From 1579878c73e248f89d5619d893dab450fc6344fb Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Fri, 27 Jan 2017 14:02:44 +0100 Subject: [PATCH] dscverify: Add support for .buildinfo files Signed-off-by: Guillem Jover --- scripts/dscverify.1 | 11 +++++++---- scripts/dscverify.pl | 10 +++++----- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/scripts/dscverify.1 b/scripts/dscverify.1 index 48b41a25..1082147a 100644 --- a/scripts/dscverify.1 +++ b/scripts/dscverify.1 @@ -2,15 +2,17 @@ .SH NAME dscverify \- verify the validity of a Debian package .SH SYNOPSIS -\fBdscverify\fR [\fB\-\-keyring \fIkeyring\fR] ... \fIchanges_or_dsc_filename\fR ... +\fBdscverify\fR [\fB\-\-keyring \fIkeyring\fR] ... \fIchanges_or_buildinfo_or_dsc_filename\fR ... .SH DESCRIPTION \fBdscverify\fR checks that the GPG signatures on the given -\fI.changes\fR or \fI.dsc\fR files are good signatures made by keys in +\fI.changes\fR, \fI.buildinfo\fP or \fI.dsc\fR files are good signatures +made by keys in the current Debian keyrings, found in the \fIdebian-keyring\fR and \fIdebian-maintainers\fR packages. (Additional keyrings can be specified using the \fB--keyring\fR option any number of times.) It then checks that the -other files listed in the \fI.changes\fR or \fI.dsc\fR files have the +other files listed in the \fI.changes\fR, \fI.buildinfo\fP or \fI.dsc\fR +files have the correct sizes and checksums (MD5 plus SHA1 and SHA256 if the latter are present). The exit status is 0 if there are no problems and non-zero otherwise. @@ -28,7 +30,8 @@ first option given on the command-line. .TP \fB\-\-nosigcheck\fR, \fB\-\-no\-sig\-check\fR, \fB-u\fR Skip the signature verification step. That is, only verify the sizes and -checksums of the files listed in the \fI.changes\fR or \fI.dsc\fR files. +checksums of the files listed in the \fI.changes\fR, \fI.buildinfo\fP or +\fI.dsc\fR files. .TP \fB\-\-verbose\fR Do not suppress GPG output. diff --git a/scripts/dscverify.pl b/scripts/dscverify.pl index 97600856..8bc0857c 100755 --- a/scripts/dscverify.pl +++ b/scripts/dscverify.pl @@ -46,7 +46,7 @@ my $havegpg = first { !system('sh', '-c', "command -v $_ >/dev/null 2>&1") } qw sub usage { print <<"EOF"; -Usage: $progname [options] dsc-or-changes-file ... +Usage: $progname [options] changes-or-buildinfo-dsc-file ... Options: --help Display this message --version Display version and copyright information --keyring @@ -213,7 +213,7 @@ sub process_file { } } - my @spec = map { split /\n/ } $out =~ /^Files:\s*\n((?:[ \t]+.*\n)+)/mgi; + my @spec = map { split /\n/ } $out =~ /^(?:Checksums-Md5|Files):\s*\n((?:[ \t]+.*\n)+)/mgi; unless (@spec) { xwarn "no file spec lines in $file\n"; return; @@ -342,7 +342,7 @@ sub process_file { close FILE; - if ($filename =~ /\.dsc$/ && $verify_sigs) { + if ($filename =~ /\.(?:dsc|buildinfo)$/ && $verify_sigs) { $sigcheck = check_signature $filename, @rings; if ($sigcheck) { xwarn "$filename failed signature check:\n$sigcheck"; @@ -358,7 +358,7 @@ sub process_file { } sub main { - @ARGV or xdie "no .changes or .dsc files specified\n"; + @ARGV or xdie "no .changes, .buildinfo or .dsc files specified\n"; my @rings; @@ -416,7 +416,7 @@ sub main { 'verbose' => \$verbose, ) or do { usage; exit 1 }; - @ARGV or xdie "no .changes or .dsc files specified\n"; + @ARGV or xdie "no .changes, .buildinfo or .dsc files specified\n"; @rings = get_rings @rings if $use_default_keyrings and $verify_sigs; -- 2.11.0