[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debootstrap InRelease file support



On Fri, Sep 16, 2016 at 02:17:24PM -0400, Lennart Sorensen wrote:
> On Fri, Sep 16, 2016 at 02:06:51PM -0400, Lennart Sorensen wrote:
> > On Fri, Sep 16, 2016 at 08:02:10PM +0200, Julien Cristau wrote:
> > > On Fri, Sep 16, 2016 at 13:55:53 -0400, Lennart Sorensen wrote:
> > > 
> > > > On Fri, Sep 16, 2016 at 06:59:44PM +0200, Julien Cristau wrote:
> > > > > On Fri, Sep  2, 2016 at 20:35:12 +0200, Julien Cristau wrote:
> > > > > 
> > > > > > On Mon, Aug 15, 2016 at 12:12:02 +0200, Ansgar Burchardt wrote:
> > > > > > 
> > > > > > > If you restore support for `InRelease` and want to use `gpgv`, please
> > > > > > > split `InRelease` into two files, i.e. `Release` and `Release.gpg`, and
> > > > > > > verify that the signature actually covers all of `Release`.
> > > > > > > 
> > > > > > Here's an attempt at doing that.  Only lightly tested.
> > > > > > 
> > > > > Ansgar pointed out on IRC that so far nothing in debootstrap requires
> > > > > awk on the host.  I haven't found a way to kill the last newline with
> > > > > sed in a quick attempt, and I don't know how big of a deal requiring awk
> > > > > would be, so help welcome.
> > > > 
> > > > How about instead of the awk bit using:
> > > > 
> > > > sed '1,/^$/d;/^-----BEGIN PGP SIGNATURE-----$/,$d' < "$inreldest" > "$reldest"
> > > > 
> > > > At least that works for the InRelease in debian sid since it has a blank
> > > > line at the end of the PGP header before the Release file data.
> > > > 
> > > My problem is getting something that I can feed to gpgv to verify the
> > > signature, I don't think your command provides that.
> > 
> > Well it makes a Release file that is totally bit for bit identical to
> > the Release file that goes with Release.gpg
> > 
> > diff verified that.
> > 
> > So if gpgv wants something different than the original Release file,
> > then that's weird.
> 
> Wow, it does want the last newline removed.  That's just stupid.

If assuming gnu head or busybox head is available (head is certainly
assumed to exist), then one could do:

sed '1,/^$/d;/^-----BEGIN PGP SIGNATURE-----$/,$d' < "$inreldest" | head -c -1 > "$reldest"

But it is not pure posix compliant.  But it would work with both gnu
coreutils and busybox versions of head.

-- 
Len Sorensen


Reply to: