diff options
| author | Guillem Jover <guillem@debian.org> | 2015-03-15 00:41:59 +0100 |
|---|---|---|
| committer | Guillem Jover <guillem@debian.org> | 2016-04-01 00:44:43 +0200 |
| commit | 94e11e11b5a77d3be7b049316971a9b617b5cc54 (patch) | |
| tree | 8d57078af923b7b04b2daf7efe3517501da85856 | |
| parent | ccc09502395899eef8def40f4ef9b28cec74899e (diff) | |
| download | dpkg-94e11e11b5a77d3be7b049316971a9b617b5cc54.tar.gz | |
dpkg: Search for debsig-verify in PATH instead of using an absolute path
Check that the command exists in the PATH before using it. This makes it
future proof, and friendlier to other systems that might not be using
the same filesystem layout.
It also makes it possible to use a local debsig-verify in a path such as
/usr/local/bin.
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | lib/dpkg/dpkg.h | 2 | ||||
| -rw-r--r-- | src/unpack.c | 7 |
3 files changed, 6 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog index 4cbdffe56..dd063e4f1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -43,6 +43,7 @@ dpkg (1.18.5) UNRELEASED; urgency=medium Closes: #719845 - Use it with dpkg --recursive option. * Unify start-stop-daemon --help output with the rest of the tools. + * Search for debsig-verify in PATH instead of using an absolute path. * Portability: - Move DPKG_ADMINDIR environment variable name out from update-alternatives code, to make life easier for non-dpkg-based systems. diff --git a/lib/dpkg/dpkg.h b/lib/dpkg/dpkg.h index 769a30232..c7ada8a3b 100644 --- a/lib/dpkg/dpkg.h +++ b/lib/dpkg/dpkg.h @@ -104,7 +104,7 @@ DPKG_BEGIN_DECLS #define DPKGSTAT "dpkg-statoverride" #define DPKGTRIGGER "dpkg-trigger" #define DPKG "dpkg" -#define DEBSIGVERIFY "/usr/bin/debsig-verify" +#define DEBSIGVERIFY "debsig-verify" #define RM "rm" #define CAT "cat" diff --git a/src/unpack.c b/src/unpack.c index 8d10cc5b9..04594daad 100644 --- a/src/unpack.c +++ b/src/unpack.c @@ -129,17 +129,18 @@ deb_reassemble(const char **filename, const char **pfilename) static void deb_verify(const char *filename) { - struct stat stab; pid_t pid; - if (stat(DEBSIGVERIFY, &stab) < 0) + /* We have to check on every unpack, in case the debsig-verify package + * gets installed or removed. */ + if (!find_command(DEBSIGVERIFY)) return; printf(_("Authenticating %s ...\n"), filename); fflush(stdout); pid = subproc_fork(); if (!pid) { - execl(DEBSIGVERIFY, DEBSIGVERIFY, "-q", filename, NULL); + execlp(DEBSIGVERIFY, DEBSIGVERIFY, "-q", filename, NULL); ohshite(_("unable to execute %s (%s)"), _("package signature verification"), DEBSIGVERIFY); } else { |