Hello community, here is the log from the commit of package gpg-offline for openSUSE:Factory checked in at 2013-09-13 14:43:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg-offline (Old) and /work/SRC/openSUSE:Factory/.gpg-offline.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg-offline" Changes: -------- --- /work/SRC/openSUSE:Factory/gpg-offline/gpg-offline.changes 2012-12-19 20:45:58.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gpg-offline.new/gpg-offline.changes 2013-09-13 14:43:59.000000000 +0200 @@ -1,0 +2,12 @@ +Wed Sep 11 20:09:18 CEST 2013 - sbra...@suse.cz + +- Do not attempt to parse gpg --verify arguments. + It breaks verification from stdin. + +------------------------------------------------------------------- +Wed Dec 19 20:44:18 CET 2012 - sbra...@suse.cz + +- Add --trust-model=always where appropriate. +- Manpage fix. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg-offline.spec ++++++ --- /var/tmp/diff_new_pack.oZlKAd/_old 2013-09-13 14:44:00.000000000 +0200 +++ /var/tmp/diff_new_pack.oZlKAd/_new 2013-09-13 14:44:00.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package gpg-offline # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ genopts ++++++ --- /var/tmp/diff_new_pack.oZlKAd/_old 2013-09-13 14:44:00.000000000 +0200 +++ /var/tmp/diff_new_pack.oZlKAd/_new 2013-09-13 14:44:00.000000000 +0200 @@ -1,6 +1,8 @@ #! /bin/bash # genopts: Generator of Bash based option parser. +# Version 1.3, Stanislav Brabec <sbra...@suse.cz>, 2004: +# Support for automake (write to current directory). # Version 1.2, Stanislav Brabec <sbra...@suse.cz>, 2004: # Fixed @options_only. # Added @multioption. @@ -20,8 +22,8 @@ if [ -e $1.gopts ] then - exec 0<$1.gopts 1>$1 - chmod +x $1 + exec 0<$1.gopts 1>${1##*/} + chmod +x ${1##*/} else echo "Input file $1.gopts doesn't exist." exit 1 ++++++ gpg-offline.gopts ++++++ --- /var/tmp/diff_new_pack.oZlKAd/_old 2013-09-13 14:44:00.000000000 +0200 +++ /var/tmp/diff_new_pack.oZlKAd/_new 2013-09-13 14:44:00.000000000 +0200 @@ -68,7 +68,7 @@ lists keyring contents (exactly equal to --review --offline) @switch VERIFY -c --verify -verifies signature of selected source files +verifies selected signatures files @switch OFFLINE -O --offline does not verify up-to-date status online (use with --add, --review or --refresh) @@ -162,13 +162,11 @@ else AUTO_KEY_RETRIEVE="" fi - for ID in "${ARGV[@]}" ; do - vvrun "Extract minimal form of the key $ID in binary form:"\ - gpg --keyserver-options=${AUTO_KEY_RETRIEVE}auto-key-retrieve --armor --export-options no-export-attributes,export-clean,export-minimal --export "$ID" >${TEMP}key.$$ - vvrun "Import the new key to the temporary keyring:"\ - gpg --no-default-keyring --keyring gpg-offline.$$ --import <${TEMP}key.$$ - done + vvrun "Extract minimal form of the key $ID in binary form:"\ + gpg --keyserver-options=${AUTO_KEY_RETRIEVE}auto-key-retrieve --armor --export-options no-export-attributes,export-clean,export-minimal --export "${ARGV[@]}" >${TEMP}key.$$ + vvrun "Import the new key to the temporary keyring:"\ + gpg --no-default-keyring --keyring gpg-offline.$$ --import <${TEMP}key.$$ } function keyring_op_delete { @@ -182,7 +180,7 @@ if ! $OPTARG_OFFLINE ; then vvrun "Refreshing keys from the key server:"\ - gpg --no-default-keyring --keyring gpg-offline.$$ --refresh-keys + gpg --trust-model=always --no-default-keyring --keyring gpg-offline.$$ --refresh-keys fi } @@ -205,7 +203,7 @@ function keyring_required { if ! test -f "$KEYRING" ; then - echo >&2 "$0: $KEYRING not found." + echo >&2 "$0: Keyring \"$KEYRING\" not found." exit 1 fi } @@ -250,18 +248,13 @@ filespec_required keyring_required - RC=0 rm -rf ~/.gnupg/gpg-offline.$$* trap "rm -rf ~/.gnupg/gpg-offline.$$*" EXIT vvrun "Import armored $KEYRING to the temporary keyring:"\ gpg --no-default-keyring --keyring gpg-offline.$$ --import <"$KEYRING" - for SIGNATURE in "${ARGV[@]}" ; do - # "--trust-model=always" always generates warning "Using untrusted key!". "--quiet" suppresses it. - vvrun "Verifying $SIGNATURE against the temporary keyring only:"\ - gpg --quiet --trust-model=always --keyserver-options=no-auto-key-retrieve --no-default-keyring --keyring=gpg-offline.$$ --verify "$SIGNATURE" - let RC+=$? - done - if test $RC -gt 0 ; then + # "--trust-model=always" always generates warning "Using untrusted key!". "--quiet" suppresses it. + if ! vvrun "Verifying $SIGNATURE against the temporary keyring only:"\ + gpg --quiet --trust-model=always --keyserver-options=no-auto-key-retrieve --no-default-keyring --keyring=gpg-offline.$$ --verify "${ARGV[@]}" ; then exit 1 fi exit 0 ++++++ gpg-offline.man.in ++++++ --- /var/tmp/diff_new_pack.oZlKAd/_old 2013-09-13 14:44:00.000000000 +0200 +++ /var/tmp/diff_new_pack.oZlKAd/_new 2013-09-13 14:44:00.000000000 +0200 @@ -14,12 +14,12 @@ \fB\-p\fR, \fB\-\-package\fR=\fIPACKAGE\fR specify the package (either \fB\-\-package\fR or \fB\-\-keyring\fR are mandatory) Tool will access file named -.FN \fIPACKAGE\fR.keyring +\fIPACKAGE\fR.keyring in the directory specified by \fB\-\-package\fR. .TP \fB\-\-directory\fR \fIDIR\fR specifies directory where -.FN \fIPACKAGE\fR.keyring +\fIPACKAGE\fR.keyring will be searched. .TP \fB\-f\fR, \fB\-\-keyring\fR=\fIFILE\fR @@ -43,7 +43,7 @@ removes signing key(s) KEY_ID of upstream package from the keyring file. .TP -\fB\-c\fR, \fB\-\-verify\fR \fISIGNATURE\fR... +\fB\-c\fR, \fB\-\-verify\fR \fIGPG_ARGS\fR... verifies that the signature is valid. Signature is validated only against keys included in the keyring file. Any other keys are not accepted. -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org