[devscripts] 02/04: uscan: Move keyring location for signature verification under debian/upstream/
James McCoy
jamessan at debian.org
Tue Jan 21 05:00:39 UTC 2014
This is an automated email from the git hooks/post-receive script.
jamessan pushed a commit to branch master
in repository devscripts.
commit 120b9f2efe59c7e20da143a989aa3f3a316274fd
Author: James McCoy <jamessan at debian.org>
Date: Mon Jan 20 22:39:08 2014 -0500
uscan: Move keyring location for signature verification under debian/upstream/
Signed-off-by: James McCoy <jamessan at debian.org>
---
debian/NEWS | 8 ++++++++
debian/changelog | 3 ++-
scripts/uscan.1 | 2 +-
scripts/uscan.pl | 9 ++++++---
4 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/debian/NEWS b/debian/NEWS
index d70c594..7191484 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,11 @@
+devscripts (2.14.0) unstable; urgency=low
+
+ uscan now looks for upstream's keyring as debian/upstream/signing-key.pgp.
+ The previously used location, debian/upstream-signing-key.pgp, will be
+ checked as a last resort for a transition period.
+
+ -- James McCoy <jamessan at debian.org> Mon, 20 Jan 2014 22:21:16 -0500
+
devscripts (2.11.9) unstable; urgency=low
The default for mk-build-deps --tool option/MKBUILDDEPS_TOOL configuration
diff --git a/debian/changelog b/debian/changelog
index 4746081..5ee98a7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-devscripts (2.14.1) UNRELEASED; urgency=low
+devscripts (2.14.0) UNRELEASED; urgency=low
[ Jakub Wilk ]
* Add sadt, a simple implementation of DEP-8 test runner (closes: #712095).
@@ -19,6 +19,7 @@ devscripts (2.14.1) UNRELEASED; urgency=low
(Closes: #728182)
+ Support escaped characters in the Files-Excluded patterns. Thanks to
Csillag Tamas and Russ Albery for the patch. (Closes: #733111)
+ + Move keyring location for signature verification under debian/upstream/.
-- Jakub Wilk <jwilk at debian.org> Fri, 27 Dec 2013 18:39:11 +0100
diff --git a/scripts/uscan.1 b/scripts/uscan.1
index d0ce0f9..dac5928 100644
--- a/scripts/uscan.1
+++ b/scripts/uscan.1
@@ -292,7 +292,7 @@ If present, the supplied rules will be applied to the downloaded URL
that will be used to fetch the detached OpenPGP signature file for the
upstream tarball. Some common rules might be `\fBs/$/.asc/\fR' or
`\fBs/$/.pgp/\fR' or `\fBs/$/.gpg/\fR'. This signature must be made
-by a key found in the keyring \fBdebian/upstream-signing-key.pgp\fR.
+by a key found in the keyring \fBdebian/upstream/signing-key.pgp\fR.
If it is not valid, or not made by one of the listed keys, uscan will
report an error.
.SH "Directory name checking"
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index 787f69e..70a735d 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -30,6 +30,7 @@ use Dpkg::IPC;
use File::Basename;
use File::Copy;
use File::Temp qw/tempfile tempdir/;
+use List::Util qw/first/;
use filetest 'access';
use Getopt::Long qw(:config gnu_getopt);
use lib '/usr/share/devscripts';
@@ -702,6 +703,7 @@ sub process_watchline ($$$$$$)
my $style='new';
my $urlbase;
my $headers = HTTP::Headers->new;
+ my $keyring;
# Comma-separated list of features that sites being queried might
# want to be aware of
@@ -813,8 +815,9 @@ sub process_watchline ($$$$$$)
# Check validity of options
if (exists $options{'pgpsigurlmangle'}) {
- if (not (-r 'debian/upstream-signing-key.pgp')) {
- uscan_warn "$progname warning: pgpsigurlmangle option exists, but debian/upstream-signing-key.pgp does not exist\n in $watchfile, skipping:\n $line\n";
+ $keyring = first { -r $_ } qw(debian/upstream/signing-key.pgp debian/upstream-signing-key.pgp);
+ if (!defined $keyring) {
+ uscan_warn "$progname warning: pgpsigurlmangle option exists, but the upstream keyring does not exist\n in $watchfile, skipping:\n $line\n";
return 1;
} elsif (! $havegpgv) {
uscan_warn "$progname warning: pgpsigurlmangle option exists, but you must have gpgv installed to verify\n in $watchfile, skipping:\n $line\n";
@@ -1407,7 +1410,7 @@ EOF
print "-- Verifying OpenPGP signature $newfile_base.pgp for $newfile_base\n" if $verbose;
system('/usr/bin/gpgv', '--homedir', '/dev/null',
- '--keyring', 'debian/upstream-signing-key.pgp',
+ '--keyring', $keyring,
"$destdir/$newfile_base.pgp", "$destdir/$newfile_base") >> 8 == 0
or uscan_die("$progname warning: OpenPGP signature did not verify.\n");
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git
More information about the devscripts-devel
mailing list