[lintian] 02/02: Check for the presence of a signature if an upstream signing key is present. (Closes: #833585)

Sun, 08 Oct 2017 01:22:41 -0700 

This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch lamby/wip/upstream-signing-833585
in repository lintian.

commit 7b93b9471778f2e6fe5bccdd1272f42ff9674312
Author: Chris Lamb <[email protected]>
Date:   Sun Jul 16 09:28:39 2017 +0100

    Check for the presence of a signature if an upstream signing key is 
present. (Closes: #833585)
---
 checks/changes-file.desc                           |  7 +++++++
 checks/changes-file.pm                             | 24 +++++++++++++++++++++-
 debian/changelog                                   |  3 +++
 ...nges-file-missing-upstream-signature.changes.in | 21 +++++++++++++++++++
 ...s-file-missing-upstream-signature.debian.tar.xz |  0
 .../changes-file-missing-upstream-signature.desc   |  5 +++++
 ...ges-file-missing-upstream-signature.orig.tar.xz |  0
 .../changes-file-missing-upstream-signature.tags   |  0
 8 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/checks/changes-file.desc b/checks/changes-file.desc
index 4506ccc..48515f7 100644
--- a/checks/changes-file.desc
+++ b/checks/changes-file.desc
@@ -179,3 +179,10 @@ Info: The distribution in the <tt>Changes</tt> field 
copied from
  <tt>debian/changelog</tt> indicates that this package was not intended
  to be released yet.
 Ref: #542747
+
+Tag: orig-tarball-missing-upstream-signature
+Severity: important
+Certainty: certain
+Info: The packaging includes an upstream signing key but the corresponding
+ <tt>.asc</tt> signature for one or more source tarballs are not included
+ in your .changes file.
diff --git a/checks/changes-file.pm b/checks/changes-file.pm
index 4b56525..3b215f9 100644
--- a/checks/changes-file.pm
+++ b/checks/changes-file.pm
@@ -29,9 +29,10 @@ use Lintian::Data;
 use Lintian::Util qw(get_file_checksum);
 
 my $KNOWN_DISTS = Lintian::Data->new('changes-file/known-dists');
+my $SIGNING_KEY_FILENAMES = Lintian::Data->new('common/signing-key-filenames');
 
 sub run {
-    my (undef, undef, $info) = @_;
+    my (undef, undef, $info, undef, $group) = @_;
 
     # If we don't have a Format key, something went seriously wrong.
     # Tag the file and skip remaining processing.
@@ -175,12 +176,33 @@ sub run {
         check_maintainer($info->field('changed-by'), 'changed-by');
     }
 
+    my $has_signing_key = 1;
+    my $src = $group->get_source_processable;
+    if ($src) {
+        for my $key_name ($SIGNING_KEY_FILENAMES->all) {
+            my $path = $src->info->index_resolved_path("debian/$key_name");
+            if ($path and $path->is_file) {
+                $has_signing_key = 1;
+                last;
+            }
+        }
+    }
+
     my $files = $info->files;
     my $path = readlink($info->lab_data_path('changes'));
     $path =~ s#/[^/]+$##;
     foreach my $file (keys %$files) {
         my $file_info = $files->{$file};
 
+        # Ensure orig tarballs have a signature if we have an upstream
+        # signature.
+        if (   $has_signing_key
+            && $file =~ m/\.orig\.tar\./
+            && $file !~ m/\.asc$/
+            && not exists $files->{"$file.asc"}) {
+            tag 'orig-tarball-missing-upstream-signature', "$file";
+        }
+
         # check section
         if (   ($file_info->{section} eq 'non-free')
             or ($file_info->{section} eq 'contrib')) {
diff --git a/debian/changelog b/debian/changelog
index a252b91..f619c70 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,9 @@ lintian (2.5.52) UNRELEASED; urgency=medium
     + [NT] Remove check for missing versioned build-depends for dpkg
       and debhlper when using Build-Profiles.  The necessary versions
       are now in oldstable.
+  * checks/changes-file.{desc,pm}:
+    + [CL] Check for the presence of a signature if an upstream signing
+      key is present.  (Closes: #833585)
   * checks/copyright-file.{desc,pm}:
     + [CL] Rename copyright-contains-dh-make-perl-boilerplate to
       copyright-contains-automatically-extracted-boilerplate as it can
diff --git a/t/changes/changes-file-missing-upstream-signature.changes.in 
b/t/changes/changes-file-missing-upstream-signature.changes.in
new file mode 100644
index 0000000..f4d6250
--- /dev/null
+++ b/t/changes/changes-file-missing-upstream-signature.changes.in
@@ -0,0 +1,21 @@
+Format: 1.8
+Date: {$date}
+Source: {$source}
+Binary: {$source}
+Architecture: source all
+Version: {$version}
+Distribution: unstable
+Urgency: low
+Maintainer: {$author}
+Changed-By: {$author}
+Files:
+ d41d8cd98f00b204e9800998ecf8427e 0 devel optional {$source}.orig.tar.xz
+ d41d8cd98f00b204e9800998ecf8427e 0 devel optional {$source}.debian.tar.xz
+Checksums-Sha1:
+ da39a3ee5e6b4b0d3255bfef95601890afd80709 0 {$source}.orig.tar.xz
+ da39a3ee5e6b4b0d3255bfef95601890afd80709 0 {$source}.debian.tar.xz
+Checksums-Sha256:
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0 
{$source}.orig.tar.xz
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0 
{$source}.debian.tar.xz
+Description:
+ {$source} - {$description}
diff --git a/t/changes/changes-file-missing-upstream-signature.debian.tar.xz 
b/t/changes/changes-file-missing-upstream-signature.debian.tar.xz
new file mode 100644
index 0000000..e69de29
diff --git a/t/changes/changes-file-missing-upstream-signature.desc 
b/t/changes/changes-file-missing-upstream-signature.desc
new file mode 100644
index 0000000..a491288
--- /dev/null
+++ b/t/changes/changes-file-missing-upstream-signature.desc
@@ -0,0 +1,5 @@
+Testname: changes-file-missing-upstream-signature
+Version: 1.0
+Description: Check presence of a signature if we have an upstream signing key
+Test-Against:
+ orig-tarball-missing-upstream-signature
diff --git a/t/changes/changes-file-missing-upstream-signature.orig.tar.xz 
b/t/changes/changes-file-missing-upstream-signature.orig.tar.xz
new file mode 100644
index 0000000..e69de29
diff --git a/t/changes/changes-file-missing-upstream-signature.tags 
b/t/changes/changes-file-missing-upstream-signature.tags
new file mode 100644
index 0000000..e69de29

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

Reply via email to