| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
We need to pass this option forward to the verify_signature() calls,
otherwise we use the default.
Fixes: commit 139dfc4c78593d995610c0aa180300a9a7dd94ac
Fixes: commit 3821f024d92aabf24a333025c1c1956d8a45e718
|
|
|
|
These were referring to the type and not the instance, which makes
using the incorrect nomenclature confusing.
|
|
This makes sure we execute the handlers on normal errors, and can thus
remove the traps from several functions to run the handlers and to then
rethrow the exception.
|
|
Bump module version to 2.00.
|
|
The previous default patch header does not make sense for a conglomerate
patch. Instead provide a more suitable default, that can always be
overridden with either the local-patch-header or patch-header files.
Closes: #933152
|
|
When we are building the source package, while detecting whether there
is any original upstream tarball signature to be included in the .dsc,
it's the best time to verify them, so that when the .dsc gets eventually
signed there's a certification path for the maintainer that they are
including what they expected to be there.
|
|
|
|
We use cp() in Dpkg::Source::Package to preserve the file attributes,
but just move() in dpkg-buildpackage where it does not matter.
|
|
|
|
The current default in Debian and anywhere else is to use unversioned
GnuPG 2.x binaries, so there's no need anymore to try these first or at
all.
|
|
On source format 1.0, the default is for the debian/source/format file
not being present, which means we'll start with an empty Format field
name.
Fixes: commit d1d35a56e401181b6d15baf474a7db21d3372a65
|
|
Using -sA by default means the user might lose data on overwrite if
there is already a directory with the same name laying around.
Closes: #910737
|
|
Closes: #921031
Fixes: commit d1d35a56e401181b6d15baf474a7db21d3372a65
Diagnosed-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
|
|
This move all ad-hoc code to use the new Dpkg::Source::Format module.
|
|
This new public module centralizes the handling of debian/source/format
so that other projects can reuse it instead of having to reimplement it.
Prompted-by: Mattia Rizzolo <mattia@debian.org>
Ref: https://salsa.debian.org/debian/devscripts/merge_requests/63
|
|
Make the regex more strict and decompose it right away instead of doing
a second pass over it. Only initialize minor when we need to update the
format. And fix the error for an invalid format to stop referencing the
Format field, which might not be involved during the parsing.
|
|
This makes it easier to construct a source package object with the
desired object, and initialize it as required.
Prompted-by: James McCoy <jamesan@debian.org>
Ref: https://salsa.debian.org/debian/devscripts/merge_requests/61
|
|
|
|
If the option has not been set, then the source format does not support
it and we should thus not recommend the --include-removal option in the
warning.
Closes: #913012
|
|
We initialized it already in the new constructor, no point in doing the
same twice.
|
|
This makes several call sites more clear, as we move the logic inside
the function.
|
|
This makes it possible to reuse the code by other modules.
|
|
|
|
The check is very simple, and can be done w/o requiring calling diff(1)
for each input file.
This makes the code shorter, more portable, and should be faster in the
non-binary cases.
|
|
We might use a vendor specific series file, so we should print the one
being used to notify if this fact.
|
|
Thanks-to: Niels Thykier <niels@thykier.net> (for typo in dpkg(1))
|
|
To be able to build a source tree, a user needs write permisions on it,
but not necessarily ownership of those files. We check the existing file
permissions and avoid changing them if not necessary, which helps in the
case where the user does not have ownership of those files, and they
were already present.
Closes: #898010
Naming-by: Julian Andres Klode <jak@debian.org>
|
|
When we are picking up upstream tarball signatures, we should also print
them as being used to create the source package.
Closes: #888787
|
|
Lumping all found tarballs into a single line makes the output more
confusing.
|
|
Closes: #879124
Warned-by: perl
Signed-off-by: Guillem Jover <guillem@debian.org>
|
|
We want to be able to check for prerequisites when loading the source
format module. That function used to be called import, which is a
misnomer here, and was not being invoked.
Rename it to the more appropriate prerequisites() and call it if it's
present from the module loading code.
Addresses: #877688
|
|
|
|
When we are building a source package, if we find a binary signature in
the form of a .sig file, we should try to auto-convert it to the format
that we expect to include in the source package, which is an OpenPGP
ASCII Armor.
|
|
|
|
|
|
|
|
|
|
Our current minimal Perl version contains a new enough List::Util module
implementing none and any, and several other functions.
|
|
These are generated files, and these pathnames are part of the external
interface. With the introduction of the buildinfo support, these get
generated even on source builds, which means that it can disrupt
previous workflows based on not cleaning the source tree, because they
assumed that source-only builds did not have filesystem side-effects.
|
|
This makes sure the perl module is using a directory traversal resistant
patch implementation, currently that's only GNU patch.
Fixes: CVE-2017-8283
Stable-Candidate: 1.17.x
|
|
Signed-off-by: Guillem Jover <guillem@debian.org>
|
|
Closes: #855450
Signed-off-by: Guillem Jover <guillem@debian.org>
|
|
If we do not have a date from the changelog set it to the current time.
Closes: #849081
|
|
Warned-by: codespell, spellintian
|
|
Instead of entering into an infinite loop.
Closes: #851441
|
|
|
|
When loading eval'ed modules we should remove «.» from @INC, or we
might end up loading code under the caller's control.
Fixes: CVE-2016-1238
|
|
|
