Debian Bug report logs - #232916
[dpkg-buildpackage] Cannot sign packages with PGP any longer (-ppgp broken)

version graph

Package: dpkg-dev; Maintainer for dpkg-dev is Dpkg Developers <debian-dpkg@lists.debian.org>; Source for dpkg-dev is src:dpkg.

Reported by: Javier Fernández-Sanguino Peña <jfs@computer.org>

Date: Sun, 15 Feb 2004 19:48:02 UTC

Severity: important

Tags: patch

Found in version 1.10.18

Fixed in version dpkg/1.10.19

Done: Scott James Remnant <scott@netsplit.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Dpkg Development <debian-dpkg@lists.debian.org>:
Bug#232916; Package dpkg-dev. Full text and rfc822 format available.

Acknowledgement sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
New Bug report received and forwarded. Copy sent to Dpkg Development <debian-dpkg@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>
To: submit@bugs.debian.org
Subject: [dpkg-buildpackage] Cannot sign packages with PGP any longer (-ppgp broken)
Date: Sun, 15 Feb 2004 20:38:19 +0100
[Message part 1 (text/plain, inline)]
Package: dpkg-dev
Version: 1.10.18
Priority: important
Tags: patch

Ok, here's the deal, I've been using pgp to sign my packages since I
started as a Debian maintainer (so I always run 'dpkg-buildpackage -ppgp')
, yesterday, however:

[This is a sample run with _very_ dummy package, it just has a barebones
debian/directory]
dpkg-deb: building package `dummy' in `../dummy_0.1_all.deb'.
 signfile dummy_0.1.dsc
 
You need a passphrase to unlock the secret key for
user: "Javier Fernandez-Sanguino Pen~a <jfs@computer.org>"
1024-bit RSA key, ID A436AD25, created 1997-11-17
 
                   
 dpkg-genchanges
dpkg-genchanges: error: syntax error in source control file 
../dummy_0.1.dsc at line 22: expected blank line before PGP signature
[!!!!]

Now, let's see dummy_0.1.dsc:
--------------------------dummy.dsc---------------------------------
      1 -----BEGIN PGP SIGNED MESSAGE-----
      2
      3 Format: 1.0
      4 Source: dummy
      5 Version: 0.1
      6 Binary: dummy
      7 Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
      8 Architecture: all
      9 Standards-Version: 3.5.8
     10 Files:
     11  2bb5b874f34ca4eb5f64f3686aad28be 1294 dummy_0.1.tar.gz
     12 -----BEGIN PGP SIGNATURE-----
     13 Version: GnuPG v1.2.4 (GNU/Linux)
     14
     15 iQCVAwUBQC/GnftEPvakNq0lAQGdJAP/ch1475RDHKEvoixBgHwvATysGneM/+kR
     16 Mulrl0ljbQRIyOb2wRqgUGKRySgCpNpxITMGcIL+nJdnJUtaYoo7nVnheCwbVec6
     17 NQCU2xr3TIMPnvMuzVZIEkCdbEwzmqj2NUp/GqRn1UhN90y1u+/ueMIaPIs+uAbV
     18 U4UgOQCqPO8=
     19 =l+Q3
     20 -----END PGP SIGNATURE-----
--------------------------dummy.dsc--------------------------

Ok. I can build the package if I run 'dpkg-buildpackage -pgpg', so this 
seems like an odd behaviour:

$ perl -d /usr/bin/dpkg-genchanges
 
Loading DB routines from perl5db.pl version 1.23
Editor support available.
 
Enter h or `h h' for help, or `man perldebug' for more help.
 
main::(/usr/bin/dpkg-genchanges:3):
3:      $dpkglibdir="/usr/lib/dpkg"; # This line modified by Makefile
  DB<1> r
dpkg-genchanges: error: syntax error in source control file 
../dummy_0.1.dsc at line 22: expected blank line before PGP signature
        main::error('syntax error in source control file ../dummy_0.1.dsc 
at line ...') called at /usr/lib/dpkg/controllib.pl line 309
        main::syntax('expected blank line before PGP signature') called at 
/usr/lib/dpkg/controllib.pl line 276
        main::parsecdata('S',-1,'source control file ../dummy_0.1.dsc') 
called at /usr/bin/dpkg-genchanges line 276
Debugged program terminated.  Use q to quit or R to restart,
  use O inhibit_exit to avoid stopping after program termination,
  h q, h R or h O to get additional info.

If I manually introduce a blank line in the dsc file at line 12 in the dsc 
file above the .changes file is generated properly (dpkg-genchanges does 
not stop)

Now, the funny thing is that the signed .dsc file generated by gpg is:

      1 -----BEGIN PGP SIGNED MESSAGE-----
      2 Hash: SHA1
      3
      4 Format: 1.0
      5 Source: dummy
      6 Version: 0.1
      7 Binary: dummy
      8 Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
      9 Architecture: all
     10 Standards-Version: 3.5.8
     11 Files:
     12  2dda1dc1024616425f5df0905984677d 1915 dummy_0.1.tar.gz
     13
     14 -----BEGIN PGP SIGNATURE-----
     15 Version: GnuPG v1.2.4 (GNU/Linux)
     16
     17 iD8DBQFAL8X3sandgtyBSwkRAkE7AJoDzKJ2gqYgIdBQGpJ8JlNhzx+M9ACeJEsB
     18 5kxNYphR0hiSRV6GqUOfMwo=
     19 =/ZAY
     20 -----END PGP SIGNATURE-----

And it does contain the blank line, but if I run gpg manually over the file
that blank file does not appear. Why so? Because dpkg-buildpackage's
signfile does the following:

        (cat "../$1" ; echo "") | \
        $signcommand --local-user "${signkey:-$maintainer}" --clearsign --armor \
                  --textmode  > "../$1.asc"

The 'echo ""' there forces the introduction of a blank line, but this is 
not done for pgp! Modifying signfile so that it is done for both fixes this 
issue. Please apply the attached patch.

Regards

Javier


[dpkg-buildpackage.diff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Reply sent to Scott James Remnant <scott@netsplit.com>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 232916-close@bugs.debian.org (full text, mbox):

From: Scott James Remnant <scott@netsplit.com>
To: 232916-close@bugs.debian.org
Subject: Bug#232916: fixed in dpkg 1.10.19
Date: Mon, 08 Mar 2004 14:47:04 -0500
Source: dpkg
Source-Version: 1.10.19

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:

dpkg-dev_1.10.19_all.deb
  to pool/main/d/dpkg/dpkg-dev_1.10.19_all.deb
dpkg-doc_1.10.19_all.deb
  to pool/main/d/dpkg/dpkg-doc_1.10.19_all.deb
dpkg_1.10.19.dsc
  to pool/main/d/dpkg/dpkg_1.10.19.dsc
dpkg_1.10.19.tar.gz
  to pool/main/d/dpkg/dpkg_1.10.19.tar.gz
dpkg_1.10.19_i386.deb
  to pool/main/d/dpkg/dpkg_1.10.19_i386.deb
dselect_1.10.19_i386.deb
  to pool/main/d/dpkg/dselect_1.10.19_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 232916@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott James Remnant <scott@netsplit.com> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  8 Mar 2004 19:05:32 +0000
Source: dpkg
Binary: dpkg-doc dpkg dselect dpkg-dev dpkg-static
Architecture: source all i386
Version: 1.10.19
Distribution: unstable
Urgency: high
Maintainer: Dpkg Development <debian-dpkg@lists.debian.org>
Changed-By: Scott James Remnant <scott@netsplit.com>
Description: 
 dpkg       - Package maintenance system for Debian
 dpkg-dev   - Package building tools for Debian
 dpkg-doc   - Dpkg Internals Documentation
 dselect    - a user tool to manage Debian packages
Closes: 139781 157437 168443 170953 190611 199489 199693 211566 213038 213543 213846 217286 217943 221989 222760 225692 228253 228379 232025 232916 235266
Changes: 
 dpkg (1.10.19) unstable; urgency=high
 .
   * Distinguish unmet build dependencies from build conflicts.
     Closes: #217943, #235266.
   * Force NULL-termination of all tar file entry names.  Closes: #232025.
   * Allow dselect to use the full window width.  Closes: #139781.
   * Pass correct number of arguments for format string when out of disk
     space.  Closes: #213038, #217286, #213543, #213846.
   * Remove duplicated entries from ChangeLog.  Closes: #157437.
   * Fix dpkg-buildpackage when used with PGP.  Closes: #232916.
   * Update support for Debian FreeBSD.  Closes: #211566.
   * Store Architecture in the status file.  Closes: #228253.
   * Don't print offending lines in md5sum.  Closes: #170953.
   * Check bounds of md5sum lines.  Closes: #168443, #199489, #199693.
 .
 dpkg (1.10.18.1) unstable; urgency=medium
 .
   * Non-maintainer upload to fix release-critical bugs.
   * Terminate string buffer in main/remove.c.  Closes: #228379.
   * Prevent stashing of hardlinked devices and setuid or setgid binaries
     by removing permissions on upgrade as well as on remove.
     Closes: #225692.
   * Update dpkg conflicts to << 1.10, instead of 1.9.
     Closes: #190611, #221989, #222760.
Files: 
 5a4c39cb6903694ec7ff0ebcd5afc33d 798 base required dpkg_1.10.19.dsc
 a735a1f14cc985ad083b46bce425001b 1547265 base required dpkg_1.10.19.tar.gz
 86386707c685a60c4132def2494b3657 1086080 base required dpkg_1.10.19_i386.deb
 5bf8ab50684b58b8619f2c7d982ac47f 95024 base required dselect_1.10.19_i386.deb
 088fe395e33835351e2ccdc3f8122a31 114618 utils standard dpkg-dev_1.10.19_all.deb
 294b7c2bf86172671a91b050c6db8a1a 10636 doc optional dpkg-doc_1.10.19_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFATMchIexP3IStZ2wRAoQRAJ0Q5CxELST85r5oNEY3nnZE6TB/mgCggxyX
0sfA6HaAPzloTBPKab+L3nw=
=R85a
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 10:57:24 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.