[pacman-dev] [PATCH] makepkg: split source elements when looking for sigs
Allows renamed .asc/.sig files to be still discovered by makepkg. This is needed for a package such as PuTTY, which provides abnormally named sig files (.DSA and .RSA) which are valid input for gpg --verify. Signed-off-by: Dave Reisner <dreisner@archlinux.org> --- Related: do we want to natively support .SIG and .ASC as well? Or would we be content with this patch as a workaround for "abnormal" sig files like that? scripts/makepkg.sh.in | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index a0a94fe..a4a3d13 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -331,10 +331,10 @@ in_array() { return 1 # Not Found } -source_has_signatures(){ +source_has_signatures() { local file for file in "${source[@]}"; do - if [[ $file = *.@(sig?(n)|asc) ]]; then + if [[ ${file%%::*} = *.@(sig?(n)|asc) ]]; then return 0 fi done -- 1.7.8
On 11/12/11 14:10, Dave Reisner wrote:
Allows renamed .asc/.sig files to be still discovered by makepkg. This is needed for a package such as PuTTY, which provides abnormally named sig files (.DSA and .RSA) which are valid input for gpg --verify.
Just to clarify... Are they valid input as in "gpg --verify foo.DSA" works or do you need to use "gpg --verify foo.DSA source.file" (or whatever the correct command syntax is)? Allan
On Sat, Dec 10, 2011 at 11:45 PM, Allan McRae <allan@archlinux.org> wrote:
On 11/12/11 14:10, Dave Reisner wrote:
Allows renamed .asc/.sig files to be still discovered by makepkg. This is needed for a package such as PuTTY, which provides abnormally named sig files (.DSA and .RSA) which are valid input for gpg --verify.
Just to clarify... Are they valid input as in "gpg --verify foo.DSA" works or do you need to use "gpg --verify foo.DSA source.file" (or whatever the correct command syntax is)?
You need to specify the source tarball filename: $ gpg --verify putty-0.62.tar.gz.DSA gpg: no signed data gpg: can't hash datafile: file open error $ gpg --verify putty-0.62.tar.gz.DSA putty-0.62.tar.gz gpg: Signature made Sat 10 Dec 2011 08:34:11 AM EST using DSA key ID 08B0A90B gpg: Good signature from "PuTTY Releases (DSA) <putty-bugs@lists.tartarus.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 00B1 1009 38E6 9800 6518 F0AB FECD 6F3F 08B0 A90B
Allan
On 11/12/11 14:53, Eric Bélanger wrote:
On Sat, Dec 10, 2011 at 11:45 PM, Allan McRae <allan@archlinux.org> wrote:
On 11/12/11 14:10, Dave Reisner wrote:
Allows renamed .asc/.sig files to be still discovered by makepkg. This is needed for a package such as PuTTY, which provides abnormally named sig files (.DSA and .RSA) which are valid input for gpg --verify.
Just to clarify... Are they valid input as in "gpg --verify foo.DSA" works or do you need to use "gpg --verify foo.DSA source.file" (or whatever the correct command syntax is)?
You need to specify the source tarball filename:
$ gpg --verify putty-0.62.tar.gz.DSA gpg: no signed data gpg: can't hash datafile: file open error
$ gpg --verify putty-0.62.tar.gz.DSA putty-0.62.tar.gz gpg: Signature made Sat 10 Dec 2011 08:34:11 AM EST using DSA key ID 08B0A90B gpg: Good signature from "PuTTY Releases (DSA) <putty-bugs@lists.tartarus.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 00B1 1009 38E6 9800 6518 F0AB FECD 6F3F 08B0 A90B
OK. That is what I had thought... I had gone through the gnupg source code and checked what valid extensions were and thought I had missed some. Allan
On 11/12/11 14:10, Dave Reisner wrote:
Allows renamed .asc/.sig files to be still discovered by makepkg. This is needed for a package such as PuTTY, which provides abnormally named sig files (.DSA and .RSA) which are valid input for gpg --verify.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan
--- Related: do we want to natively support .SIG and .ASC as well? Or would we be content with this patch as a workaround for "abnormal" sig files like that?
I am happy with this patch. We should only natively support what gnupg supports. Allan
participants (3)
-
Allan McRae
-
Dave Reisner
-
Eric Bélanger