This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=e4f9fc7a5040f0eeef330e82bdeda6483bbd8a50 commit e4f9fc7a5040f0eeef330e82bdeda6483bbd8a50 Author: Guillem Jover <[email protected]> AuthorDate: Sat Aug 31 03:55:10 2019 +0200 Dpkg::OpenPGP: Make it possible to verify detached signatures This is required to be able to verify original upstream tarball signatures, as they are expected to be ASCII armored detached signatures for the upstream tarballs. --- debian/changelog | 1 + scripts/Dpkg/OpenPGP.pm | 1 + 2 files changed, 2 insertions(+) diff --git a/debian/changelog b/debian/changelog index 42e536756..876e3460b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -22,6 +22,7 @@ dpkg (1.20.0) UNRELEASED; urgency=medium - Dpkg::Source::Package: Refactor original tarball handling. - perl: Use File::Copy instead of spawning mv/cp commands. - Dpkg::OpenPGP: Refactor signature verification into a new function. + - Dpkg::OpenPGP: Make it possible to verify detached signatures. * Build system: - Bump minimal Perl version to 5.24.1. diff --git a/scripts/Dpkg/OpenPGP.pm b/scripts/Dpkg/OpenPGP.pm index 234c90a4d..f207af228 100644 --- a/scripts/Dpkg/OpenPGP.pm +++ b/scripts/Dpkg/OpenPGP.pm @@ -103,6 +103,7 @@ sub verify_signature { push @exec, '--keyring', $keyring; } push @exec, $sig; + push @exec, $opts{datafile} if exists $opts{datafile}; my ($stdout, $stderr); spawn(exec => \@exec, wait_child => 1, nocheck => 1, timeout => 10, -- Dpkg.Org's dpkg
