 @@ dpkg (1.15.0) UNRELEASED; urgency=low They are mostly obsolete for APT users. Closes: #481185 * Add new option --listpackage to dpkg-divert. Thanks to Timothy G Abbott for the patch. Closes: #485012 + * Add new option --require-valid-signature to dpkg-source. Closes: #390282 [ Pierre Habouzit ] * Add a --query option to update-alternatives. Closes: #336091, #441904 diff --git a/man/dpkg-source.1 b/man/dpkg-source.1 index 550156af..471acc93 100644 --- a/man/dpkg-source.1 +++ b/man/dpkg-source.1 @@ -182,6 +182,13 @@ Do not copy original tarballs near the extracted source package. .TP .BI \-\-no\-check Do not check signatures and checksums before unpacking. +.TP +.BI \-\-require\-valid\-signature +Refuse to unpack the source package if it doesn't contain an OpenPGP +signature that can be verified either with the user's keyring or one +of the official Debian keyrings +(\fI/usr/share/keyrings/debian-keyring.gpg\fP +and \fI/usr/share/keyrings/debian-maintainers.gpg\fP). .SH SOURCE PACKAGE FORMATS .SS Format: 1.0 diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm index fffbd3e4..4818a6cc 100644 --- a/scripts/Dpkg/Source/Package.pm +++ b/scripts/Dpkg/Source/Package.pm @@ -29,6 +29,7 @@ use Dpkg::Deps qw(@src_dep_fields); use Dpkg::Compression; use Dpkg::Exit; use Dpkg::Path qw(check_files_are_the_same); +use Dpkg::IPC; use POSIX; use File::Basename; @@ -266,23 +267,35 @@ sub check_signature { my ($self) = @_; my $dsc = $self->get_filename(); if (-x '/usr/bin/gpg') { - my $gpg_command = 'gpg -q --verify '; + my @exec = ("gpg", "-q", "--verify"); if (-r '/usr/share/keyrings/debian-keyring.gpg') { - $gpg_command = $gpg_command.'--keyring /usr/share/keyrings/debian-keyring.gpg '; + push @exec, "--keyring", "/usr/share/keyrings/debian-keyring.gpg"; } - $gpg_command = $gpg_command.quotemeta($dsc).' 2>&1'; - - #TODO: cleanup here - my @gpg_output = `$gpg_command`; - my $gpg_status = $? >> 8; - if ($gpg_status) { - print STDERR join("",@gpg_output); - error(_g("failed to verify signature on %s"), $dsc) - if ($gpg_status == 1); + if (-r '/usr/share/keyrings/debian-maintainers.gpg') { + push @exec, "--keyring", "/usr/share/keyrings/debian-maintainers.gpg"; + } + push @exec, $dsc; + + my ($stdout, $stderr); + fork_and_exec('exec' => \@exec, wait_child => 1, nocheck => 1, + to_string => \$stdout, error_to_string => \$stderr); + if (WIFEXITED($?)) { + my $gpg_status = WEXITSTATUS($?); + print STDERR "$stdout$stderr" if $gpg_status; + if ($gpg_status == 1 or ($gpg_status && + $self->{'options'}{'require_valid_signature'})) + { + error(_g("failed to verify signature on %s"), $dsc); + } + } else { + subprocerr("@exec"); } } else { - warning(_g("could not verify signature on %s since gpg isn't installed"), - $dsc); + if ($self->{'options'}{'require_valid_signature'}) { + error(_g("could not verify signature on %s since gpg isn't installed"), $dsc); + } else { + warning(_g("could not verify signature on %s since gpg isn't installed"), $dsc); + } } } diff --git a/scripts/dpkg-source.pl b/scripts/dpkg-source.pl index 4907e251..4c9f0063 100755 --- a/scripts/dpkg-source.pl +++ b/scripts/dpkg-source.pl @@ -42,6 +42,7 @@ my %options = ( # Misc options copy_orig_tarballs => 1, no_check => 0, + require_valid_signature => 0, ); # Fields to remove/override @@ -98,6 +99,8 @@ while (@ARGV && $ARGV[0] =~ m/^-/) { $options{'copy_orig_tarballs'} = 0; } elsif (m/^--no-check$/) { $options{'no_check'} = 1; + } elsif (m/^--require-valid-signature$/) { + $options{'require_valid_signature'} = 1; } elsif (m/^-V(\w[-:0-9A-Za-z]*)[=:]/) { $substvars->set($1, $POSTMATCH); warning(_g("substvars support is deprecated (see README.feature-removal-schedule)")); @@ -324,7 +327,11 @@ if ($options{'opmode'} eq 'build') { if ($srcpkg->is_signed()) { $srcpkg->check_signature(); } else { - warning(_g("extracting unsigned source package (%s)"), $dsc); + if ($options{'require_valid_signature'}) { + error(_g("%s doesn't contain a valid OpenPGP signature"), $dsc); + } else { + warning(_g("extracting unsigned source package (%s)"), $dsc); + } } $srcpkg->check_checksums(); } @@ -390,8 +397,8 @@ Build options: Extract options: --no-copy don't copy .orig tarballs - --no-check don't check signature and checksums before - unpacking + --no-check don't check signature and checksums before unpacking + --require-valid-signature abort if the package doesn't have a valid signature General options: -h, --help show this help message. -- 2.39.5