On Thu, 2008-06-26 at 01:37 +0900, Osamu Aoki wrote:
> But the root cause is debsign tries to create temporary file on the
> directory where files to be signed exist. There is no gurantee. We
> should use standard complying tempfile creation. Since some of the
> devscripts programs uses `tempfile` command, I followed as the
> attached patch (copyright donated to main authors of this script).
debsign itself already uses mktemp, however :-)
> This enables us to sign files as long as they are readable and writable file
> where ever they are as long as the file system is RW.
Thanks for the patch. Unfortunately, the last hunk reverts a change that
was introduced in 2.10.28 to allow files with odd permissions to be
updated; specifically, this section:
- mv -f -- "$1.asc" "$1"
+ cat "$ASCII_SIGNED_FILE" > "$1"
If the file is mode 444, for example, but in a directory to which the
user has write access, cat will fail to overwrite it, whilst the mv -f
will succeed; in the case you mention, the reverse is true.
There are a couple of places where the script will still fail with the
patch applied, for the same reasons as above:
- after signing the .dsc - the .changes file is copied to a temporary
file (using mktemp), the size and checksums of the .dsc's entries in the
temporary file are updated and it's then moved back over the
original .changes (using mv -f)
- if either the .dsc or .changes files are already signed then a
temporary copy without the signature is created and mved back
I suspect all of the above would be solvable by something along the
lines of
cat "$TEMPFILE" > "$1" 2> /dev/null || mv -f -- "$TEMPFILE" "$1"
but that seems overly complicated. :-/ (the cat must be tried first, for
fairly obvious reasons).
Regards,
Adam
--
To unsubscribe, send mail to [EMAIL PROTECTED]
