Bug#232916: marked as done ([dpkg-buildpackage] Cannot sign packages with PGP any longer (-ppgp broken))
Your message dated Mon, 08 Mar 2004 14:47:04 -0500
with message-id <E1B0QiO-0002kw-00@newraff.debian.org>
and subject line Bug#232916: fixed in dpkg 1.10.19
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Feb 2004 19:38:27 +0000
>From jfs@dat.etsit.upm.es Sun Feb 15 11:38:27 2004
Return-path: <jfs@dat.etsit.upm.es>
Received: from dat.etsit.upm.es [138.100.17.73]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1AsS5y-00049S-00; Sun, 15 Feb 2004 11:38:26 -0800
Received: (qmail 32505 invoked by uid 1013); 15 Feb 2004 19:38:19 -0000
Date: Sun, 15 Feb 2004 20:38:19 +0100
From: Javier =?iso-8859-15?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <jfs@computer.org>
To: submit@bugs.debian.org
Subject: [dpkg-buildpackage] Cannot sign packages with PGP any longer (-ppgp broken)
Message-ID: <20040215193819.GA30997@dat.etsit.upm.es>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="iBwuxWUsK/REspAd"
Content-Disposition: inline
User-Agent: Mutt/1.5.5.1+cvs20040105i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_02_12
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no
version=2.60-bugs.debian.org_2004_02_12
X-Spam-Level:
--iBwuxWUsK/REspAd
Content-Type: multipart/mixed; boundary="+JUInw4efm7IfTNU"
Content-Disposition: inline
--+JUInw4efm7IfTNU
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: dpkg-dev
Version: 1.10.18
Priority: important
Tags: patch
Ok, here's the deal, I've been using pgp to sign my packages since I
started as a Debian maintainer (so I always run 'dpkg-buildpackage -ppgp')
, yesterday, however:
[This is a sample run with _very_ dummy package, it just has a barebones
debian/directory]
dpkg-deb: building package `dummy' in `../dummy_0.1_all.deb'.
signfile dummy_0.1.dsc
=20
You need a passphrase to unlock the secret key for
user: "Javier Fernandez-Sanguino Pen~a <jfs@computer.org>"
1024-bit RSA key, ID A436AD25, created 1997-11-17
=20
=20
dpkg-genchanges
dpkg-genchanges: error: syntax error in source control file=20
=2E./dummy_0.1.dsc at line 22: expected blank line before PGP signature
[!!!!]
Now, let's see dummy_0.1.dsc:
--------------------------dummy.dsc---------------------------------
1 -----BEGIN PGP SIGNED MESSAGE-----
2
3 Format: 1.0
4 Source: dummy
5 Version: 0.1
6 Binary: dummy
7 Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
8 Architecture: all
9 Standards-Version: 3.5.8
10 Files:
11 2bb5b874f34ca4eb5f64f3686aad28be 1294 dummy_0.1.tar.gz
12 -----BEGIN PGP SIGNATURE-----
13 Version: GnuPG v1.2.4 (GNU/Linux)
14
15 iQCVAwUBQC/GnftEPvakNq0lAQGdJAP/ch1475RDHKEvoixBgHwvATysGneM/+kR
16 Mulrl0ljbQRIyOb2wRqgUGKRySgCpNpxITMGcIL+nJdnJUtaYoo7nVnheCwbVec6
17 NQCU2xr3TIMPnvMuzVZIEkCdbEwzmqj2NUp/GqRn1UhN90y1u+/ueMIaPIs+uAbV
18 U4UgOQCqPO8=3D
19 =3Dl+Q3
20 -----END PGP SIGNATURE-----
--------------------------dummy.dsc--------------------------
Ok. I can build the package if I run 'dpkg-buildpackage -pgpg', so this=20
seems like an odd behaviour:
$ perl -d /usr/bin/dpkg-genchanges
=20
Loading DB routines from perl5db.pl version 1.23
Editor support available.
=20
Enter h or `h h' for help, or `man perldebug' for more help.
=20
main::(/usr/bin/dpkg-genchanges:3):
3: $dpkglibdir=3D"/usr/lib/dpkg"; # This line modified by Makefile
DB<1> r
dpkg-genchanges: error: syntax error in source control file=20
=2E./dummy_0.1.dsc at line 22: expected blank line before PGP signature
main::error('syntax error in source control file ../dummy_0.1.dsc=
=20
at line ...') called at /usr/lib/dpkg/controllib.pl line 309
main::syntax('expected blank line before PGP signature') called at=
=20
/usr/lib/dpkg/controllib.pl line 276
main::parsecdata('S',-1,'source control file ../dummy_0.1.dsc')=20
called at /usr/bin/dpkg-genchanges line 276
Debugged program terminated. Use q to quit or R to restart,
use O inhibit_exit to avoid stopping after program termination,
h q, h R or h O to get additional info.
If I manually introduce a blank line in the dsc file at line 12 in the dsc=
=20
file above the .changes file is generated properly (dpkg-genchanges does=20
not stop)
Now, the funny thing is that the signed .dsc file generated by gpg is:
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 Format: 1.0
5 Source: dummy
6 Version: 0.1
7 Binary: dummy
8 Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
9 Architecture: all
10 Standards-Version: 3.5.8
11 Files:
12 2dda1dc1024616425f5df0905984677d 1915 dummy_0.1.tar.gz
13
14 -----BEGIN PGP SIGNATURE-----
15 Version: GnuPG v1.2.4 (GNU/Linux)
16
17 iD8DBQFAL8X3sandgtyBSwkRAkE7AJoDzKJ2gqYgIdBQGpJ8JlNhzx+M9ACeJEsB
18 5kxNYphR0hiSRV6GqUOfMwo=3D
19 =3D/ZAY
20 -----END PGP SIGNATURE-----
And it does contain the blank line, but if I run gpg manually over the file
that blank file does not appear. Why so? Because dpkg-buildpackage's
signfile does the following:
(cat "../$1" ; echo "") | \
$signcommand --local-user "${signkey:-$maintainer}" --clearsign --a=
rmor \
--textmode > "../$1.asc"
The 'echo ""' there forces the introduction of a blank line, but this is=20
not done for pgp! Modifying signfile so that it is done for both fixes this=
=20
issue. Please apply the attached patch.
Regards
Javier
--+JUInw4efm7IfTNU
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: attachment; filename="dpkg-buildpackage.diff"
Content-Transfer-Encoding: quoted-printable
--- dpkg-buildpackage.orig 2004-02-15 20:32:11.000000000 +0100
+++ dpkg-buildpackage 2004-02-15 20:32:45.000000000 +0100
@@ -163,7 +163,8 @@
$signcommand --local-user "${signkey:-$maintainer}" --clearsign --armor \
--textmode > "../$1.asc"=20
else
- $signcommand -u "${signkey:-$maintainer}" +clearsig=3Don -fast <"../$1" \
+ (cat "../$1" ; echo "") | \
+ $signcommand -u "${signkey:-$maintainer}" +clearsig=3Don -fast \
>"../$1.asc"
fi
echo
--+JUInw4efm7IfTNU--
--iBwuxWUsK/REspAd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAL8qrsandgtyBSwkRApYmAJ9yGynkjCayl0fWYyIxxUz8Ksjc6QCeP4EL
6IFSPBAu32X0+o5QiK9GLr4=
=T8ag
-----END PGP SIGNATURE-----
--iBwuxWUsK/REspAd--
---------------------------------------
Received: (at 232916-close) by bugs.debian.org; 8 Mar 2004 19:53:54 +0000
>From katie@ftp-master.debian.org Mon Mar 08 11:53:54 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1B0Qp0-0003HP-00; Mon, 08 Mar 2004 11:53:54 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1B0QiO-0002kw-00; Mon, 08 Mar 2004 14:47:04 -0500
From: Scott James Remnant <scott@netsplit.com>
To: 232916-close@bugs.debian.org
X-Katie: $Revision: 1.44 $
Subject: Bug#232916: fixed in dpkg 1.10.19
Message-Id: <E1B0QiO-0002kw-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Mon, 08 Mar 2004 14:47:04 -0500
Delivered-To: 232916-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_08
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=HAS_BUG_NUMBER autolearn=no
version=2.60-bugs.debian.org_2004_03_08
X-Spam-Level:
Source: dpkg
Source-Version: 1.10.19
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:
dpkg-dev_1.10.19_all.deb
to pool/main/d/dpkg/dpkg-dev_1.10.19_all.deb
dpkg-doc_1.10.19_all.deb
to pool/main/d/dpkg/dpkg-doc_1.10.19_all.deb
dpkg_1.10.19.dsc
to pool/main/d/dpkg/dpkg_1.10.19.dsc
dpkg_1.10.19.tar.gz
to pool/main/d/dpkg/dpkg_1.10.19.tar.gz
dpkg_1.10.19_i386.deb
to pool/main/d/dpkg/dpkg_1.10.19_i386.deb
dselect_1.10.19_i386.deb
to pool/main/d/dpkg/dselect_1.10.19_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 232916@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott James Remnant <scott@netsplit.com> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 8 Mar 2004 19:05:32 +0000
Source: dpkg
Binary: dpkg-doc dpkg dselect dpkg-dev dpkg-static
Architecture: source all i386
Version: 1.10.19
Distribution: unstable
Urgency: high
Maintainer: Dpkg Development <debian-dpkg@lists.debian.org>
Changed-By: Scott James Remnant <scott@netsplit.com>
Description:
dpkg - Package maintenance system for Debian
dpkg-dev - Package building tools for Debian
dpkg-doc - Dpkg Internals Documentation
dselect - a user tool to manage Debian packages
Closes: 139781 157437 168443 170953 190611 199489 199693 211566 213038 213543 213846 217286 217943 221989 222760 225692 228253 228379 232025 232916 235266
Changes:
dpkg (1.10.19) unstable; urgency=high
.
* Distinguish unmet build dependencies from build conflicts.
Closes: #217943, #235266.
* Force NULL-termination of all tar file entry names. Closes: #232025.
* Allow dselect to use the full window width. Closes: #139781.
* Pass correct number of arguments for format string when out of disk
space. Closes: #213038, #217286, #213543, #213846.
* Remove duplicated entries from ChangeLog. Closes: #157437.
* Fix dpkg-buildpackage when used with PGP. Closes: #232916.
* Update support for Debian FreeBSD. Closes: #211566.
* Store Architecture in the status file. Closes: #228253.
* Don't print offending lines in md5sum. Closes: #170953.
* Check bounds of md5sum lines. Closes: #168443, #199489, #199693.
.
dpkg (1.10.18.1) unstable; urgency=medium
.
* Non-maintainer upload to fix release-critical bugs.
* Terminate string buffer in main/remove.c. Closes: #228379.
* Prevent stashing of hardlinked devices and setuid or setgid binaries
by removing permissions on upgrade as well as on remove.
Closes: #225692.
* Update dpkg conflicts to << 1.10, instead of 1.9.
Closes: #190611, #221989, #222760.
Files:
5a4c39cb6903694ec7ff0ebcd5afc33d 798 base required dpkg_1.10.19.dsc
a735a1f14cc985ad083b46bce425001b 1547265 base required dpkg_1.10.19.tar.gz
86386707c685a60c4132def2494b3657 1086080 base required dpkg_1.10.19_i386.deb
5bf8ab50684b58b8619f2c7d982ac47f 95024 base required dselect_1.10.19_i386.deb
088fe395e33835351e2ccdc3f8122a31 114618 utils standard dpkg-dev_1.10.19_all.deb
294b7c2bf86172671a91b050c6db8a1a 10636 doc optional dpkg-doc_1.10.19_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFATMchIexP3IStZ2wRAoQRAJ0Q5CxELST85r5oNEY3nnZE6TB/mgCggxyX
0sfA6HaAPzloTBPKab+L3nw=
=R85a
-----END PGP SIGNATURE-----
Reply to: