[lintian] 02/02: Check for the presence of a signature if an upstream signing key is present. (Closes: #833585)
This is an automated email from the git hooks/post-receive script.
lamby pushed a commit to branch lamby/wip/upstream-signing-833585
in repository lintian.
commit 7b93b9471778f2e6fe5bccdd1272f42ff9674312
Author: Chris Lamb <lamby@debian.org>
Date: Sun Jul 16 09:28:39 2017 +0100
Check for the presence of a signature if an upstream signing key is present. (Closes: #833585)
---
checks/changes-file.desc | 7 +++++++
checks/changes-file.pm | 24 +++++++++++++++++++++-
debian/changelog | 3 +++
...nges-file-missing-upstream-signature.changes.in | 21 +++++++++++++++++++
...s-file-missing-upstream-signature.debian.tar.xz | 0
.../changes-file-missing-upstream-signature.desc | 5 +++++
...ges-file-missing-upstream-signature.orig.tar.xz | 0
.../changes-file-missing-upstream-signature.tags | 0
8 files changed, 59 insertions(+), 1 deletion(-)
diff --git a/checks/changes-file.desc b/checks/changes-file.desc
index 4506ccc..48515f7 100644
--- a/checks/changes-file.desc
+++ b/checks/changes-file.desc
@@ -179,3 +179,10 @@ Info: The distribution in the <tt>Changes</tt> field copied from
<tt>debian/changelog</tt> indicates that this package was not intended
to be released yet.
Ref: #542747
+
+Tag: orig-tarball-missing-upstream-signature
+Severity: important
+Certainty: certain
+Info: The packaging includes an upstream signing key but the corresponding
+ <tt>.asc</tt> signature for one or more source tarballs are not included
+ in your .changes file.
diff --git a/checks/changes-file.pm b/checks/changes-file.pm
index 4b56525..3b215f9 100644
--- a/checks/changes-file.pm
+++ b/checks/changes-file.pm
@@ -29,9 +29,10 @@ use Lintian::Data;
use Lintian::Util qw(get_file_checksum);
my $KNOWN_DISTS = Lintian::Data->new('changes-file/known-dists');
+my $SIGNING_KEY_FILENAMES = Lintian::Data->new('common/signing-key-filenames');
sub run {
- my (undef, undef, $info) = @_;
+ my (undef, undef, $info, undef, $group) = @_;
# If we don't have a Format key, something went seriously wrong.
# Tag the file and skip remaining processing.
@@ -175,12 +176,33 @@ sub run {
check_maintainer($info->field('changed-by'), 'changed-by');
}
+ my $has_signing_key = 1;
+ my $src = $group->get_source_processable;
+ if ($src) {
+ for my $key_name ($SIGNING_KEY_FILENAMES->all) {
+ my $path = $src->info->index_resolved_path("debian/$key_name");
+ if ($path and $path->is_file) {
+ $has_signing_key = 1;
+ last;
+ }
+ }
+ }
+
my $files = $info->files;
my $path = readlink($info->lab_data_path('changes'));
$path =~ s#/[^/]+$##;
foreach my $file (keys %$files) {
my $file_info = $files->{$file};
+ # Ensure orig tarballs have a signature if we have an upstream
+ # signature.
+ if ( $has_signing_key
+ && $file =~ m/\.orig\.tar\./
+ && $file !~ m/\.asc$/
+ && not exists $files->{"$file.asc"}) {
+ tag 'orig-tarball-missing-upstream-signature', "$file";
+ }
+
# check section
if ( ($file_info->{section} eq 'non-free')
or ($file_info->{section} eq 'contrib')) {
diff --git a/debian/changelog b/debian/changelog
index a252b91..f619c70 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,9 @@ lintian (2.5.52) UNRELEASED; urgency=medium
+ [NT] Remove check for missing versioned build-depends for dpkg
and debhlper when using Build-Profiles. The necessary versions
are now in oldstable.
+ * checks/changes-file.{desc,pm}:
+ + [CL] Check for the presence of a signature if an upstream signing
+ key is present. (Closes: #833585)
* checks/copyright-file.{desc,pm}:
+ [CL] Rename copyright-contains-dh-make-perl-boilerplate to
copyright-contains-automatically-extracted-boilerplate as it can
diff --git a/t/changes/changes-file-missing-upstream-signature.changes.in b/t/changes/changes-file-missing-upstream-signature.changes.in
new file mode 100644
index 0000000..f4d6250
--- /dev/null
+++ b/t/changes/changes-file-missing-upstream-signature.changes.in
@@ -0,0 +1,21 @@
+Format: 1.8
+Date: {$date}
+Source: {$source}
+Binary: {$source}
+Architecture: source all
+Version: {$version}
+Distribution: unstable
+Urgency: low
+Maintainer: {$author}
+Changed-By: {$author}
+Files:
+ d41d8cd98f00b204e9800998ecf8427e 0 devel optional {$source}.orig.tar.xz
+ d41d8cd98f00b204e9800998ecf8427e 0 devel optional {$source}.debian.tar.xz
+Checksums-Sha1:
+ da39a3ee5e6b4b0d3255bfef95601890afd80709 0 {$source}.orig.tar.xz
+ da39a3ee5e6b4b0d3255bfef95601890afd80709 0 {$source}.debian.tar.xz
+Checksums-Sha256:
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0 {$source}.orig.tar.xz
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0 {$source}.debian.tar.xz
+Description:
+ {$source} - {$description}
diff --git a/t/changes/changes-file-missing-upstream-signature.debian.tar.xz b/t/changes/changes-file-missing-upstream-signature.debian.tar.xz
new file mode 100644
index 0000000..e69de29
diff --git a/t/changes/changes-file-missing-upstream-signature.desc b/t/changes/changes-file-missing-upstream-signature.desc
new file mode 100644
index 0000000..a491288
--- /dev/null
+++ b/t/changes/changes-file-missing-upstream-signature.desc
@@ -0,0 +1,5 @@
+Testname: changes-file-missing-upstream-signature
+Version: 1.0
+Description: Check presence of a signature if we have an upstream signing key
+Test-Against:
+ orig-tarball-missing-upstream-signature
diff --git a/t/changes/changes-file-missing-upstream-signature.orig.tar.xz b/t/changes/changes-file-missing-upstream-signature.orig.tar.xz
new file mode 100644
index 0000000..e69de29
diff --git a/t/changes/changes-file-missing-upstream-signature.tags b/t/changes/changes-file-missing-upstream-signature.tags
new file mode 100644
index 0000000..e69de29
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: