dpkg-buildpackage: Do not pipe the files to sign to GnuPG

When GnuPG uses the gpg-agent it is unable to detect the correct tty
configuration if stdin is a pipe instead of the current terminal.

Copy the file to sign to a temporary directory and append to it a
newline, and pass that as an actual command-line argument.

Closes: #762391

1 files changed, 18 insertions, 10 deletions

diff --git a/scripts/dpkg-buildpackage.pl b/scripts/dpkg-buildpackage.pl
index eb044419e..f67865980 100755
--- a/scripts/dpkg-buildpackage.pl
+++ b/scripts/dpkg-buildpackage.pl
@@ -25,7 +25,9 @@ use warnings;
 
 use Carp;
 use Cwd;
+use File::Temp qw(tempdir);
 use File::Basename;
+use File::Copy;
 use POSIX qw(:sys_wait_h);
 
 use Dpkg ();
@@ -663,21 +665,27 @@ sub run_hook {
 
 sub signfile {
     my ($file) = @_;
+
     print { *STDERR } " signfile $file\n";
-    my $qfile = quotemeta($file);
 
-    system("(cat ../$qfile ; echo '') | " .
-           "$signcommand --utf8-strings --local-user " .
-           quotemeta($signkey || $maintainer) .
-           " --clearsign --armor --textmode  > ../$qfile.asc");
+    my $signdir = tempdir('dpkg-sign.XXXXXXXX', CLEANUP => 1);
+    my $signfile = "$signdir/$file";
+
+    # Make sure the file to sign ends with a newline.
+    copy("../$file", $signfile);
+    open my $signfh, '>>', $signfile or syserr(_g('cannot open %s'), $signfile);
+    print { $signfh } "\n";
+    close $signfh or syserr(_g('cannot close %s'), $signfile);
+
+    system($signcommand, '--utf8-strings', '--textmode', '--armor',
+           '--local-user', $signkey || $maintainer, '--clearsign',
+           '--output', "$signfile.asc", $signfile);
     my $status = $?;
-    unless ($status) {
-	system('mv', '--', "../$file.asc", "../$file")
+    if ($status == 0) {
+	system('mv', '--', "$signfile.asc", "../$file")
 	    and subprocerr('mv');
-    } else {
-	system('rm', '-f', "../$file.asc")
-	    and subprocerr('rm -f');
     }
+
     print "\n";
     return $status
 }