This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=43d07b3c601f87ff7fa68d7aedf5b79dd6502533 commit 43d07b3c601f87ff7fa68d7aedf5b79dd6502533 Author: Guillem Jover <[email protected]> AuthorDate: Wed Jul 20 03:12:43 2022 +0200 Dpkg::OpenPGP: Merge ASCII armored key import into signature verification Handle ASCII armored "keyrings" semi-transparently, by accepting them in the verification function. --- scripts/Dpkg/OpenPGP.pm | 25 ++++--------------------- scripts/Dpkg/Source/Package.pm | 7 +------ 2 files changed, 5 insertions(+), 27 deletions(-) diff --git a/scripts/Dpkg/OpenPGP.pm b/scripts/Dpkg/OpenPGP.pm index 53c2c9f58..dbe369913 100644 --- a/scripts/Dpkg/OpenPGP.pm +++ b/scripts/Dpkg/OpenPGP.pm @@ -134,35 +134,18 @@ sub _gpg_import_keys { } } -sub import_key { - my ($opts, $asc) = @_; - - $opts->{require_valid_signature} //= 1; - - if (find_command('gpg')) { - _gpg_import_keys($opts, $opts->{keyring}, $asc); - } elsif ($opts->{require_valid_signature}) { - error(g_('cannot import key in %s since GnuPG is not installed'), - $asc); - } else { - warning(g_('cannot import key in %s since GnuPG is not installed'), - $asc); - } - - return; -} - sub _gpg_verify { my ($opts, $data, $sig, @certs) = @_; my $gpg_home = File::Temp->newdir('dpkg-gpg-verify.XXXXXXXX', TMPDIR => 1); + my $keyring = File::Temp->new(UNLINK => 1, SUFFIX => '.pgp'); + + _gpg_import_keys($opts, $keyring, @certs); my @exec = qw(gpgv); push @exec, _gpg_options_weak_digests(); push @exec, '--homedir', $gpg_home; - foreach my $cert (@certs) { - push @exec, '--keyring', $cert; - } + push @exec, '--keyring', $keyring; push @exec, $sig if defined $sig; push @exec, $data; diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm index 0ac85990e..734ec985f 100644 --- a/scripts/Dpkg/Source/Package.pm +++ b/scripts/Dpkg/Source/Package.pm @@ -459,20 +459,15 @@ sub check_original_tarball_signature { return; } - my $keyring = File::Temp->new(UNLINK => 1, SUFFIX => '.gpg'); my $opts = { require_valid_signature => $self->{options}{require_valid_signature}, }; - Dpkg::OpenPGP::import_key({ - %{$opts}, - keyring => $keyring, - }, $upstream_key); foreach my $asc (@asc) { my $datafile = $asc =~ s/\.asc$//r; info(g_('verifying %s'), $asc); - Dpkg::OpenPGP::verify($opts, $datafile, $asc, $keyring); + Dpkg::OpenPGP::verify($opts, $datafile, $asc, $upstream_key); } } -- Dpkg.Org's dpkg
