tags 871809 + patch
thanks
Hi,
> I will implement this soon, this doesn't seem to be too hard
> to do.
Beat you to it, I think! I've attached:
commit 24549c61be4c0eea1495e3508377bf46d162230f
Author: Chris Lamb <la...@debian.org>
Date: Sun Aug 20 16:25:45 2017 -0700
Support storing and retrieval of upstream signatures. (Closes: #871809)
This commit adds support for optionally storing and regenerating an
upstream signature with the tarball so that it can be verified by,
for example, dpkg-source(1).
Regardless of the original signature filename provided, it is always
stored alongside the .delta and .id files as .sig for deterministic
retrieval.
The existing behaviour of pristine-tar is unchanged unless you specify
the `-s` option; in particular, extraction of signatures is not performed
by default - one must specify the filename. This is to prevent breaking
existing behaviour.
README | 3 +++
debian/control | 3 +++
pristine-tar | 59
+++++++++++++++++++++++++++++++++++++++++++++++-----------
3 files changed, 54 insertions(+), 11 deletions(-)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
>From 24549c61be4c0eea1495e3508377bf46d162230f Mon Sep 17 00:00:00 2001
From: Chris Lamb <la...@debian.org>
Date: Sun, 20 Aug 2017 16:25:45 -0700
Subject: [PATCH] Support storing and retrieval of upstream signatures.
(Closes: #871809)
This commit adds support for optionally storing and regenerating an
upstream signature with the tarball so that it can be verified by,
for example, dpkg-source(1).
Regardless of the original signature filename provided, it is always
stored alongside the .delta and .id files as .sig for deterministic
retrieval.
The existing behaviour of pristine-tar is unchanged unless you specify
the `-s` option; in particular, extraction of signatures is not performed
by default - one must specify the filename. This is to prevent breaking
existing behaviour.
---
README | 3 +++
debian/control | 3 +++
pristine-tar | 59 +++++++++++++++++++++++++++++++++++++++++++++++-----------
3 files changed, 54 insertions(+), 11 deletions(-)
diff --git a/README b/README
index c792882..710c2ff 100644
--- a/README
+++ b/README
@@ -9,3 +9,6 @@ The delta file is designed to be checked into revision control along-side the
upstream branch, thus allowing Debian packages to be built entirely using
sources in revision control, without the need to keep copies of upstream
tarballs. See `delta-format.txt` for details on the format of the delta file.
+
+An optional upstream signature may be attached to tarballs for verification
+by, for example, dpkg-source(1).
diff --git a/debian/control b/debian/control
index 35e3a4a..dab3b3f 100644
--- a/debian/control
+++ b/debian/control
@@ -37,3 +37,6 @@ Description: regenerate pristine tarballs
the upstream branch, thus allowing Debian packages to be built entirely
using sources in revision control, without the need to keep copies of
upstream tarballs.
+ .
+ An optional upstream signature may be attached to tarballs for verification
+ by, for example, dpkg-source(1).
diff --git a/pristine-tar b/pristine-tar
index d4f4b0e..fe61388 100755
--- a/pristine-tar
+++ b/pristine-tar
@@ -10,7 +10,7 @@ B<pristine-tar> [-vdk] gendelta I<tarball> I<delta>
B<pristine-tar> [-vdk] gentar I<delta> I<tarball>
-B<pristine-tar> [-vdk] [-m message] commit I<tarball> [I<upstream>]
+B<pristine-tar> [-vdk] [-m message] [-s signaturefile] commit I<tarball> [I<upstream>]
B<pristine-tar> [-vdk] checkout I<tarball>
@@ -120,6 +120,14 @@ Don't clean up the temporary directory on exit.
Use this option to specify a custom commit message to pristine-tar commit.
+=item -s signaturefile
+
+=item --signature-file=signaturefile
+
+Use this option to optionally commit or checkout an upstream signature
+file for the tarball. Note that extraction of signatures is not
+performed by default.
+
=back
=head1 EXAMPLES
@@ -198,6 +206,7 @@ use Pristine::Tar;
use Pristine::Tar::Delta;
use Pristine::Tar::Formats;
use Pristine::Tar::DeltaTools;
+use File::Copy;
use File::Path;
use File::Basename;
use Cwd qw{getcwd abs_path};
@@ -226,7 +235,7 @@ use constant {
XDELTA_LONG => "2.0"
};
-my $message;
+my ($message, $signature_file);
my $genversion =
version_from_env(XDELTA3, "xdelta" => XDELTA, "xdelta3" => XDELTA3);
@@ -243,7 +252,8 @@ dispatch(
verify => [ \&verify, 1 ],
},
options => {
- "m|message=s" => \$message,
+ "m|message=s" => \$message,
+ "s|signature-file=s" => \$signature_file,
},
);
@@ -251,8 +261,9 @@ sub usage {
print STDERR "Usage: pristine-tar [-vdk] gendelta tarball delta\n";
print STDERR " pristine-tar [-vdk] gentar delta tarball\n";
print STDERR
- " pristine-tar [-vdk] [-m message] commit tarball [upstream]\n";
- print STDERR " pristine-tar [-vdk] checkout tarball\n";
+" pristine-tar [-vdk] [-m message] [-s signaturefile] commit tarball [upstream]\n";
+ print STDERR
+ " pristine-tar [-vdk] [-s signaturefile] checkout tarball\n";
print STDERR " pristine-tar [-vdk] verify tarball\n";
print STDERR " pristine-tar list\n";
exit 1;
@@ -780,8 +791,9 @@ sub checkoutdelta {
my $branch = "pristine-tar";
my $deltafile = basename($tarball) . ".delta";
my $idfile = basename($tarball) . ".id";
+ my $sigfile = basename($tarball) . ".asc";
- my ($delta, $id);
+ my ($delta, $id, $signature);
my $vcs = vcstype();
if ($vcs eq "git") {
@@ -810,11 +822,19 @@ sub checkoutdelta {
if (!length $id) {
error "git show $branch:$idfile returned no id";
}
+ if (defined $signature_file) {
+ # We only extract the signature if the user specifically requested
+ # it and we assume the data will fit comfortably into memory.
+ $signature = `git show $branch:\Q$sigfile\E`;
+ if ($?) {
+ error "git show $branch:$sigfile failed";
+ }
+ }
} else {
die "unsupported vcs $vcs";
}
- return ($delta, $id);
+ return ($delta, $id, $signature);
}
sub commitdelta {
@@ -825,6 +845,7 @@ sub commitdelta {
my $branch = "pristine-tar";
my $deltafile = basename($tarball) . ".delta";
my $idfile = basename($tarball) . ".id";
+ my $sigfile = basename($tarball) . ".asc";
my $commit_message =
defined $message
? $message
@@ -839,6 +860,9 @@ sub commitdelta {
open(OUT, ">$tempdir/$idfile") || die "$tempdir/$idfile: $!";
print OUT "$id\n";
close OUT;
+ if (defined $signature_file) {
+ copy($signature_file, "$tempdir/$sigfile") || die "$tempdir/$sigfile: $!";
+ }
# Commit the delta to a branch in git without affecting the
# index, and without touching the working tree. Aka deep
@@ -867,6 +891,9 @@ sub commitdelta {
"git ls-tree -r --full-name $branch | git update-index --index-info");
}
doit("git", "update-index", "--add", $deltafile, $idfile);
+ if (defined $signature_file) {
+ doit("git", "update-index", "--add", $sigfile);
+ }
my $sha = `git write-tree`;
if ($?) {
error("git write-tree failed");
@@ -910,6 +937,9 @@ sub commit {
}
check_file_exists($tarball);
+ if (defined $signature_file) {
+ check_file_exists($signature_file);
+ }
my $tempdir = tempdir();
my ($sourcedir, $id) = export($upstream);
@@ -937,7 +967,7 @@ sub checkout {
check_directory_exists(dirname($tarball));
- my ($delta, $id) = checkoutdelta($tarball);
+ my ($delta, $id, $signature) = checkoutdelta($tarball);
my ($sourcedir, undef) = export($id);
my $pid = open(GENTAR, "|-");
if (!$pid) {
@@ -950,6 +980,13 @@ sub checkout {
print GENTAR $delta;
close GENTAR || error "failed to generate tarball";
message("successfully generated $tarball") unless $opts{quiet};
+
+ if (defined $signature_file) {
+ open(OUT, ">$signature_file") || die "$signature_file: $!";
+ print OUT $signature;
+ close OUT;
+ message("successfully generated $signature_file") unless $opts{quiet};
+ }
}
sub list {
@@ -975,7 +1012,7 @@ sub verify {
check_file_exists($tarball);
- my ($deltadata, $id) = checkoutdelta($tarball);
+ my ($deltadata, $id, undef) = checkoutdelta($tarball);
my $deltafile = File::Temp->new();
print $deltafile $deltadata;
@@ -988,14 +1025,14 @@ sub verify {
sub check_directory_exists {
my $dirname = shift;
if (!-d $dirname) {
- error "The directory $dirname does not exist.";
+ error "The directory $dirname does not exist.";
}
}
sub check_file_exists {
my $filename = shift;
if (!$filename eq "-" and !-f $filename) {
- error "The file $filename does not exist.";
+ error "The file $filename does not exist.";
}
}
--
2.14.1
