Bug#26895: dpkg: NMU for GPG support

To: submit@bugs.debian.org
Subject: Bug#26895: dpkg: NMU for GPG support
From: "J.H.M. Dassen" <jdassen@wi.leidenuniv.nl>
Date: Mon, 21 Sep 1998 14:40:17 +0200
Message-id: <[🔎] 19980921144017.A24921@wi.LeidenUniv.nl>
Reply-to: "J.H.M. Dassen" <jdassen@wi.leidenuniv.nl>, 26895@bugs.debian.org
Package: dpkg
Version: 1.4.0.27

diff -r -u --new-file dpkg-1.4.0.27/debian/changelog dpkg-1.4.0.28/debian/changelog
--- dpkg-1.4.0.27/debian/changelog	Mon Jul 27 21:09:57 1998
+++ dpkg-1.4.0.28/debian/changelog	Mon Sep 21 13:17:18 1998
@@ -1,3 +1,18 @@
+dpkg (1.4.0.28) unstable; urgency=low
+
+  * Added gpg (GNU Privacy Guard) support:
+    * scripts/buildpackage.sh: default to GPG (unless no GPG, but only a PGP
+      secret key file is found), as GPG, unlike PGP, is DFSG-free.
+    * Updated dpkg-source(1), and added gpg(1) and pgp(1) to the SEE ALSO
+      section.
+    * Worked around broken textmode implementation in GPG.
+    * dpkg-dev now Suggests: gnupg .
+  * No longer includes developer-keys.pgp . Instead, dpkg now Suggests: and
+    dpkg-dev now Recommends: developer-keyring.
+  * Compiled with latest libstdc++ (2.9).
+
+ -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Mon, 21 Sep 1998 13:17:14 +0200
+
 dpkg (1.4.0.27) unstable; urgency=low
 
   * REALLY fixed dpkg-dev, and new attempt to placate installer on internals.
diff -r -u --new-file dpkg-1.4.0.27/debian/control dpkg-1.4.0.28/debian/control
--- dpkg-1.4.0.27/debian/control	Wed Jun 24 14:01:46 1998
+++ dpkg-1.4.0.28/debian/control	Mon Sep 14 22:07:39 1998
@@ -8,6 +8,7 @@
 Architecture: any
 Essential: yes
 Pre-Depends: ${shlibs:Pre-Depends}
+Suggests: developer-keyring
 Description: Package maintenance system for Debian Linux
  This package contains the programs which handle the installation and
  removal of packages on your system.
@@ -24,7 +25,8 @@
 Priority: important
 Architecture: all
 Depends: perl
-Recommends: cpio (>= 2.4.2-2), patch (>= 2.2-1), gcc, make
+Recommends: cpio (>= 2.4.2-2), patch (>= 2.2-1), gcc, make, developer-keyring
+Suggests: gnupg
 Conflicts: dpkgname
 Replaces: dpkgname, dpkg (<< 1.4.0)
 Description: Package building tools for Debian Linux
diff -r -u --new-file dpkg-1.4.0.27/debian/rules dpkg-1.4.0.28/debian/rules
--- dpkg-1.4.0.27/debian/rules	Mon Jul 27 21:12:31 1998
+++ dpkg-1.4.0.28/debian/rules	Mon Sep 14 19:23:12 1998
@@ -114,7 +114,7 @@
 	cp debian/copyright debian/tmp-dev/usr/doc/dpkg-dev/copyright
 	cp debian/dev-README debian/tmp-dev/usr/doc/dpkg-dev/README
 	set -e; for f in \
- usr/doc/dpkg/{internals.html,developer-keys.pgp,changelog.manuals.gz} \
+ usr/doc/dpkg/{internals.html,changelog.manuals.gz} \
  usr/bin/dpkg-{source,genchanges,gencontrol,shlibdeps,buildpackage,parsechangelog} \
  usr/bin/{dpkg-distaddfile,822-date,dpkg-scanpackages,dpkg-name} \
  usr/man/man1/dpkg-{source,genchanges,gencontrol,shlibdeps,buildpackage}.1.gz \
diff -r -u --new-file dpkg-1.4.0.27/doc/Makefile.am dpkg-1.4.0.28/doc/Makefile.am
--- dpkg-1.4.0.27/doc/Makefile.am	Wed Jun 24 14:07:12 1998
+++ dpkg-1.4.0.28/doc/Makefile.am	Mon Sep 14 19:24:49 1998
@@ -10,9 +10,9 @@
 ## Automake variables
 
 man_MANS		= deb.5 deb-old.5 deb-control.5
-pkgdoc_DATA		= developer-keys.pgp
+pkgdoc_DATA		= 
 EXTRA_DIST		= database-structure.fig changelog \
-			  manuals-version developer-keys.pgp \
+			  manuals-version \
 			  $(SGMLFILES) $(man_MANS) \
 			  texinfo.dtd \
 			  texinfo.texi_mapping texinfo.debian_mapping
Binary files dpkg-1.4.0.27/doc/developer-keys.pgp and dpkg-1.4.0.28/doc/developer-keys.pgp differ
diff -r -u --new-file dpkg-1.4.0.27/doc/manuals-version dpkg-1.4.0.28/doc/manuals-version
--- dpkg-1.4.0.27/doc/manuals-version	Fri Jul 24 22:16:06 1998
+++ dpkg-1.4.0.28/doc/manuals-version	Mon Sep 14 20:04:48 1998
@@ -1,2 +1,2 @@
-<!entity manuals-version "1.4.0.26.0.1">
-<!entity dpkg-version "1.4.0.26.0.1">
+<!entity manuals-version "1.4.0.28">
+<!entity dpkg-version "1.4.0.28">
diff -r -u --new-file dpkg-1.4.0.27/po/en.po dpkg-1.4.0.28/po/en.po
--- dpkg-1.4.0.27/po/en.po	Fri Jul 24 22:45:28 1998
+++ dpkg-1.4.0.28/po/en.po	Mon Sep 21 13:29:39 1998
@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 1998-07-24 16:38-0400\n"
+"POT-Creation-Date: 1998-09-21 13:24+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
diff -r -u --new-file dpkg-1.4.0.27/po/fr.po dpkg-1.4.0.28/po/fr.po
--- dpkg-1.4.0.27/po/fr.po	Fri Jul 24 22:45:29 1998
+++ dpkg-1.4.0.28/po/fr.po	Mon Sep 21 13:29:40 1998
@@ -17,7 +17,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: Debian dpkg 1.4.0.14\n"
-"POT-Creation-Date: 1998-07-24 16:38-0400\n"
+"POT-Creation-Date: 1998-09-21 13:24+0200\n"
 "PO-Revision-Date: 1997-05-13 22:07 EDT\n"
 "Last-Translator: Christophe Le Bars <clebars@debian.org>\n"
 "Language-Team: French\n"
diff -r -u --new-file dpkg-1.4.0.27/scripts/dpkg-buildpackage.sh dpkg-1.4.0.28/scripts/dpkg-buildpackage.sh
--- dpkg-1.4.0.27/scripts/dpkg-buildpackage.sh	Tue Jul 21 17:48:42 1998
+++ dpkg-1.4.0.28/scripts/dpkg-buildpackage.sh	Mon Sep 14 21:57:23 1998
@@ -13,7 +13,9 @@
 
 Usage: dpkg-buildpackage [options]
 Options: -r<gain-root-command>
-         -p<pgp-command>
+         -p<sign-command>
+         -sgpg         the sign-command is called like GPG
+         -spgp         the sign-command is called like PGP 
          -us           unsigned source
          -uc           unsigned changes
          -a<arch>      architecture field of the changes _file_name_
@@ -32,7 +34,13 @@
 }
 
 rootcommand=''
-pgpcommand=pgp
+signcommand=gpg
+warnpgp=''	# Display a warning to encourage switching to gpg?
+if [ -e $HOME/.pgp/secring.pgp -a ! -e $HOME/.gnupg/secring.gpg ] ; then
+	signcommand=pgp
+	warnpgp=yes
+fi
+signinterface=$signcommand
 signsource='withecho signfile'
 signchanges='withecho signfile'
 cleansource=false
@@ -50,9 +58,11 @@
 	case "$1" in
 	-h)	usageversion; exit 0 ;;
 	-r*)	rootcommand="$value" ;;
-	-p*)	pgpcommand="$value" ;;
-	-us)	signsource=: ;;
-	-uc)	signchanges=: ;;
+	-p*)	signcommand="$value"; warnpgp='' ;;
+	-sgpg)  signinterface=gpg ;;
+	-spgp)  signinterface=pgp ;;
+	-us)	signsource=: ; warnpgp='' ;;
+	-uc)	signchanges=: ; warnpgp='' ;;
 	-a*)    opt_a=1; arch="$value" ;;
 	-si)	sourcestyle=-si ;;
 	-sa)	sourcestyle=-sa ;;
@@ -70,12 +80,20 @@
 	shift
 done
 
+if test "X$warnpgp" = "Xyes" ; then
+  echo >&2 <<EOWARN
+The use of PGP for signing Debian packages is deprecated. Please switch to
+gpg (the GNU Privacy Guard), which is GPL-ed and does not require use
+of patented algorithms.
+EOWARN
+fi
+
 mustsetvar () {
 	if [ "x$2" = x ]; then
-		echo >&2 "$progname: unable to determine $3"
+		echo >&2 "$progname: unable to determine $3" ; \
 		exit 1
 	else
-		echo "$progname: $3 is $2"
+		echo "$progname: $3 is $2" ; \
 		eval "$1=\"\$2\""
 	fi
 }
@@ -94,7 +112,17 @@
 pva="${package}_${sversion}${arch:+_${arch}}"
 
 signfile () {
-	$pgpcommand -u "$maintainer" +clearsig=on -fast <"../$1" >"../$1.asc"
+	if test $signinterface = gpg ; then
+		# --textmode doesn't seem to work; we use perl to filter ^M;
+		# this doesn't affect the actual signature.
+		(cat "../$1" ; echo "") | \
+		$signcommand --local-user "$maintainer" --clearsign --armor \
+			--textmode --output - - | \
+			perl -n -p -e 's/\r$//' > "../$1.asc" 
+	else
+		$signcommand -u "$maintainer" +clearsig=on -fast <"../$1" \
+			>"../$1.asc"
+	fi
 	echo
 	mv -- "../$1.asc" "../$1"
 }
diff -r -u --new-file dpkg-1.4.0.27/scripts/dpkg-source.1 dpkg-1.4.0.28/scripts/dpkg-source.1
--- dpkg-1.4.0.27/scripts/dpkg-source.1	Wed Jun 24 13:54:18 1998
+++ dpkg-1.4.0.28/scripts/dpkg-source.1	Mon Sep 14 22:20:17 1998
@@ -519,24 +519,29 @@
 .B -c
 instead of passing arguments individually to the command to be run.
 .TP
-.BI -p pgp-command
+.BI -p sign-command
 When
 .B dpkg-buildpackage
-needs to execute PGP to sign a source control
+needs to execute GPG or PGP to sign a source control
 .RB ( .dsc )
 file or a
 .B .changes
 file it will run
-.I pgp-command
+.I sign-command
 (searching the
 .B PATH
 if necessary) instead of
-.BR pgp .
-.I pgp-command
+.BR gpg .
+.I sign-command
 will get all the arguments that
-.B pgp
-would have done.
-.I pgp-command
+.B gpg
+would have gotten. If
+.I sign-command
+takes its arguments in PGP rather than GPG style, you should give
+the
+.B -spgp
+option.
+.I sign-command
 should not contain spaces or any other shell metacharacters.
 .TP
 .B -tc
@@ -546,7 +551,7 @@
 after the package has been built.
 .TP
 .BR -us ", " -uc
-Do not PGP-sign the source package or the changelog, respectively.
+Do not sign the source package or the changelog, respectively.
 .SH DPKG-DISTADDFILE ARGUMENTS
 .B dpkg-distaddfile
 does not take any non-common options.  It takes three non-option
@@ -706,7 +711,7 @@
 
 It should be possible to specify spaces and shell metacharacters in
 and initial arguments for
-.IR gain-root-command " and " pgp-command .
+.IR gain-root-command " and " sign-command .
 .SH SEE ALSO
 .IR "Debian packaging manual" ,
 .br
@@ -714,7 +719,9 @@
 .br
 .BR dpkg\-deb (1),
 .BR dpkg (8),
-.BR dselect (8).
+.BR dselect (8),
+.BR gpg (1),
+.BR pgp (1).
 .SH AUTHOR
 The utilities and this manpage were written by Ian Jackson.  They are
 Copyright (C)1995-1996 by him and released under the GNU General
-- 
Ray Dassen <jdassen@wi.LeidenUniv.nl>
Reply to:
Prev by Date: Bug#26880: dpkg: Creating XF86Config during install freezes VT
Next by Date: Bug#26909: Uploaded dpkg 1.4.0.28 (source i386 all) to master
Previous by thread: Bug#26880: dpkg: Creating XF86Config during install freezes VT
Next by thread: Bug#26909: Uploaded dpkg 1.4.0.28 (source i386 all) to master
Index(es):
- Date
- Thread