From e541adde4a9da8807c1e9a264c334395c1f7005d Mon Sep 17 00:00:00 2001
From: Frank Lichtenheld <djpig@debian.org>
Date: Wed, 18 Jan 2006 12:49:34 +0000
Subject: [PATCH] Check the gpg signatures of .dsc files before unpacking. See
 the upstream changelog for a full description of the semantics. Based on a
 patch by Matt Zimmerman. Closes: #48711

---
 ChangeLog              | 10 ++++++++++
 debian/changelog       |  3 +++
 scripts/dpkg-source.pl | 28 +++++++++++++++++++++++++++-
 3 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 3b200de1..a137b746 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,16 @@
 	the .dsc when building. This also normalizes the
 	fields.
  
+2005-10-03  Matt Zimmerman  <mdz@debian.org>,
+	    Frank Lichtenheld  <djpig@debian.org>
+
+	* scripts/dpkg-source.pl: If gpg is installed, check
+	the signature of the .dsc file before unpacking.
+	Allow the unpacking to suceed if the .dsc is unsigned
+	but error out if the signature is bad. If gpg exits
+	with a code >2 (e.g. missing key), show the user the gpg
+	output but continue.
+
 2005-10-03  Frank Lichtenheld  <djpig@debian.org>
 
 	* scripts/dpkg-source.pl: Try to chown files extracted from
diff --git a/debian/changelog b/debian/changelog
index c0ef7725..2e5db56f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,9 @@ dpkg (1.13.12~) unstable; urgency=low
   * Let dpkg-source -b check the build relation fields before
     putting them into the .dsc. As a side effect they also
     get normalized. Closes: #254449
+  * Check the gpg signatures of .dsc files before unpacking. See
+    the upstream changelog for a full description of the semantics.
+    Based on a patch by Matt Zimmerman. Closes: #48711
 
  --
 
diff --git a/scripts/dpkg-source.pl b/scripts/dpkg-source.pl
index 6256b3b2..4c01cb45 100755
--- a/scripts/dpkg-source.pl
+++ b/scripts/dpkg-source.pl
@@ -516,7 +516,7 @@ if ($opmode eq 'build') {
     }
     exit(0);
 
-} else {
+} else { # -> opmode ne 'build'
 
     $sourcestyle =~ y/X/p/;
     $sourcestyle =~ m/[pun]/ ||
@@ -535,6 +535,32 @@ if ($opmode eq 'build') {
 	! -e $newdirectory || &error("unpack target exists: $newdirectory");
     }
 
+    my $is_signed = 0;
+    open(DSC,"< $dsc") || &error("cannot open .dsc file $dsc: $!");
+    while (<DSC>) {
+	next if /^\s*$/o;
+	$is_signed = 1 if /^-----BEGIN PGP SIGNED MESSAGE-----$/o;
+	last;
+    }
+    close(DSC);
+
+    if ($is_signed) {
+	if (-x '/usr/bin/gpg') {
+	    my $gpg_command = 'gpg -q --verify '.quotemeta($dsc).' 2>&1';
+	    my @gpg_output = `$gpg_command`;
+	    my $gpg_status = $? >> 8;
+	    if ($gpg_status) {
+		print STDERR join("",@gpg_output);
+		&error("failed to verify signature on $dsc")
+		    if ($gpg_status == 1);
+	    }
+	} else {
+	    &warn("could not verify signature on $dsc since gpg isn't installed");
+	}
+    } else {
+	&warn("extracting unsigned source package ($dsc)");
+    }
+
     open(CDATA,"< $dsc") || &error("cannot open .dsc file $dsc: $!");
     &parsecdata('S',-1,"source control file $dsc");
     close(CDATA);
-- 
2.39.5