diff options
-rw-r--r-- | debian/changelog | 9 | ||||
-rw-r--r-- | functions | 29 | ||||
l--------- | scripts/zesty | 1 |
3 files changed, 32 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog index c746495..c04bb03 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,12 @@ debootstrap (1.0.85) UNRELEASED; urgency=medium + [ Julien Cristau ] + * Add support for downloading and validating InRelease files, by splitting + up detached signature from signed data. + + [ Colin Watson ] + * Add (Ubuntu) zesty as a symlink to gutsy. + [ Ansgar Burchardt ] * Add jessie-kfreebsd to merged-/usr blacklist. * No longer Build-Depend on makedev. The code using it was already @@ -15,7 +22,7 @@ debootstrap (1.0.85) UNRELEASED; urgency=medium [ Marco d'Itri ] * Enable merged-/usr by default. (Closes: #839046, #839162) - -- Ansgar Burchardt <ansgar@debian.org> Wed, 14 Sep 2016 01:03:58 +0200 + -- Julien Cristau <jcristau@debian.org> Fri, 02 Sep 2016 20:26:38 +0200 debootstrap (1.0.84) unstable; urgency=medium @@ -551,15 +551,32 @@ download_release_sig () { download_release_indices () { local m1="${MIRRORS%% *}" local reldest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/Release")" - local relsigdest + local inreldest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/InRelease")" + local relsigdest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/Release.gpg")" progress 0 100 DOWNREL "Downloading Release file" progress_next 100 - get "$m1/dists/$SUITE/Release" "$reldest" nocache || - error 1 NOGETREL "Failed getting release file %s" "$m1/dists/$SUITE/Release" - relsigdest="$TARGET/$($DLDEST rel "$SUITE" "$m1" "dists/$SUITE/Release.gpg")" - progress 100 100 DOWNREL "Downloading Release file" + if get "$m1/dists/$SUITE/InRelease" "$inreldest" nocache; then + sed -n '/^-----BEGIN PGP SIGNATURE-----$/,/^-----END PGP SIGNATURE-----$/p' < \ + "$inreldest" > "$relsigdest" + # We assume \a does not appear in the Release file, and strip + # the last \n through the tr round-trip. + sed '/^-----BEGIN PGP SIGNED MESSAGE-----$/,/^$/ d + /^-----BEGIN PGP SIGNATURE-----$/,/^-----END PGP SIGNATURE-----$/ d + ' < "$inreldest" | + tr '\n' '\a' | sed 's/\a$//' | tr '\a' '\n' > "$reldest" + progress 100 100 DOWNREL "Downloading Release file" + info RELEASESIG "Checking Release signature" + # Don't worry about the exit status from gpgv; parsing the output will + # take care of that. + (gpgv --status-fd 1 --keyring "$KEYRING" --ignore-time-conflict \ + "$relsigdest" "$reldest" || true) | read_gpg_status + else + get "$m1/dists/$SUITE/Release" "$reldest" nocache || + error 1 NOGETREL "Failed getting release file %s" "$m1/dists/$SUITE/Release" + progress 100 100 DOWNREL "Downloading Release file" - download_release_sig "$m1" "$reldest" "$relsigdest" + download_release_sig "$m1" "$reldest" "$relsigdest" + fi validate_suite "$reldest" diff --git a/scripts/zesty b/scripts/zesty new file mode 120000 index 0000000..3840936 --- /dev/null +++ b/scripts/zesty @@ -0,0 +1 @@ +gutsy
\ No newline at end of file |