[devscripts] 03/04: explicitly dearmor, rather than --import upstream signing key

Sat, 03 Jan 2015 06:50:15 -0800 

This is an automated email from the git hooks/post-receive script.

jamessan pushed a commit to branch master
in repository devscripts.

commit 73de654226354b50af6911ab5e34ab85c8b6f03a
Author: Daniel Kahn Gillmor <[email protected]>
Date:   Thu Nov 6 12:08:31 2014 -0500

    explicitly dearmor, rather than --import upstream signing key
    
    gnupg 2.1 handles --import by generating a pubring.kbx file, not a
    pubring.gpg file.  So when gnupg 2.1 is installed verifying upstream
    signatures failed when the upstream signing key was ascii-armored.
    
    With this patch, we explicitly dearmor the .asc, rather than relying
    on side effects that aren't true for all gpg versions.
    
    Signed-off-by: James McCoy <[email protected]>
---
 debian/changelog | 4 ++++
 scripts/uscan.pl | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 94864fa..e36f634 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,10 @@ devscripts (2.15.1+exp1) UNRELEASED; urgency=medium
   [ Dominique Dumont ]
   * licensecheck: handle license like GPL version 2 or 3 (which is not GPL-2+)
 
+  [ Daniel Kahn Gillmor ]
+  * uscan: explicitly dearmor, rather than --import upstream signing key
+    (Closes: #768345)
+
  -- James McCoy <[email protected]>  Sat, 03 Jan 2015 00:47:36 -0500
 
 devscripts (2.15.1) unstable; urgency=medium
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index c8038fc..bd1a851 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -872,9 +872,10 @@ sub process_watchline ($$$$$$)
                }
                # Need to convert an armored key to binary for use by gpgv
                $gpghome = tempdir(CLEANUP => 1);
-               spawn(exec => [$havegpg, '--homedir', $gpghome, '--no-options', 
'-q', '--batch', '--no-default-keyring', '--import', $keyring],
+               my $newkeyring = "$gpghome/trustedkeys.gpg";
+               spawn(exec => [$havegpg, '--homedir', $gpghome, '--no-options', 
'-q', '--batch', '--no-default-keyring', '--output', $newkeyring, '--dearmor', 
$keyring],
                      wait_child => 1);
-               $keyring = "$gpghome/pubring.gpg";
+               $keyring = $newkeyring
            }
        }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/collab-maint/devscripts.git

_______________________________________________
devscripts-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel

Reply via email to