debsigs (0.1.26)
[PTS] [DDPO]
COMMITS: VCS has seen 12 commits since the archive/debian/0.1.26 tag
- Git: https://gitlab.com/debsigs/debsigs.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 565248
- Browser: https://gitlab.com/debsigs/debsigs
- Last scan: 2024-07-16 03:22:12+00
- Next scan: 2024-07-17 00:46:00+00
- Debian changelog in Git:
debsigs (0.1.26) unstable; urgency=medium
* Declare compliance with Debian Policy 4.6.0 with no changes.
* Add the year 2021 to my debian/* copyright notice.
* Explicitly declare dh-sequence-single-binary as a virtual build
dependency.
* Regenerate the signing-policy.txt file during the build.
* Correct some typographical errors in the signing policy document.
* Fix listing signatures with GnuPG 2. Closes: #988368
-- Peter Pentchev <roam@debian.org> Wed, 29 Dec 2021 16:46:40 +0200
- This branch is 12 commits ahead of tag archive/debian/0.1.26
- Git log:
commit dfda18c439d31437518f2b1c3030d60fb3b550b4
Author: Peter Pentchev <roam@debian.org>
Date: Tue Jul 9 01:12:27 2024 +0300
testsigs: minor match/case refactoring
commit 3858401c33778c8dc6323c43b3ed7c34f825b5be
Author: Peter Pentchev <roam@debian.org>
Date: Mon Jul 8 20:39:15 2024 +0300
Add a Python tool that builds `debsigs` and runs the test tool
Prepare for a future in which there is more than one debsigs implementation.
commit 160c90fd830a4530f4cb862af04300f5cb9806e4
Author: Peter Pentchev <roam@debian.org>
Date: Sat Jul 6 12:04:06 2024 +0300
Add a Python test tool
Add a Python tool (python/tests/testsigs/) that:
- creates a temporary directory
- points HOME to a temporary location within that directory for GnuPG's benefit
- uses a stateless OpenPGP tool to create a keypair
- imports that keypair into GnuPG's store in the temporary home directory
- downloads a Debian package
- signs it
- verifies the signature using debsigs's new --verify implementation
- generates a debsig-verify policy and verifies the signature using that, too
commit 5c843dcd283357c56531b41317faa98a12084eb8
Author: Peter Pentchev <roam@debian.org>
Date: Mon Jul 8 23:28:54 2024 +0300
Also support zstd-compressed archives
This is similar to the !7 merge request, but the code was reorganized, and
also the merge request combines two changes into one.
Closes: #3
commit fcc521d8e42073e26c39a322a15a49addb003ebe
Author: Peter Pentchev <roam@debian.org>
Date: Mon Jul 8 23:28:33 2024 +0300
DRY: only define the control/data member regular expressions once
commit 92ba672f3ac02d90cba5d26c096a4d0d88b2d104
Author: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Sun Sep 26 20:03:11 2021 -0600
Implement verify mode.
commit eb3b211ec58f82f12785c9a24022962493b0e341
Author: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Sun Sep 26 19:31:20 2021 -0600
Use mkdtemp() to create the temp dir instead of using a predictable name.
commit 0ff7d54fcc1f73ad78bc539e24a0a024876e28da
Author: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Sun Sep 26 19:51:18 2021 -0600
Do not hard-code the path to gpg.
There's no need to do this as perl will use execvp() which searches PATH.
commit b2977db7abcb227e93cf0935d10c4e6bc3e23098
Author: Peter Pentchev <roam@debian.org>
Date: Mon Jul 8 20:59:26 2024 +0300
Use Perl's version module and switch to a semver-like v0.2.0
commit 5ffc00ca32afe25881f5f98130791dffc1779fbf
Author: Peter Pentchev <roam@debian.org>
Date: Mon Jul 8 20:56:58 2024 +0300
Bump the --version output to 0.2.0
Dropping the `--openpgp` command-line option is an incompatible change in
the behavior of debsigs, even though (in combination with the newly-fixed
`--gpgopts` one) it allows for a better user experience.
commit 75c6c8f96e6cdc33bca9c5f32195b68ff35bc32f
Author: Peter Pentchev <roam@debian.org>
Date: Mon Jul 8 20:51:22 2024 +0300
Do not pass --openpgp to GnuPG any more
Unfortunately, right now the normative RFC for OpenPGP specifies
outdated algorithms, e.g. mandatory SHA1 as a digest algorithm.
Thus, passing the `--openpgp` option to GnuPG does more harm than
good right now, especially as the external `debsig-verify` tool
has rejected SHA1 signatures since 2021.
Closes: #2
commit 160138f5de1ec110376d3c807b60a37388bc7c90
Author: Peter Pentchev <roam@debian.org>
Date: Mon Jul 8 20:48:54 2024 +0300
Actually pass the options specified in --gpgopts to GnuPG
This implementation is similar to the !1 merge request (thanks!), but
it uses the Text::ParseWords module from the Perl standard library to
parse the argument to --gpgopts as one or more arguments for GnuPG,
allowing shell-style word quoting and escaping.
Closes: #1