[devscripts] 03/04: uscan: Use the armored keyring debian/upstream/signing-key.asc

James McCoy jamessan at debian.org
Tue Jan 21 05:00:39 UTC 2014 

This is an automated email from the git hooks/post-receive script.

jamessan pushed a commit to branch master
in repository devscripts.

commit 70067fb44d28680326b99da759f205ab4a3f21f5
Author: James McCoy <jamessan at debian.org>
Date:   Mon Jan 20 22:45:24 2014 -0500

    uscan: Use the armored keyring debian/upstream/signing-key.asc
    
    Closes: #720957
    Signed-off-by: James McCoy <jamessan at debian.org>
---
 README           |  2 +-
 debian/NEWS      |  7 ++++---
 debian/changelog |  2 ++
 debian/control   |  2 +-
 scripts/uscan.1  |  7 ++++---
 scripts/uscan.pl | 23 ++++++++++++++++++-----
 6 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/README b/README
index aad5214..bdcc5f3 100644
--- a/README
+++ b/README
@@ -229,7 +229,7 @@ And now, in mostly alphabetical order, the scripts:
   version based on the new update.  Whilst uscan could be used to release
   the updated version automatically, it is probably better not to without
   testing it first.  Uscan can also verify detached OpenPGP signatures if 
-  upstream's signing key is known. [gpgv, liblwp-protocol-https-perl,
+  upstream's signing key is known. [gpgv, gnupg, liblwp-protocol-https-perl,
   libwww-perl, unzip, lzma, xz-utils]
 
 - uupdate: Update the package with an archive or patches from
diff --git a/debian/NEWS b/debian/NEWS
index 7191484..4738f7f 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,8 +1,9 @@
 devscripts (2.14.0) unstable; urgency=low
 
-  uscan now looks for upstream's keyring as debian/upstream/signing-key.pgp.
-  The previously used location, debian/upstream-signing-key.pgp, will be
-  checked as a last resort for a transition period.
+  uscan now looks for upstream's keyring under debian/upstream/ as either
+  signing-key.pgp or, for an armored keyring, signing-key.asc.  The previously
+  used location, debian/upstream-signing-key.pgp, will be checked as a last
+  resort for a transition period.
 
  -- James McCoy <jamessan at debian.org>  Mon, 20 Jan 2014 22:21:16 -0500
 
diff --git a/debian/changelog b/debian/changelog
index 5ee98a7..38fb06b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -20,6 +20,8 @@ devscripts (2.14.0) UNRELEASED; urgency=low
     + Support escaped characters in the Files-Excluded patterns.  Thanks to
       Csillag Tamas and Russ Albery for the patch.  (Closes: #733111)
     + Move keyring location for signature verification under debian/upstream/.
+    + Use the armored keyring debian/upstream/signing-key.asc for signature
+      verification if the unarmored keyring doesn't exist.  (Closes: #720957)
 
  -- Jakub Wilk <jwilk at debian.org>  Fri, 27 Dec 2013 18:39:11 +0100
 
diff --git a/debian/control b/debian/control
index 5502ce7..e375e42 100644
--- a/debian/control
+++ b/debian/control
@@ -188,7 +188,7 @@ Description: scripts to make the life of a Debian Package maintainer easier
     transitions for which uploads to unstable are currently blocked
     [libwww-perl, libyaml-syck-perl]
   - uscan: scan upstream sites for new releases of packages
-    [gpgv, liblwp-protocol-https-perl, libwww-perl, unzip, lzma, xz-utils]
+    [gpgv, gnupg, liblwp-protocol-https-perl, libwww-perl, unzip, lzma, xz-utils]
   - uupdate: integrate upstream changes into a source package [patch]
   - what-patch: determine what patch system, if any, a source package is using
     [patchutils]
diff --git a/scripts/uscan.1 b/scripts/uscan.1
index dac5928..012ea86 100644
--- a/scripts/uscan.1
+++ b/scripts/uscan.1
@@ -292,9 +292,10 @@ If present, the supplied rules will be applied to the downloaded URL
 that will be used to fetch the detached OpenPGP signature file for the
 upstream tarball.  Some common rules might be `\fBs/$/.asc/\fR' or
 `\fBs/$/.pgp/\fR' or `\fBs/$/.gpg/\fR'.  This signature must be made
-by a key found in the keyring \fBdebian/upstream/signing-key.pgp\fR.
-If it is not valid, or not made by one of the listed keys, uscan will
-report an error.
+by a key found in the keyring \fBdebian/upstream/signing-key.pgp\fR or
+the armored keyring \fBdebian/upstream/signing-key.asc\fR.  If it is not
+valid, or not made by one of the listed keys, uscan will report an
+error.
 .SH "Directory name checking"
 Similarly to several other scripts in the \fBdevscripts\fR package,
 \fBuscan\fR explores the requested directory trees looking for
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index 70a735d..2d293e5 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -61,6 +61,7 @@ if ($@) {
     $haveSSL = 0;
 }
 my $havegpgv = (-x '/usr/bin/gpgv');
+my $havegpg = first { -x $_ } qw(/usr/bin/gpg2 /usr/bin/gpg);
 
 # Did we find any new upstream versions on our wanderings?
 our $found = 0;
@@ -703,7 +704,7 @@ sub process_watchline ($$$$$$)
     my $style='new';
     my $urlbase;
     my $headers = HTTP::Headers->new;
-    my $keyring;
+    my ($keyring, $gpghome);
 
     # Comma-separated list of features that sites being queried might
     # want to be aware of
@@ -815,13 +816,25 @@ sub process_watchline ($$$$$$)
 
 	# Check validity of options
 	if (exists $options{'pgpsigurlmangle'}) {
-	    $keyring = first { -r $_ } qw(debian/upstream/signing-key.pgp debian/upstream-signing-key.pgp);
+	    if (! $havegpgv) {
+		uscan_warn "$progname warning: pgpsigurlmangle option exists, but you must have gpgv installed to verify\n  in $watchfile, skipping:\n  $line\n";
+		return 1;
+	    }
+	    $keyring = first { -r $_ } qw(debian/upstream/signing-key.pgp debian/upstream/signing-key.asc debian/upstream-signing-key.pgp);
+	    if ($keyring =~ m/\.asc$/) {
+		if (!$havegpg) {
+		    uscan_warn "$progname warning: $keyring is armored but gpg/gpg2 is not available to dearmor it\n  in $watchfile, skipping:\n $line\n";
+		    return 1;
+		}
+		# Need to convert an armored key to binary for use by gpgv
+		$gpghome = tempdir(CLEANUP => 1);
+		spawn(exec => [$havegpg, '--homedir', $gpghome, '--no-options', '-q', '--batch', '--no-default-keyring', '--import', $keyring],
+		      wait_child => 1);
+		$keyring = "$gpghome/pubring.gpg";
+	    }
 	    if (!defined $keyring) {
 		uscan_warn "$progname warning: pgpsigurlmangle option exists, but the upstream keyring does not exist\n  in $watchfile, skipping:\n  $line\n";
 		return 1;
-	    } elsif (! $havegpgv) {
-		uscan_warn "$progname warning: pgpsigurlmangle option exists, but you must have gpgv installed to verify\n  in $watchfile, skipping:\n  $line\n";
-		return 1;
 	    }
 	}
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git

More information about the devscripts-devel mailing list