This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=0274e3d358022ddd270c6c40a048a27d8f6b4eb8 commit 0274e3d358022ddd270c6c40a048a27d8f6b4eb8 Author: Guillem Jover <[email protected]> AuthorDate: Thu Jun 20 23:33:59 2024 +0200 dpkg-buildpackage: Make newline injection during signing GnuPG specific This is a bug in GnuPG, that other implementations do not suffer from, and adding this newline causes multiple unnecessary newlines to be added which is odd on the output. Ref: https://dev.gnupg.org/T7106 --- scripts/Dpkg/OpenPGP/Backend/GnuPG.pm | 14 ++++++++++++++ scripts/dpkg-buildpackage.pl | 18 ++++-------------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm index 6c834be37..43ac1e2e6 100644 --- a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm +++ b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm @@ -34,7 +34,9 @@ use strict; use warnings; use POSIX qw(:sys_wait_h); +use File::Basename; use File::Temp; +use File::Copy; use MIME::Base64; use Dpkg::ErrorHandling; @@ -296,6 +298,18 @@ sub inline_sign { return OPENPGP_MISSING_CMD if ! $self->has_backend_cmd(); + my $file = basename($data); + my $signdir = File::Temp->newdir('dpkg-sign.XXXXXXXX', TMPDIR => 1); + my $signfile = "$signdir/$file"; + + # Make sure the file to sign ends with a newline, as GnuPG does not adhere + # to the OpenPGP specification (see <https://dev.gnupg.org/T7106>). + copy($data, $signfile); + open my $signfh, '>>', $signfile + or syserr(g_('cannot open %s'), $signfile); + print { $signfh } "\n"; + close $signfh or syserr(g_('cannot close %s'), $signfile); + my @exec = ($self->{cmd}); push @exec, _gpg_options_weak_digests(); push @exec, qw(--utf8-strings --textmode --armor); diff --git a/scripts/dpkg-buildpackage.pl b/scripts/dpkg-buildpackage.pl index df2edded9..6ebb04639 100755 --- a/scripts/dpkg-buildpackage.pl +++ b/scripts/dpkg-buildpackage.pl @@ -23,8 +23,6 @@ use strict; use warnings; -use File::Temp qw(tempdir); -use File::Basename; use File::Copy; use File::Glob qw(bsd_glob GLOB_TILDE GLOB_NOCHECK); use POSIX qw(:sys_wait_h); @@ -866,24 +864,16 @@ sub signkey_validate { sub signfile { my $file = shift; + my $signfile = "../$file"; printcmd("signfile $file"); - my $signdir = tempdir('dpkg-sign.XXXXXXXX', CLEANUP => 1); - my $signfile = "$signdir/$file"; - - # Make sure the file to sign ends with a newline. - copy("../$file", $signfile); - open my $signfh, '>>', $signfile or syserr(g_('cannot open %s'), $signfile); - print { $signfh } "\n"; - close $signfh or syserr(g_('cannot close %s'), $signfile); - my $status = $openpgp->inline_sign($signfile, "$signfile.asc", $signkey); if ($status == OPENPGP_OK) { - move("$signfile.asc", "../$file") - or syserror(g_('cannot move %s to %s'), "$signfile.asc", "../$file"); + move("$signfile.asc", $signfile) + or syserror(g_('cannot move %s to %s'), "$signfile.asc", $signfile); } else { - error(g_('failed to sign %s file: %s'), $file, + error(g_('failed to sign %s file: %s'), $signfile, openpgp_errorcode_to_string($status)); } -- Dpkg.Org's dpkg
