Bug#835475: /usr/bin/dscverify: dscverify: please use libdpkg-perl for .dsc parsing and verification
James McCoy
jamessan at debian.org
Fri Aug 26 23:45:12 UTC 2016
On Fri, Aug 26, 2016 at 11:19:08AM +0200, Johannes Schauer wrote:
> On Fri, 26 Aug 2016 09:35:20 +0200 Johannes Schauer <josch at debian.org> wrote:
> > dscverify currently uses multiple regexes to parse a .dsc. Instead
> > libdpkg-perl could be used. The advantages would be:
> >
> > - shorter code of dscverify
> > - always using the latest hash sum algorithms
> > - less surface for bugs to appear
> > - automatic support for other signed deb822 formats with file lists
Agreed. Those reasons, among others, are why I've converted parts of
other devscripts scripts to use dpkg's Perl APIs.
> > If you would appreciate a conversion of the current dscverify code to
> > libdpkg-perl, then please shout. I have experience with using the dpkg's
> > perl api from using it for sbuild and I can easily provide a patch if
> > that would be appreciated by the devscript maintainers.
>
> I just learned from Guillem that a dpkg tool is in the works with similar
> capabilities as dscverify. It is called dpkg-sign and can also be used for
> signature and checksum verification:
Glad to hear. Any time there's less code for me to maintain is a good
thing. :)
> Thus, most of what dscverify does will become obsolete in the near future.
Or at least will be moved out to dpkg-sign, with dscverify/debsign
becoming thin wrappers.
That reminds me that I need to spend some more time on deduplicating
debuild now that dpkg-buildpackage provides much of the needed
functionality.
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
More information about the devscripts-devel
mailing list