Forráskód Böngészése

dpkg-source: Add new --require-strong-checksums option and change default

Erroring out when no strong checksums are present is very harsh, as we
do not even do something similar for invalid/unknown/expired signatures
which means doing this for checksums has really no point.

Add a new command-line option to force the behavior to be strict, and
change to a warning.

Regression introduced in commit 040973c7a1e50b78ef042ef5ffbfff0440c24700.

Closes: #823428
Reported-by: Niko Tyni <ntyni@debian.org>
Guillem Jover 10 éve
szülő
commit
a558a21ae7
4 módosított fájl, 36 hozzáadás és 2 törlés
  1. 5 0
      debian/changelog
  2. 5 0
      man/dpkg-source.1
  3. 21 2
      scripts/Dpkg/Source/Package.pm
  4. 5 0
      scripts/dpkg-source.pl

+ 5 - 0
debian/changelog

@@ -1,10 +1,15 @@
 dpkg (1.18.7) UNRELEASED; urgency=medium
 dpkg (1.18.7) UNRELEASED; urgency=medium
 
 
   [ Guillem Jover ]
   [ Guillem Jover ]
+  * Add new dpkg-source --require-strong-checksums option and change default.
+    There is no point in erroring out on this condition when signature issues
+    are only warnings, because we cannot guarantee we have functional keys
+    for old signatures. Regression introduced in dpkg 1.18.5. Closes: #823428
   * Perl modules:
   * Perl modules:
     - Relax dependency restrictions parsing to allow again sloppy spaces
     - Relax dependency restrictions parsing to allow again sloppy spaces
       around versions, architectures and profile restrictions.
       around versions, architectures and profile restrictions.
       Regression introduced in 1.18.5. Closes: #823431
       Regression introduced in 1.18.5. Closes: #823431
+    - Add new require_strong_checksums option to Dpkg::Source::Package.
   * Documentation:
   * Documentation:
     - Shorten example symbol names in dpkg-gensymbols to avoid a mandb
     - Shorten example symbol names in dpkg-gensymbols to avoid a mandb
       warning due to unwrappable lines in translations.
       warning due to unwrappable lines in translations.

+ 5 - 0
man/dpkg-source.1

@@ -266,6 +266,11 @@ of the official Debian keyrings
 (\fI/usr/share/keyrings/debian\-keyring.gpg\fP
 (\fI/usr/share/keyrings/debian\-keyring.gpg\fP
 and \fI/usr/share/keyrings/debian\-maintainers.gpg\fP).
 and \fI/usr/share/keyrings/debian\-maintainers.gpg\fP).
 .TP
 .TP
+.BI \-\-require\-strong\-checksums
+Refuse to unpack the source package if it does not contain any strong
+checksums (since dpkg 1.18.7).
+Currently the only known checksum considered strong is \fBSHA-256\fP.
+.TP
 .B \-\-ignore\-bad\-version
 .B \-\-ignore\-bad\-version
 Turns the bad source package version check into a non-fatal warning
 Turns the bad source package version check into a non-fatal warning
 (since dpkg 1.17.7).
 (since dpkg 1.17.7).

+ 21 - 2
scripts/Dpkg/Source/Package.pm

@@ -34,7 +34,7 @@ is the one that supports the extraction of the source package.
 use strict;
 use strict;
 use warnings;
 use warnings;
 
 
-our $VERSION = '1.01';
+our $VERSION = '1.02';
 our @EXPORT_OK = qw(
 our @EXPORT_OK = qw(
     get_default_diff_ignore_regex
     get_default_diff_ignore_regex
     set_default_diff_ignore_regex
     set_default_diff_ignore_regex
@@ -188,6 +188,11 @@ specific for source packages using format "2.0" and "3.0 (quilt)".
 If set to 1, the check_signature() method will be stricter and will error
 If set to 1, the check_signature() method will be stricter and will error
 out if the signature can't be verified.
 out if the signature can't be verified.
 
 
+=item require_strong_checksums
+
+If set to 1, the check_checksums() method will be stricter and will error
+out if there is no strong checksum.
+
 =item copy_orig_tarballs
 =item copy_orig_tarballs
 
 
 If set to 1, the extraction will copy the upstream tarballs next the
 If set to 1, the extraction will copy the upstream tarballs next the
@@ -331,19 +336,29 @@ the other files constituting the source package. If any inconsistency is
 discovered, it immediately errors out. It will make sure at least one strong
 discovered, it immediately errors out. It will make sure at least one strong
 checksum is present.
 checksum is present.
 
 
+If the object has been created with the "require_strong_checksums" option,
+then any problem will result in a fatal error.
+
 =cut
 =cut
 
 
 sub check_checksums {
 sub check_checksums {
     my $self = shift;
     my $self = shift;
     my $checksums = $self->{checksums};
     my $checksums = $self->{checksums};
+    my $warn_on_weak = 0;
 
 
     # add_from_file verify the checksums if they are already existing
     # add_from_file verify the checksums if they are already existing
     foreach my $file ($checksums->get_files()) {
     foreach my $file ($checksums->get_files()) {
         if (not $checksums->has_strong_checksums($file)) {
         if (not $checksums->has_strong_checksums($file)) {
-            error(g_('source package uses only weak checksums'));
+            if ($self->{options}{require_strong_checksums}) {
+                error(g_('source package uses only weak checksums'));
+            } else {
+                $warn_on_weak = 1;
+            }
         }
         }
 	$checksums->add_from_file($self->{basedir} . $file, key => $file);
 	$checksums->add_from_file($self->{basedir} . $file, key => $file);
     }
     }
+
+    warning(g_('source package uses only weak checksums')) if $warn_on_weak;
 }
 }
 
 
 sub get_basename {
 sub get_basename {
@@ -643,6 +658,10 @@ sub write_dsc {
 
 
 =head1 CHANGES
 =head1 CHANGES
 
 
+=head2 Version 1.02 (dpkg 1.18.7)
+
+New option: require_strong_checksums in check_checksums().
+
 =head2 Version 1.01 (dpkg 1.17.2)
 =head2 Version 1.01 (dpkg 1.17.2)
 
 
 New functions: get_default_diff_ignore_regex(), set_default_diff_ignore_regex(),
 New functions: get_default_diff_ignore_regex(), set_default_diff_ignore_regex(),

+ 5 - 0
scripts/dpkg-source.pl

@@ -66,6 +66,7 @@ my %options = (
     copy_orig_tarballs => 1,
     copy_orig_tarballs => 1,
     no_check => 0,
     no_check => 0,
     require_valid_signature => 0,
     require_valid_signature => 0,
+    require_strong_checksums => 0,
 );
 );
 
 
 # Fields to remove/override
 # Fields to remove/override
@@ -189,6 +190,8 @@ while (@options) {
         $options{no_check} = 1;
         $options{no_check} = 1;
     } elsif (m/^--require-valid-signature$/) {
     } elsif (m/^--require-valid-signature$/) {
         $options{require_valid_signature} = 1;
         $options{require_valid_signature} = 1;
+    } elsif (m/^--require-strong-checksums$/) {
+        $options{require_strong_checksums} = 1;
     } elsif (m/^-V(\w[-:0-9A-Za-z]*)[=:](.*)$/s) {
     } elsif (m/^-V(\w[-:0-9A-Za-z]*)[=:](.*)$/s) {
         $substvars->set($1, $2);
         $substvars->set($1, $2);
     } elsif (m/^-T(.*)$/) {
     } elsif (m/^-T(.*)$/) {
@@ -606,6 +609,8 @@ sub usage {
   --no-copy                don't copy .orig tarballs
   --no-copy                don't copy .orig tarballs
   --no-check               don't check signature and checksums before unpacking
   --no-check               don't check signature and checksums before unpacking
   --require-valid-signature abort if the package doesn't have a valid signature
   --require-valid-signature abort if the package doesn't have a valid signature
+  --require-strong-checksums
+                           abort if the package contains no strong checksums
   --ignore-bad-version     allow bad source package versions.")
   --ignore-bad-version     allow bad source package versions.")
     . "\n" .
     . "\n" .
     get_format_help()
     get_format_help()