Your message dated Tue, 28 Oct 2014 03:35:03 +0000
with message-id <[email protected]>
and subject line Bug#758525: fixed in debsig-verify 0.11
has caused the Debian Bug report #758525,
regarding [patch] Please allow a alternative policy directory
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
758525: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758525
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debsig-verify
Version: 0.10
Hello,
when I wrote a bunch of integration tests for a project that uses
debsig-verify I noticed that it would be great to be able to use a
alternative root directory to store my keyrings/policies so that my
test setup can run entirely as a user.
Attached is a patch that implements this via a new --rootdir option
(similar to the dpkg --root option). Alternatively I could add a
--keyring-dir and --policy-dir option if you prefer that. I couldn't
find a test directory but I'm happy to add a integration test for this
new feature (as its exactly what its meant for :). The man-page update
is also missing but I'm happy to add that too if you are fine with the
general idea.
Thanks,
Michael
>From da91646d4e910360eced3650732e4d2cdcd72296 Mon Sep 17 00:00:00 2001
From: Michael Vogt <[email protected]>
Date: Mon, 18 Aug 2014 15:55:41 +0200
Subject: [PATCH] Add a new --rootdir commandline option to allow a different
rootdir
This option allows to verify against a alternative policy location.
Useful for testing or verification as non-root user.
---
debian/changelog | 6 ++++++
debsig-verify.c | 13 ++++++++++---
debsig.h | 5 +++--
gpg-parse.c | 2 +-
4 files changed, 20 insertions(+), 6 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 8967e8d..2d5aca1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+debsig-verify (0.10.1) UNRELEASED; urgency=low
+
+ * add --rootdir option to use a alternative root directory
+
+ -- Michael Vogt <[email protected]> Mon, 18 Aug 2014 15:41:53 +0200
+
debsig-verify (0.10) unstable; urgency=low
* Add exit status codes to the man page.
diff --git a/debsig-verify.c b/debsig-verify.c
index a09f534..4319caf 100644
--- a/debsig-verify.c
+++ b/debsig-verify.c
@@ -34,6 +34,7 @@
#include "debsig.h"
char originID[2048];
+char *rootdir = "";
char *deb = NULL;
FILE *deb_fs = NULL;
@@ -286,7 +287,8 @@ Usage: %s [ options ] <deb>\n\n\
'Selection' block of the policies only.\n\
--use-policy <name> Used in conjunction with the above\n\
option. This allows you to specify the\n\
- short name of the policy you wish to try.\n",
+ short name of the policy you wish to try.\n\
+ --rootdir <dir> Use a alternative root directory for policy lookup\n",
dpkg_get_progname());
exit(1);
}
@@ -347,6 +349,12 @@ int main(int argc, char *argv[]) {
ds_printf(DS_LEV_ERR, "--use-policy requires an argument");
outputUsage();
}
+ } else if (!strcmp(argv[i], "--rootdir")) {
+ rootdir = argv[++i];
+ if (i == argc || rootdir[0] == '-') {
+ ds_printf(DS_LEV_ERR, "--rootdir requires an argument");
+ outputUsage();
+ }
} else
outputUsage();
}
@@ -371,8 +379,7 @@ int main(int argc, char *argv[]) {
strncpy(originID, tmpID, sizeof(originID));
/* Now we have an ID, let's check the policy to use */
-
- snprintf(buf, sizeof(buf) - 1, DEBSIG_POLICIES_DIR_FMT, originID);
+ snprintf(buf, sizeof(buf) - 1, DEBSIG_POLICIES_DIR_FMT, rootdir, originID);
if ((pd = opendir(buf)) == NULL)
ds_fail_printf(DS_FAIL_UNKNOWN_ORIGIN,
"Could not open Origin dir %s: %s\n", buf, strerror(errno));
diff --git a/debsig.h b/debsig.h
index 3c492b0..1b81681 100644
--- a/debsig.h
+++ b/debsig.h
@@ -17,8 +17,8 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
-#define DEBSIG_POLICIES_DIR_FMT DEBSIG_POLICIES_DIR"/%s"
-#define DEBSIG_KEYRINGS_FMT DEBSIG_KEYRINGS_DIR"/%s/%s"
+#define DEBSIG_POLICIES_DIR_FMT "%s"DEBSIG_POLICIES_DIR"/%s"
+#define DEBSIG_KEYRINGS_FMT "%s"DEBSIG_KEYRINGS_DIR"/%s/%s"
#define GPG_PROG "/usr/bin/gpg"
@@ -93,3 +93,4 @@ extern int ds_debug_level;
extern FILE *deb_fs;
extern char *deb;
extern char originID[];
+extern char *rootdir;
diff --git a/gpg-parse.c b/gpg-parse.c
index bae2181..f28a5b5 100644
--- a/gpg-parse.c
+++ b/gpg-parse.c
@@ -56,7 +56,7 @@ char *getKeyID (const struct match *mtc) {
gpg_init();
snprintf(buf, sizeof(buf) - 1, GPG_PROG" "GPG_ARGS_FMT" --list-packets -q "DEBSIG_KEYRINGS_FMT,
- GPG_ARGS, originID, mtc->file);
+ GPG_ARGS, rootdir, originID, mtc->file);
if ((ds = popen(buf, "r")) == NULL) {
perror("gpg");
--
2.0.0.rc0
--- End Message ---
--- Begin Message ---
Source: debsig-verify
Source-Version: 0.11
We believe that the bug you reported is fixed in the latest version of
debsig-verify, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated debsig-verify package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 28 Oct 2014 04:01:53 +0100
Source: debsig-verify
Binary: debsig-verify
Architecture: source
Version: 0.11
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Description:
debsig-verify - Debian package signature verification tool
Closes: 758525 758615 758826
Changes:
debsig-verify (0.11) unstable; urgency=medium
.
* Update Vcs-Browser git URL to the new cgit scheme.
* Add a README file.
* Autoconfiscate build system.
* Add more warning flags to the default compiler flags.
* Do not use continuation lines in string literals.
* Reformat and reflow --help output.
* Add a --root option to use an alternative root directory.
Thanks to Michael Vogt <[email protected]>. Closes: #758525
* Add new --policies-dir and --keyrings-dir options.
* Add new --help option.
* Do not print --version and --help on stderr and make them exit 0. And
replace usage error output with a new function that gives a hint to the
user to use --help instead.
* Add long options for quiet, verbose and debug.
* Use DS_LEV_ERR instead of DS_FAIL_INTERNAL as ds_printf() level argument.
* Use more of libdpkg instead of ad-hoc code, to reduce code duplication,
switch to more tested code, and so that the error return codes are
checked and acted upon. Closes: #758615
- Switch to use subproc module instead of fork() and waitpid().
- Switch from xmalloc to m_malloc().
- Use ohshit()/ohshite() instead of ds_fail_printf(DS_FAIL_INTERNAL, ...).
- Use m_dup2() instead of raw dup2().
- Use fdio API instead of ad-hoc file copying.
- Use str_match_end() instead of ad-hoc code, which also fixes a warning
due to a signed vs unsigned comparison.
* Remove useless return statements.
* Use a temporary GNUPGHOME instead of using the users's default.
Based on a patch by Michael Vogt <[email protected]>. Closes: #758826
* Error out if the GnuPG pipe failed on close.
* Explicitly check strcmp() return value instead of handling it as a bool.
* Switch originID from global to function scoped variable.
Thanks to Michael Vogt <[email protected]>.
* Switch deb and deb_fd from global to a function scoped struct.
* Change len type to size_t to fix a signed vs unsigned comparison warning.
* Make private functions static.
* Make private constant string variables static const.
* Add new autotest functional testsuite.
* Add test cases for signature checks.
Based on a patch by Michael Vogt <[email protected]>.
* Update copyright holders and years.
* Bump Standard-Version to 3.9.6 (no changed needed).
Checksums-Sha1:
4f5a674eace4323a8842a26328614f7c06ff72d6 1646 debsig-verify_0.11.dsc
3b7cbdab82839a65d7c40188c4a17ef32c43b772 125688 debsig-verify_0.11.tar.xz
Checksums-Sha256:
de1e0f6f56486740697fc90272a1f9d0ad2b3db942ee1d5989d93c3cb2317b59 1646
debsig-verify_0.11.dsc
ae66b9e733b51824e2e449582d932b130fece40b0041ed28af83b9b6dbb0cf23 125688
debsig-verify_0.11.tar.xz
Files:
a4f264b0e5dfddfdaac8915bdc15f02d 1646 admin optional debsig-verify_0.11.dsc
2e0e886614bdffc5981446f4b82edd7d 125688 admin optional
debsig-verify_0.11.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJUTwj1AAoJELlyvz6krleju7EP/AwoYbd+uSFNd8fgriKLqtnc
TYso/xDWiqTvAEAi+q48+o4xy+MtdBYfd/p4H5MD2iUe9UiP8scSy1q8wtjjDvFS
SfK1puHEUh3A0clS7f6Qcle8PM7+G1tEq0lNuaoOuSYuqDtgo6ufh9f7EuLW6cF8
ChpZqKI3QNcBdJKZ1v9+hZVvQPErYz6nSdOZGQ6FfdgZ6Qg+Bt403tPTqd+l2DK8
ULcLZBaKn29dPyJbuSTyDmg5aZNo7fE4BjPveSBLj39fwnLl37rS30qzacI6FxgJ
DqnUzKtebBm9RcGrKVXnbgLUDvoXlEI83QiP6ERiBsfZUbMuBNiEmiwDT5wxKtvT
MpwdOqyztOcV5l69HfuhqJW260YQLyvLiza3SOnkmOZh20EigX3EdoVKwzs2Aws5
o2/7CobymbguizT4mW1AKRs49gWCNF6WVQV0mLNqQap79kLlRbY4NYRyOf75WD+2
myHHlyk2b4kDhrosEfgjJlr3g4MtkNwYhv7hfXqiWbDBVS1+QnRrWOnBeaKJH5/9
OSaDVZ7bdCPlSpzZRChw6oebD8aWZzs+QVpOPNWpMr3QVdMXYUlk0uGIMJHlhXRO
zL0uy+wtgw5PhdiuXYbIo34Zk2GwzGeOJm84oMmvylhEkay0ADGT3fwKwpNghaID
IU6HGZxincU/WMiAoDQu
=Vuu9
-----END PGP SIGNATURE-----
--- End Message ---
