Package: devscripts
Version: 2.10.30
Severity: normal
Tags: patch
This is fix to the root cause of one minor annoiance of pbuilder ...
You can not auto sign packages build by pbuilder as default
installation. This is because:
$ ls -ld /var/cache/pbuilder/result
drwxrwxr-x 2 root root 4096 2008-06-25 09:36 /var/cache/pbuilder/result
Of course, by chgrp etc., we can make it work.
But the root cause is debsign tries to create temporary file on the
directory where files to be signed exist. There is no gurantee. We
should use standard complying tempfile creation. Since some of the
devscripts programs uses `tempfile` command, I followed as the
attached patch (copyright donated to main authors of this script).
This enables us to sign files as long as they are readable and writable file
where ever they are as long as the file system is RW.
Osamu
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
DEBSIGN_KEYID="A8061F32"
DEBUILD_DPKG_BUILDPACKAGE_OPTS="-i -I"
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages devscripts depends on:
ii dpkg-dev 1.14.20 Debian package development tools
ii libc6 2.7-12 GNU C Library: Shared libraries
ii perl 5.10.0-11 Larry Wall's Practical Extraction
Versions of packages devscripts recommends:
ii at 3.1.10.1 Delayed job execution and batch pr
ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent
ii curl 7.18.2-1 Get a file from an HTTP, HTTPS or
ii cvs 1:1.12.13-11 Concurrent Versions System
ii dctrl-tools 2.12 Command-line tools to process Debi
ii debian-keyring 2008.05.28 GnuPG (and obsolete PGP) keys of D
ii debian-maintainers 1.37 GPG keys of Debian maintainers
ii dupload 2.6.4 utility to upload Debian packages
ii elvis [www-browser 2.2.0-10 powerful clone of the vi/ex text e
ii epiphany-gecko [ww 2.22.2-3 Intuitive GNOME web browser - Geck
ii equivs 2.0.7-0.1 Circumvent Debian package dependen
ii fakeroot 1.9.5 Gives a fake root environment
ii git-core 1:1.5.6-1 fast, scalable, distributed revisi
ii gnupg 1.4.9-2 GNU privacy guard - a free PGP rep
ii iceweasel [www-bro 3.0~rc2-2 lightweight web browser based on M
ii libauthen-sasl-per 2.11-1 Authen::SASL - SASL Authentication
ii libcrypt-ssleay-pe 0.57-1+b1 Support for https protocol in LWP
ii libparse-debcontro 2.005-2 Easy OO parsing of Debian control-
ii libsoap-lite-perl 0.710.06-1 Client and server side SOAP implem
ii libterm-size-perl 0.2-4+b1 Perl extension for retrieving term
ii libtimedate-perl 1.1600-9 Time and date functions for Perl
ii liburi-perl 1.35.dfsg.1-1 Manipulates and accesses URI strin
ii libwww-perl 5.812-1 WWW client/server library for Perl
ii libyaml-syck-perl 1.05-1 Fast, lightweight YAML loader and
ii lintian 1.24.1 Debian package checker
ii lsb-release 3.2-12 Linux Standard Base version report
ii mailx 1:20071201-3 Transitional package for mailx ren
ii man-db 2.5.2-1 on-line manual pager
ii openssh-client [ss 1:4.7p1-12 secure shell client, an rlogin/rsh
ii patch 2.5.9-5 Apply a diff file to an original
ii patchutils 0.2.31-4 Utilities to work with patches
ii strace 4.5.15-1.2 A system call tracer
ii subversion 1.4.6dfsg1-4 Advanced version control system
ii unzip 5.52-11 De-archiver for .zip files
ii w3m [www-browser] 0.5.2-2 WWW browsable pager with excellent
ii wdiff 0.5-18 Compares two files word by word
ii wget 1.11.3-1 retrieves files from the web
-- no debconf information
diff -Nru devscripts-2.10.30-orig/debian/changelog devscripts-2.10.30+nmu1/debian/changelog
--- devscripts-2.10.30-orig/debian/changelog 2008-06-17 04:00:01.000000000 +0900
+++ devscripts-2.10.30+nmu1/debian/changelog 2008-06-26 01:10:18.000000000 +0900
@@ -1,3 +1,11 @@
+devscripts (2.10.30+nmu1) NOT-RELEASED-unstable; urgency=low
+
+ * Non-maintainer upload. (I will not!)
+ * debsign: Do not assume directory write permission of directory of
+ the file to be signed.
+
+ -- Osamu Aoki <[EMAIL PROTECTED]> Thu, 26 Jun 2008 01:06:01 +0900
+
devscripts (2.10.30) unstable; urgency=low
* bts: MIME-encode the Subject: header of the generated mail in case it
diff -Nru devscripts-2.10.30-orig/scripts/debsign.sh devscripts-2.10.30+nmu1/scripts/debsign.sh
--- devscripts-2.10.30-orig/scripts/debsign.sh 2008-05-06 00:04:49.000000000 +0900
+++ devscripts-2.10.30+nmu1/scripts/debsign.sh 2008-06-26 01:19:52.000000000 +0900
@@ -107,6 +107,7 @@
# of dpkg-buildpackage, because we do not know all of the necessary
# information when this function is read first.
signfile () {
+ ASCII_SIGNED_FILE=`tempfile --prefix=$1. --suffix=.asc`
local savestty=$(stty -g 2>/dev/null) || true
if [ $signinterface = gpg ]
then
@@ -118,7 +119,7 @@
(cat "$1" ; echo "") | \
$signcommand --local-user "$2" --clearsign \
--list-options no-show-policy-urls \
- --armor --textmode --output - - > "$1.asc" || \
+ --armor --textmode --output - - > "$ASCII_SIGNED_FILE" || \
{ SAVESTAT=$?
echo "$PROGNAME: gpg error occurred! Aborting...." >&2
stty $savestty 2>/dev/null || true
@@ -128,7 +129,7 @@
(cat "$1" ; echo "") | \
$signcommand --local-user "$2" --clearsign \
--no-show-policy-url \
- --armor --textmode --output - - > "$1.asc" || \
+ --armor --textmode --output - - > "$ASCII_SIGNED_FILE" || \
{ SAVESTAT=$?
echo "$PROGNAME: gpg error occurred! Aborting...." >&2
stty $savestty 2>/dev/null || true
@@ -136,12 +137,12 @@
}
fi
else
- $signcommand -u "$2" +clearsig=on -fast < "$1" > "$1.asc"
+ $signcommand -u "$2" +clearsig=on -fast < "$1" > "$ASCII_SIGNED_FILE"
fi
stty $savestty 2>/dev/null || true
echo
PRECIOUS_FILES=$(($PRECIOUS_FILES + 1))
- mv -f -- "$1.asc" "$1"
+ cat "$ASCII_SIGNED_FILE" > "$1"
}
withecho () {
