The following commit has been merged in the master branch:
commit cbde6f587130724749c23908cce129380dc7652d
Author: Colin Watson <[email protected]>
Date: Mon Apr 27 11:56:22 2009 +0100
dpkg-source: Add "keyrings" vendor hook
Add "keyrings" vendor hook, used by dpkg-source to allow vendors to
supply additional keyrings against which source package signatures will
be verified. Implement this for Ubuntu.
diff --git a/debian/changelog b/debian/changelog
index 85fef5b..1fc1546 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -77,6 +77,11 @@ dpkg (1.15.1) UNRELEASED; urgency=low
* Dpkg::Version: Remove unnecessary function next_elem which just
replicates the standard shift behaviour.
+ [ Colin Watson ]
+ * Add "keyrings" vendor hook, used by dpkg-source to allow vendors to
+ supply additional keyrings against which source package signatures will
+ be verified. Implement this for Ubuntu. Closes: #525834
+
[ Updated dselect translations ]
* German (Sven Joachim).
* Swedish (Peter Krefting).
diff --git a/man/dpkg-source.1 b/man/dpkg-source.1
index 0cbf798..aab42ad 100644
--- a/man/dpkg-source.1
+++ b/man/dpkg-source.1
@@ -184,7 +184,7 @@ Do not check signatures and checksums before unpacking.
.BI \-\-require\-valid\-signature
Refuse to unpack the source package if it doesn't contain an OpenPGP
signature that can be verified either with the user's
-\fItrustedkeys.gpg\fP keyring or one
+\fItrustedkeys.gpg\fP keyring, one of the vendor-specific keyrings, or one
of the official Debian keyrings
(\fI/usr/share/keyrings/debian-keyring.gpg\fP
and \fI/usr/share/keyrings/debian-maintainers.gpg\fP).
diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm
index c109403..d29294b 100644
--- a/scripts/Dpkg/Source/Package.pm
+++ b/scripts/Dpkg/Source/Package.pm
@@ -30,6 +30,7 @@ use Dpkg::Compression;
use Dpkg::Exit;
use Dpkg::Path qw(check_files_are_the_same);
use Dpkg::IPC;
+use Dpkg::Vendor qw(run_vendor_hook);
use POSIX;
use File::Basename;
@@ -281,6 +282,11 @@ sub check_signature {
push @exec, "gpg", "--no-default-keyring", "-q", "--verify";
}
if (scalar(@exec)) {
+ foreach my $vendor_keyring (run_vendor_hook('keyrings')) {
+ if (-r $vendor_keyring) {
+ push @exec, "--keyring", $vendor_keyring;
+ }
+ }
if (-r '/usr/share/keyrings/debian-keyring.gpg') {
push @exec, "--keyring", "/usr/share/keyrings/debian-keyring.gpg";
}
diff --git a/scripts/Dpkg/Vendor/Default.pm b/scripts/Dpkg/Vendor/Default.pm
index c1d2aad..0295aeb 100644
--- a/scripts/Dpkg/Vendor/Default.pm
+++ b/scripts/Dpkg/Vendor/Default.pm
@@ -78,6 +78,12 @@ The hook is called just before the content of .changes file
is output
by dpkg-genchanges. The first parameter is a Dpkg::Fields::Object
representing all the fields that are going to be output.
+=item keyrings ()
+
+The hook is called when dpkg-source is checking a signature on a source
+package. It takes no parameters, but returns a (possibly empty) list of
+vendor-specific keyrings.
+
=back
=cut
@@ -88,6 +94,8 @@ sub run_hook {
my $srcpkg = shift @params;
} elsif ($hook eq "before-changes-creation") {
my $fields = shift @params;
+ } elsif ($hook eq "keyrings") {
+ return ();
}
}
diff --git a/scripts/Dpkg/Vendor/Ubuntu.pm b/scripts/Dpkg/Vendor/Ubuntu.pm
index 6cb692f..91928d1 100644
--- a/scripts/Dpkg/Vendor/Ubuntu.pm
+++ b/scripts/Dpkg/Vendor/Ubuntu.pm
@@ -68,6 +68,9 @@ sub run_hook {
if (scalar(@{$bugs})) {
$fields->{"Launchpad-Bugs-Fixed"} = join(" ", @{$bugs});
}
+
+ } elsif ($hook eq "keyrings") {
+ return '/usr/share/keyrings/ubuntu-archive-keyring.gpg';
}
}
--
dpkg's main repository
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
