Bug#333182: debarchiver: Not able to sign Release with gpg-key without passphrase

Mon, 10 Oct 2005 13:21:20 -0700 

Package: debarchiver
Version: 0.5.0
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The first bug is in the configuration file. Better use

  $signcmd = "/usr/lib/debarchiver/signhelper/signhelper.sh";

ATM the signcmd-default only contains the path
"/usr/lib/debarchiver/signhelper", which is confusing and of course
uncommenting the signcmd variable will not work out-of-the-box.

Then there is a bug in generateRelease(). The code is as follows

  if ($gpgkey) {
    cmdaction("$signcmd '$path/Release' '$path/Release.gpg' ".
              "'$gpgkey' '$gpgpassfile'",
              "Signing Release file for $path with key '$gpgkey'",
              3);
  }

But now the problem is, that if there is no gpgpassfile defined in
/etc/debarchiver.conf (e.g. the variable is commented out and not set to
""), gpgpassfile is set to null:

  if ($gpgpassfile) {
    $gpgpassfile = 0 if (! -f $gpgpassfile);
  }

which was necessary for the old code. But now this prevents the above
code/signhelper shell-script from working and need to be fixed. Simple
fix is, that gpgpassfile and gpgkey always need to be set together and
for keys without passphrase, gpgpassfile is "". I suggest, if
$gpgpassfile does not exist, gpgpassfile falls back to "" and the above
code snippet can be removed. Accaptable?

Regards, Daniel

- -- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (500, 
'oldstable'), (110, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.09050927
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)

Versions of packages debarchiver depends on:
ii  adduser                       3.67.2     Add and remove users and groups
ii  apt-utils                     0.6.41     APT utility programs
ii  dpkg-dev                      1.13.11    package building tools for Debian
ii  opalmod                       0.1.13     A set of Perl modules for various 

debarchiver recommends no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDSsu8dg0kG0+YFBERAoBGAJ4/XAoxHrM1Zsz0ic+qL0mCHFr/QACdFooc
c5n63tqrtdn8XWYkot2AJAE=
=aKsF
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to