Dpkg
view release on metacpan or search on metacpan
- Dpkg::BuildInfo: Allow TZ, TZDIR and DATEMSK variables.
- Dpkg::BuildInfo: Allow ld.so run-time variables.
- Dpkg::BuildInfo: Allow resolver specific variables.
- Dpkg::BuildInfo: Allow POSIXLY_CORRECT and GETCONF_DIR variables.
- Dpkg::BuildProfiles: Add new build_profile_is_invalid function.
- Dpkg::BuildProfiles: Make parser more strict. Closes: #1121657
- Dpkg::Shlibs::Objdump::Object: Add support for "Version References"
symbols. Closes: #1122107
- Dpkg::Source::Package: Deprecate implicit trusted GnuPG keyrings.
- Dpkg::OpenPGP::Backend::GnuPG: Deprecate KeyBox formatted keyrings.
- Dpkg::Vendor::Debian: Use .pgp keyrings instead of .gpg ones.
- Dpkg::Vendor::Devuan: Use .pgp keyrings instead of .gpg ones.
- Dpkg::Control::FieldsCore: Deprecate SC field export rules in binary
stanza. Prompted by Richard Hansen <rhansen@rhansen.org>.
See https://bugs.debian.org/1117566.
- Dpkg::Control::FieldsCore: Do not autovivify %FIELDS entries on getters.
- Dpkg::Substvars: Add support for implicit substvars assigned with $=.
* Make fragments:
- Switch to use GNU make intcmp instead of relying on shell.
Prompted by Sean Whitton <spwhitton@spwhitton.name>.
See https://lists.debian.org/debian-devel/2025/12/msg00039.html.
* Documentation:
header setup macros.
* Perl modules:
- Dpkg::OpenPGP::Backend::GnuPG: Do not require cmdstore for backend
command.
- Dpkg::OpenPGP::Backend: Generalize has_verify_cmd().
- Dpkg::OpenPGP::Backend: Support disabling cmd and cmdv via 'none' value.
- Dpkg::OpenPGP::Backend::SOP: Add sopv support.
- Dpkg::OpenPGP::Backend::GnuPG: Refactor newline workaround into a
function.
- Dpkg::OpenPGP::Backend::GnuPG: Do not add the newline workaround for
gpg-sq.
- Dpkg::OpenPGP::Backend::Sequoia: Add a hint about authorizing own keys.
- Dpkg::OpenPGP::Backend::Sequoia: Refactor cmd and cmdv handling.
* Documentation:
- man: Remove trailing space. Closes: #1095542
- doc: Remove trailing angle bracket.
- doc: Split and sort copyright statements.
* Code internals:
- libdpkg: Add new strvec module.
- libdpkg: Add new path_canonicalize() function.
- libdpkg: Add new file_realpath() function.
- dselect, test: Mark C++ destructors on derived classes as override.
- start-stop-daemon: Reformat license/copyright comment header.
- libcompat: Add compatibility functions for fgetpwent() and fgetgrent().
- libdpkg: Add support for sysuser/sysgroup specific to each chroot.
Closes: #1033051
* Build system:
- Avoid explicitly escaped hash characters in automake files.
* Packaging:
- Add OpenPGP tools to Build-Depends as pkg.dpkg.author-testing build
profile.
- Move gnupg and gpgv as the last alternatives.
- Add a NEWS entry to dpkg-dev for Rules-Requires-Root default change.
* Test suite:
- Skip OpenPGP backend tests based on available cmd and cmdv programs.
- Rework OpenPGP backend selection to prepare for cmdv support.
- Add OpenPGP cmdv testing support.
- Refactor database files creation into new DPKG_GEN_DB_FILE macro.
- Update cppcheck to request C++14 to match expected baseline.
- Pass --root-owner-group to dpkg-deb in functional tests.
* Localization:
- Update Brazilian Portuguese translations.
- Dpkg::Shlibs: Improve code comments.
- Dpkg::Archive::Ar: Copy only the number of bytes we have read.
- Dpkg::Vendor: Remove backwards compatibility module and origin name
mangling.
- Dpkg::BuildInfo: Add GNUMAKEFLAGS as an allowed environment variable.
Thanks to Santiago Vila <sanvila@debian.org>. Closes: #1090337
- Dpkg::BuildDriver::DebianRules: Handle missing root_cmd option.
- Dpkg::ErrorHandling: Add support for hint printing.
- Dpkg::OpenPGP::Backend::GnuPG: Handle and warn on concatenated ASCII
Armor blocks.
- Revert "Dpkg::OpenPGP::Backend::GnuPG: Fallback to use «gpg dearmor» if
present".
- Dpkg::OpenPGP::Backend::GnuPG: Move armor/dearmor implementation to base
class.
- Dpkg::OpenPGP::Backend::SOP: Use the parent class armor/dearmor
implementations.
- Dpkg::Vendor::Debian: Remove merged-/usr taint logic.
- Dpkg::Control::FieldsCore: Add new field_get_default_value() function.
* Make fragments:
- Document DPKG_BUILD_API in buildapi.mk.
- Document public API and expected directory to include from.
-- Guillem Jover <guillem@debian.org> Sun, 10 Mar 2024 20:21:24 +0100
dpkg (1.22.5) unstable; urgency=medium
[ Guillem Jover ]
* dpkg-buildapi: Remove -v alias for --version.
* dpkg-query: Fix exit codes for --show. Closes: #1064036
* Perl modules:
- Dpkg::OpenPGP::Backend::Sequoia: Update to new CLI API changes.
- Dpkg::OpenPGP::Backend::GnuPG: Add support for Sequoia gpg Chameleon.
- Dpkg::Vendor::Debian: Only append branch compiler flags if $flag is set.
- Dpkg::Vendor: Make the add_build_flags() a non-private method.
- Dpkg::Vendor::Ubuntu: Pass compiler flags to disable features.
Based on a patch by Matthias Klose <doko@ubuntu.com>.
- Dpkg::Vendor::Debian: Enable time64 feature by default except on
<some>-i386. Closes: #1037136
Based on a patch by Steve Langasek <steve.langasek@ubuntu.com>.
- Dpkg::Vendor::Debian: Enable qa=+bug-implicit-func for abi=+time64
feature. Based on a patch by Steve Langasek <steve.langasek@ubuntu.com>.
* Documentation:
-- Guillem Jover <guillem@debian.org> Tue, 07 Feb 2023 12:19:12 +0100
dpkg (1.21.19) unstable; urgency=medium
[ Guillem Jover ]
* Architecture support:
- Revert "arch: Add support for loong64 CPU". See #1028654.
* Perl modules:
- Dpkg::OpenPGP::Backend::GnuPG: Set secure signing preferred algorithms.
Closes: #1028961
- Dpkg::OpenPGP::Backend::GnuPG: Touch trustedkeys.gpg on temporary gpg
home.
- Dpkg::OpenPGP::Backend::GnuPG: Fallback to use «gpg dearmor» if
present. Reported by Sven Joachim <svenjoac@gmx.de> (on IRC).
- Dpkg::Vendor::Ubuntu: Fix lto feature to honor DEB_BUILD_OPTIONS.
* Test suite:
- Set the permissions explicitly for the copied ChangeLog.old file.
- Add unit tests for lto build flags handling in Ubuntu.
Thanks to Shengjing Zhu <shengjing.zhu@canonical.com>.
See https://bugs.launchpad.net/bugs/2002582.
* Localization:
- Update Catalan translation.
- Update Portuguese man pages translation.
- Update German man pages translation.
- Update German scripts translation.
-- Guillem Jover <guillem@debian.org> Sun, 01 Jan 2023 23:48:16 +0100
dpkg (1.21.13) unstable; urgency=medium
[ Guillem Jover ]
* Perl modules:
- Test::Dpkg: Refactor OpenPGP requisite into test_needs_openpgp_backend().
- Dpkg::Backend::GnuPG: Ensure future signing interop with gpg --openpgp.
* Documentation:
- man: Move parallel-safe note from dpkg-buildpackage -j option to
--jobs-force.
* Code internals:
- start-stop-daemon: Cast struct sockaddr_un to struct sockaddr on bind()
call.
- lib: Stop using register keyword.
- libcompat: Remove unused arguments from ngettext() fallback macro.
- libcompat: Switch manual copying to memcpy() in obstack module.
- libcompat: Switch obstack to use size_t.
Reported by Niels Thykier <niels@thykier.net> (on IRC).
- Test::Dpkg: Refactor test files search into _test_get_files function().
- Dselect::Ftp: Declare %CONFIG with «our» instead of «my».
- Dselect::Ftp: Conditionally load perl modules shipped in the perl
package.
- Test::Dpkg: Make test_get_temp_path() remove the path before creating it.
- Dpkg::File: Add new file_dump() function.
- Dpkg::File: Add new file_touch() function.
- Dpkg::OpenPGP: Remove unused $exec_opts argument from _exec_openpgp().
- Dpkg::OpenPGP: Pass opts as a hash ref on the first argument.
- Dpkg::OpenPGP: Refactor _gpg_import_keys() out of import_key().
- Dpkg::OpenPGP: Refactor GnuPG common options into functions.
- Dpkg::OpenPGP: Require gpgv and do not fallback to gpg to verify
signatures.
- Dpkg::OpenPGP: Refactor _gpg_verify() out from verify_signature().
- Dpkg::OpenPGP: Split verify_signature() into verify() and
inline_verify().
- Dpkg::OpenPGP: Rename keyrings option to certs.
- Dpkg::OpenPGP: Rename and namespace GnuPG specific symbols.
- Dpkg::OpenPGP: Refactor is_armored() out from openpgp_sig_to_asc().
- Dpkg::OpenPGP: Refactor armoring code into an armor() function.
- Dpkg::Source::Package: Add armor_original_tarball_signature() member.
- Dpkg::OpenPGP: Merge ASCII armored key import into signature
verification.
- Dpkg::OpenPGP: Add native helpers for ASCII Armor.
Thanks to Daniel Kahn Gillmor <dkg@fifthhorseman.net>.
See https://salsa.debian.org/debian/devscripts/-/merge_requests/286.
- Dpkg::OpenPGP: Switch armor() to use native OpenPGP armor functions.
- Dpkg::OpenPGP: Add new dearmor() function.
- Dpkg::OpenPGP: Use dearmor() instead of _gpg_import_keys() in
_gpg_verify().
- Dpkg::OpenPGP: Move status check from _gpg_exec() to _gpg_verify().
- Dpkg::OpenPGP: Make it a class.
- Dpkg::OpenPGP::KeyHandle: Refactor new key handle from dpkg-buildpackage.
- Dpkg::OpenPGP: Pass an array instead of an arrayref to _gpg_exec().
- Dpkg::OpenPGP::ErrorCodes: Add new module.
- Dpkg::OpenPGP: Switch functions to return Dpkg::OpenPGP::ErrorCodes.
- Dpkg::OpenPGP: Change inline_verify to take an output file.
Requested by Daniel Kahn Gillmor <dkg@fifthhorseman.net>.
- Dpkg::OpenPGP: Make armor idempotent.
- Dpkg::Source::Package: Call armor() unconditionally for signature
conversion.
- Dpkg::OpenPGP: Remove now unnecessary is_armored() method.
Prompted by Daniel Kahn Gillmor <dkg@fifthhorseman.net>.
- Dpkg::OpenPGP: Call dearmor() unconditionally for GnuPG certificate
imports.
- Dpkg::OpenPGP: Reintroduce gpg fallback for signature verification.
- Dpkg::OpenPGP: Automatically detect both cmd and cmdv.
- Dpkg::OpenPGP: Refactor trusted keyrings from Dpkg::Source::Package.
- Dpkg::OpenPGP: Refactor signing code from dpkg-buildpackage.
- Dpkg::OpenPGP::KeyHandle: Add new needs_keystore() method.
- Dpkg::OpenPGP::Backend: Refactor GnuPG functions from Dpkg::OpenPGP.
- Dpkg::OpenPGP::Backend: Add new has_verify_cmd() method.
- Dpkg::OpenPGP: Add multi-backend loading support.
- Dpkg::OpenPGP: Add Sequoia backend support.
- Dpkg::OpenPGP: Handle backend requiring a keystore daemon for signing.
- Dpkg::Gettext: Fix typo in POD.
- Use long options for autotools commands.
- Do not ignore Makefile under the functional test suite.
- Consider src and scripts prefixes as internal in gen-changelog.
- Consider scripts/mk prefixes as new «Make fragments» in gen-changelog.
* Packaging:
- Bump Standards-Version to 4.6.1 (no changes needed).
- Properly install specs under /usr/share/doc/dpkg/spec/.
- Do not compress spec files.
- Update bogus lintian tag format.
- Update debbugs usertags.
- Switch from gpg to gnupg for author testing Build-Depends.
- Add build dependencies for release process.
* Test suite:
- Do not use unportable -a option to cp.
- Use «perl» instead of «stat -c '%s'».
- Redirect dd stderr to /dev/null instead of using status=none argument.
- Remove stray backslash before comma.
- Add Dpkg::File unit tests.
- Improve OpenPGP unit tests and check verification and signing.
- Add unit tests for meminfo module.
- Refactor total number of expected known architectures into a variable.
- Dpkg::Source::Package::V1: Print a message when verifying tarball
signatures.
- Dpkg::Path: Fix pathname traversal check for symlinks. Closes: #971203
- Dpkg::Source::Package: Honor no_check for directory traversal checks.
See #971203.
- Dpkg::Source::Package: Call syserr() instead of syserror().
Reported by Drew Parsons <dparsons@debian.org>.
See #849752. Closes: #976249
- Dpkg::Path: Check first whether the files are the same by comparing
string-wise. Closes: #849752
- Dpkg::OpenPGP: Refactor gpg armor code into its own function.
* Documentation:
- man: Fix typo in --print-unset option reference.
Reported by Ferenc Wágner <wferi@debian.org>. Closes: #966110
- man: Clarify that dpkg-architecture uses some of its own variables.
Closes: #966111
- man: Fix casing and namespacing in VARIABLES definitions.
- man: Fix typo in dpkg-source(1).
Thanks to Paul Wise <pabs@debian.org>.
- man: Add a reference to deb-symbols(5) in deb-src-symbols(5) DESCRIPTION.
Prompted by #970083.
[ Updated programs translations ]
* German (Sven Joachim).
-- Guillem Jover <guillem@debian.org> Tue, 07 Jul 2020 07:57:48 +0200
dpkg (1.20.3) unstable; urgency=medium
[ Guillem Jover ]
* Perl modules:
- Dpkg::OpenPGP: Pass --no-options to gpg in verify_signature().
Reported by Bertrand Marc <bmarc@debian.org>. Closes: #963839
- Dpkg::Build::Info: Clarify by giving context to the
get_build_env_whitelist() deprecation warning. Closes: #963844
Reported by Sven Joachim <svenjoac@gmx.de>.
- Dpkg::Source::Package: Fix check_original_tarball_signature() to make
import_key() honor require_valid_signature, which should default to
false. Reported by Mattia Rizzolo <mattia@debian.org>.
- Dpkg::OpenPGP: Use a temporary directory for the GnuPG homedir in
import_key(), to make sure we do not write to the user home directory,
which might be read-only or non-existent. Closes: #963944
options. Closes: #871808
* Portability:
- libdpkg: When using uselocale(), include <xlocale.h> for locale_t if
the header is available. Needed on BSDs.
Reported by Sirio Balmelli <sirio@b-ad.ch>.
* Perl modules:
- Dpkg: Add a LICENSE section to the POD.
- Dpkg::Source::Package: Add new get_upstream_signing_key() method.
- Dpkg::Source::Package: Check missing expected tarball signatures.
- Dpkg::Source::Package::V1: Check version format matching source format.
- Dpkg::Vendor::Debian: Add debian-nonupload.gpg keyring.
Thanks to Taowa Munene-Tardif <taowa@debian.org>. Closes: #956055
- Dpkg::Vendor::Debian: Detect merged-usr-via-symlinks also with absolute
pathnames. Reported by Adam Borowski <kilobyte@angband.pl>.
- Dpkg::Build::Info: Avoid whitelist in function name.
- Dpkg::Shlibs::SymbolFile: Avoid blacklist and whitelist terms.
* Documentation:
- man: Fix misused two-fonts macros.
Thanks to Bjarni Ingi Gislason <bjarniig@rhi.hi.is>. Closes: #955028
- man: Trim trailing whitespace from output.
Thanks to Bjarni Ingi Gislason <bjarniig@rhi.hi.is>. Closes: #955030
* libdpkg: Set LESS to “-FRSXMQ†if not already set, when spawning a pager.
* libdpkg: Ignore SIGPIPE when setting up a pager, and then ignore EPIPE
errors when writing to stdout, otherwise if we quit the pager early, the
program will exit with an error code.
* libdpkg: Set stdout to be fully buffered when using a pager.
* dpkg, dpkg-query: Add new --no-pager option. For dpkg this is also a
configuration option. Closes: #909754
* Perl modules:
- Dpkg::OpenPGP: Ignore Version field in enarmored output.
Fixes CPAN#127217.
- Dpkg::OpenPGP: Do not read the gpg user configuration file.
- Dpkg::Source::Functions: Reimplement is_binary() w/o using diff(1).
- Dpkg::Source::Package::V2: Split the BinaryFiles module into its own
file, and give it a more generic name (Dpkg::Source::BinaryFiles).
- Dpkg::Source::Package::V2: Move binary file detection to BinaryFiles
module.
* Documentation:
- dpkg-buildpackage(1): Clarify --build=source explanation.
- dsc(5): Clarify what “flattened†means in Testsuite-Triggers.
Prompted by Mattia Rizzolo <mattia@debian.org>.
- dsc(5): Add a reference to where the source formats are described.
- Do not pass VERBOSE to test suite, as we are not using any automake
test driver, so it does not get honored.
- Rename maintainer-build DEB_BUILD_OPTIONS to new standardized terse.
- Enable verbose test suite only in non-terse builds.
- Add a Suggests on sensible-utils to libdpkg-perl.
- Switch libdpkg-perl again to depend on perl:any, now that debootstrap
in stable (stretch) supports arch-qualified dependencies.
- Update libdpkg-perl public module list in package description.
- Add Breaks on apt (<< 1.7~b) for --status-fd duplicate removals.
* Test suite:
- Skip Dpkg::OpenPGP test if gpg is not present.
- Check POD in all perl scripts.
- Consider *.PL also to be perl files.
- Infer automatically the unit test data directory.
- Infer automatically the unit test temp directory.
- Add new po author test case (use i18nspector if available).
- Add new test cases to clarify arch-qualified dependency simplification.
- Add several TODO tests cases for dependency simplification.
- Add new cppcheck author test.
- Add support for new test_get_srcdir() test_get_builddir().
- Add new unit tests for namevalue, fsys-hash and pkg-hash libdpkg modules.
- Make the dependency parser more strict in Dpkg::Deps. Closes: #784806
- Add strong digest marking support to Dpkg::Checksums.
- Error out on source packages without any strong digests in
Dpkg::Source::Package, used by dpkg-source --extract, which can still
be disabled with --no-check.
- Switch Dpkg::Conf implementation to be hash based, add two new accessors
and a new option to the filter method to use the old behavior.
- Do not parse entry multiple times in Dpkg::Changelog::Entry::Debian.
Add new parse_header() and parse_trailer() methods, and deprecate
check_header() and check_trailer() ones.
- Use “GnuPG†instead of “gpg†in error messages to refer to the software
in Dpkg::Source::Package.
- Handle undef versions in Dpkg::Changelog from empty versions in
changelog entry header lines.
- Allow detached upstream orig tarball signatures when extracting
version 1.0 non-native source packages.
- Include upstream orig tarball signatures in source packages.
See #759478.
- Add fixdebugpath to reproducible feature in Dpkg::Vendor::Debian.
Thanks to Daniel Kahn Gillmor <dkg@fifthhorseman.net>. Closes: #819194
* Build system:
Thanks to Johannes Schauer <j.schauer@email.de>. Closes: #760158
* Normalize instdir in dpkg by removing trailing «/» and «/.». This gets
rid of several inconsistencies and doubled «/» in syscalls and output
messages.
* Never try to remove the root directory or its backups. There's no point in
it, and makes life more difficult for a read-only root with a read-write
overlay or a symlink farm. Requested by sepero111@gmx.com.
* Remove arbitrary filename limit from dpkg-deb, which was lifted some
time ago when the code switched to a dynamic string via varbuf.
* Do not pipe the files to sign from dpkg-buildpackage to GnuPG. When GnuPG
uses the gpg-agent it is unable to detect the correct tty configuration
if stdin is a pipe instead of the current terminal. Closes: #762391
* Add a new --hash option to enable generating only specific file checksums
in dpkg-scanpackages. Requested by Thorsten Glaser <tg@debian.org>.
* Add architecture restriction options for dpkg-architecture -L. This allows
selecting specific subsets of all valid known architectures, matching by
wildcard (-W), endianness (-E) or bits (-B). The restricting options can
be combined, or omitted altogether. Closes: #762635
* Say arch-wildcard instead of arch-alias in dpkg-architecture --help output.
* Test suite:
- Do not leave temporary files behind on failure or when interrupted.
* Fix dpkg-maintscript-helper symlink_to_dir and dir_to_symlink commands:
- Always run postinst code regardless of prior-version, as the package
might have been never configured before.
- Be more strict when checking the expected state of paths.
- Rename subcommand shell code to check-files-ownership.
- Change dir_to_symlink switch code to use a staging empty directory,
to avoid dpkg removing files from other packages, when removing the
package old files during upgrade.
- Bump minimal version in man page to 1.17.5.
Closes: #731730
* Mention gpg2 too as one of the default sign commands in dpkg-buildpackage.
[ Updated programs translations ]
* German (Sven Joachim).
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man pages translations ]
* German (Helge Kreutzmann).
* Set a default gettext domain for libdpkg code, so that other programs
using a different domain can still get correct translations, like dselect.
* Cleanup libdpkg-perl API:
- Dpkg::Compression: Deprecate $default_compression_level,
$default_compression and $compression_re_file_ext package variables.
- Dpkg::Exit: Deprecate @handlers package variable.
- Dpkg::Source::Package: Deprecate $diff_ignore_default_regexp and
@tar_ignore_default_pattern package variables.
- Dpkg::Changelog::Entry::Debian: Deprecate $regex_header and
$regex_trailer package variables.
* Add GnuPG 2.x support. Add gnupg2 and gpgv2 as alternative Recommends to
gnupg and gpgv (to not pull them by default), but prefer gpgv2 over gpgv,
and gpg2 over gpg at run-time if they are available.
* Switch dpkg conflictor tracking from a fixed-size array to a queue,
fixing several related issues, due to conflictors not being removed from
the array after processing them. dpkg could fill it due to additions in
previous package processing producing very confusing error messages; and
a theoretical problem where a package could get appended to be removed,
then reinstalled as a new version, to get removed again when revisiting
the array in a subsequent package processing. Closes: #726112
* Do not accept empty field names in dpkg.
* Do not accept an initial hyphen in field names.
* Add experimental build profiles support:
Thanks to Modestas Vainius <modestas@vainius.eu> for the patch.
See dpkg-gensymbols(1) for more information. Closes: #521551
* Do not include #MISSING lines in symbols files integrated in binary
packages. Closes: #526251
* Assume an implicit version of "Base" for all unversioned symbols
that are merged into a SymbolFile. Closes: #533181
* Add new tag "ignore-blacklist" to force-include symbols which are
normally blacklisted. This can be useful for libgcc to include symbols
that the toolchain allows being shared but that are often static (and
hence are blacklisted for this reason). Closes: #533642
* In dpkg-source, explicitly pass --keyring ~/.gnupg/trustedkeys.gpg to
gpgv as it does not use it if other --keyring parameters are given.
Closes: #530769
* In dpkg-vendor, allow using dashes instead of spaces in vendor
filenames. Closes: #532222
* Skip dpkg-genchanges' warning about lower version numbers for backports
(recognized by ~bpo or ~vola in their version number). Closes: #525115
* Support all checksum algorithms in dpkg-scanpackages/dpkg-scansources.
Closes: #533828
* Fix dependency parsing code in Dpkg::Deps to not accept "foo\nbar"
even if foo is valid. Closes: #534464
Thanks to Andrew Sayers for spotting the problem.
* Avoid perl warnings in dpkg-gencontrol and dpkg-genchanges when the
Architecture field is missing in a binary package. Closes: #510282
* Modify Dpkg::Version::check_version() to not die by default.
Closes: #510615
* dpkg-source now ignores all possible vi swap file extensions (and not
only .swp). The corresponding exclude pattern for -I also got tightened to
only catch filenames starting with a dot. Closes: #515540
* dpkg-gencontrol displays a better error message when an ORed dependency
is used in a union field like Conflicts, Replaces or Breaks.
Closes: #489238
* dpkg-source's signature check is now done with gpgv if possible and
timeouts if not completed within 10 seconds. Closes: #490929
When using gpg, use --no-default-keyring to be consistent with gpgv's
behaviour to not use the user's keyring. Closes: #440841
* Update dpkg-dev dependencies: Closes: #472942
- Move gnupg to Recommends. It's needed to sign .dsc and .changes.
- Add gpgv to Recommends. Useful to check signatures of extracted packages.
- Add debian-maintainers to Suggests. Together with debian-keyring they
contain all the GPG keys required to verify official Debian packages.
* Drop /etc/dpkg/origins as it's taken over by base-files (see #487437).
* Fix dpkg-shlibdeps to properly initialize a symbol-based dependency
even when some symbols are associated with a (fake) version "0". Such a
version means that the symbol has always existed in all versions of the
package.
* When dpkg delegates to dpkg-query or dpkg-deb to do the actual work, add
the "--" marker to explicitly document the end of options so that
arguments starting with a dash are not interpreted as options.
Closes: #444362
* dpkg-buildpackage accepts a -j<n> option now which will set
MAKEFLAGS(-j<n>) and DEB_BUILD_OPTIONS(parallel=<n>) accordingly.
parallel=<n> in DEB_BUILD_OPTIONS will be passed to MAKEFLAGS as
well. Based on an idea by Robert Millan. Closes: #440636
* Allow dpkg-source -I without a pattern which will load a default
list of pattern similar to -i without regexp. Patch by
Jari Aalto. Closes: #440972
* Rework documentation of dpkg-source's -i and -I options.
Closes: #323911, #440956
* Add --utf8-strings to gpg call in dpkg-buildpackage since
that seems to be the better default. Suggested by Székelyi Szabolcs.
Closes: #379418
* Let dpkg-buildpackage error out early if the version number from
the changelog is not a valid Debian version. Closes: #216075
* Fix dpkg-source to create correct diffs for files with spaces in
their name (apparently we don't have many of those ;).
Based on a patch by Marcel Toele. Closes: #445380
[ Updated programs translations ]
* Basque (Piarres Beobide). Closes: #440859
* Escape ` and ' in manpages otherwise they are converted to quotation
marks, which makes cut and paste not work. Thanks to Denis Barbier.
Closes: #349925
[ Frank Lichtenheld ]
* Let dpkg-source ignore comments in the hunk header as used by
diff -p (Anand Kumria). Closes: #344880
* Let dpkg-buildpackage create a .changes file even if signing the
.dsc file failed. This makes it easier to just sign the package
later (Julian Gilbey). Closes: #217963
* Change heuristics of dpkg-buildpackage's gpg check to allow for
more complex setups (Julian Gilbey). Closes: #163061
* Add files and dirs used by bzr to default dpkg-source -i regex
(maximilian attems). Closes: #345164
* Add .git directory to default dpkg-source -i regex.
Suggested by Hans Ulrich Niedermann. Closes: #351885
* dpkg-scanpackages can now output Packages files with multiple
versions of a single package (Don Armstrong). Closes: #229589.
* dpkg-scanpackages outputs help when given the --help or -h option
(Don Armstrong). Closes: #319541
* Document dpkg-scanpackage -m in man page.
* Let dpkg-gencontrol bail out with an error if parsedep
found an error while parsing a dependency field. Closes: #228125
* dpkg-source -x now tries to chown all files extracted from
tar files. The temporary directory is now created with mode
0700, too. Together this should make it safer to run
dpkg-source -x as root. Based on suggestions by Marcus
Brinkmann and Colin Watson. Closes: #144571, #238460
* Let dpkg-source -b check the build relation fields before
putting them into the .dsc. As a side effect they also
get normalized. Closes: #254449
* Check the gpg signatures of .dsc files before unpacking. See
the upstream changelog for a full description of the semantics.
Based on a patch by Matt Zimmerman. Closes: #48711
* Let dpkg-source ensure (as good as possible) that all
build source packages can also be unpacked.
Closes: #6820, #7014
Also fixed handling of md5sum -b output in dpkg-source on
the way. Based on a patch by Ingo Saitz. Closes: #316123
* Check for illegal architecture strings in dpkg-gencontrol and
dpkg-source. dpkg-gencontrol will only issue a warning while
dpkg-source will error out. Closes: #96920
- Spanish dpkg-source manpage (Ruben Porras). Closes: #171489.
-- Scott James Remnant <scott@netsplit.com> Sun, 25 Apr 2004 18:55:10 +0100
dpkg (1.10.20) unstable; urgency=high
* Update Japanese translation. Closes: #224616
* Update French translation. Closes: #218713
* Fix spelling error in German md5sum man page. Closes: #230750
* Fix typo in pt_BR po file. Closes: #192102
* Revert fix for #232916, this turns out to be a bug in the pgpgp
wrapper, dpkg worked fine with pgp itself.
-- Scott James Remnant <scott@netsplit.com> Thu, 11 Mar 2004 11:24:54 +0000
dpkg (1.10.19) unstable; urgency=high
* Distinguish unmet build dependencies from build conflicts.
Closes: #217943, #235266.
* Force NULL-termination of all tar file entry names. Closes: #232025.
* Allow dselect to use the full window width. Closes: #139781.
* Use full path for argv[0] when calling scripts. Closes: Bug#68783
* Add ia64 support to dpkg-architecture.
* Minor script changes, Closes: Bug#87485
* Stop dpkg-genchanges from complaining about missing packages
when doing a source-only build. Closes: Bug#87571,#15644,#25496
* Various dpkg-architecture cleanups. Closes: Bug#87505
* Modify dpkg-architecture to handle gcc versions containing letters.
Closes: Bug#83083
* dpkg-buildpackage updates: Closes: Bug#87572,#85847
+ make -C work properly
+ fix test for gpg secret keyring
+ improve source messages
+ skip signing pause when building unsigned packages
+ test for invalid signinterface. Closes: Bug#87579
+ remove debsign support, it's useless and doesn't work
+ Use correct architecture when naming .changes file. Closes: Bug#88015
* Fix wording in dpkg-statoverride manpage for --add. Closes: Bug#85080
* Fix typo in start-stop-daemon manpage. Closes: Bug#88225
* Add dpkg-checkbuilddeps to check if build dependencies are satisfied
and modify dpkg-buildpackage to call it if wanted.
Closes: Bug#86453,#83812,#60717,#74372,#67896,#60717,#13961
include them when figuring out the Arch field in the .changes
* mark another string as translateable, Closes: Bug#62543
* fix location of --abort-after in --help output, Closes: Bug#62464
* fix allocation error in checkpath(), Closes: Bug#62364
* add Hold to list of desired package states in -l output, Closes: Bug#58765
-- Wichert Akkerman <wakkerma@debian.org> Fri, 21 Apr 2000 11:52:59 +0200
dpkg (1.6.12) frozen unstable; urgency=high
* Fix test for gpg/pgp in dpkg-buildpackage. You can now build
unsigned packages again. Closes: Bug#60395
* Updated Spanish and Swedish translations. Closes: Bug#41735
* Merge patch from Joel Klecker to remove emacsen-common stuff from dpkg-dev
-- Wichert Akkerman <wakkerma@debian.org> Mon, 3 Apr 2000 16:50:02 +0200
dpkg (1.6.11) frozen unstable; urgency=high
* Oops, missed one case where the libc/ncurses conflict reared its
ugly head and broke dselect miserably.
* Actually include fix to make update-alternatives works filesystems (oops!)
* Check if codenumber is between 0 and 99, Closes: Bug# 46810
-- Wichert Akkerman <wakkerma@debian.org> Tue, 5 Oct 1999 19:19:05 +0200
dpkg (1.4.1.13) unstable; urgency=low
* Non-maintainer release.
* NMU number 13, lets see what breaks :)
* update-alternatives works across filesystems now
* Make -sgpg work in dpkg-buildpackage (typo)
-- Wichert Akkerman <wakkerma@debian.org> Tue, 28 Sep 1999 01:26:19 +0200
dpkg (1.4.1.12) unstable; urgency=low
* Non-maintainer release.
* Fix typo in chmodsafe_unlink that made dpkg chmod files that
weren't setuid or setgid
-- Wichert Akkerman <wakkerma@debian.org> Sun, 26 Sep 1999 02:41:30 +0200
Closes: Bug#45642
-- Wichert Akkerman <wakkerma@debian.org> Fri, 24 Sep 1999 03:23:54 +0200
dpkg (1.4.1.10) unstable; urgency=low
* Non-maintainer release.
* Build dpkg-scansources manpages using pod2man
* dpkg-buildpackage changes:
+ fix signinterface-detection
+ use gpg by default if $HOME/.gnupg/secring.gpg exists
-- Wichert Akkerman <wakkerma@debian.org> Thu, 16 Sep 1999 15:36:43 +0200
dpkg (1.4.1.9) unstable; urgency=low
* Non-maintainer release.
* Updated dpkg-scansources to current version from Roderick Schertler
* Update location of GPL in internals-manual
* Update location of GPL and dpkg copyright in all manpages
* Include patch from Roman Hodek for dpkg-source to handle diffs of files
* Removed references to the packaging and policy manuals from debian/control.
* Put debian-changelog-mode.el in dpkg-dev and remove from dpkg (closes:Bug#29271).
* Fix paths in 50dpkg-dev.el using Roderick Schertler's patch
(closes:Bug#28270,#29702,#26876,#29184,and others).
* Note that bug number 17367 was fixed in 1.4.0.26.
* Add Zack Weinberg's install-info patch for GNU install-info
compatibility (closes:Bug#28965).
* Add dpkg-architecture stuff from Marcus Brinkmann.
* Remove debian-keyring suggests from dpkg.
* Add -k<keyid> flag to dpkg-buildpackage.
* --textmode works in gpg, remove kluge from dpkg-buildpackage.
* Cleanup configure.in slightly (stop using tl_ macros, fix gettext stuff).
* Attempt to make Debian source useful for non-Debian systems
(i.e. distclean tree instead of maintainer-clean tree).
* Sync with wichert's 1.4.1.4.
* Add my ltconfig-1.3.2.diff (RPATH workaround).
* Add dpkg-scansources program and man page.
* Man pages in /usr/share/man.
-- Joel Klecker <espy@debian.org> Tue, 13 Jul 1999 18:12:15 -0700
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Sat, 26 Sep 1998 13:59:23 +0200
dpkg (1.4.0.29) unstable; urgency=low
* For now, prefer PGP over GPG.
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Tue, 22 Sep 1998 09:38:09 +0200
dpkg (1.4.0.28) unstable; urgency=low
* Added gpg (GNU Privacy Guard) support:
* scripts/buildpackage.sh: default to GPG (unless no GPG, but only a PGP
secret key file is found), as GPG, unlike PGP, is DFSG-free.
* Updated dpkg-source(1), and added gpg(1) and pgp(1) to the SEE ALSO
section.
* Worked around broken textmode implementation in GPG.
* dpkg-dev now Suggests: gnupg .
* No longer includes developer-keys.pgp . Instead, dpkg now Suggests: and
dpkg-dev now Recommends: developer-keyring.
* Compiled with latest libstdc++ (2.9).
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Mon, 21 Sep 1998 13:17:14 +0200
lib/Dpkg/OpenPGP.pm view on Meta::CPAN
use Dpkg::Gettext;
use Dpkg::ErrorHandling;
use Dpkg::IPC;
use Dpkg::Path qw(find_command);
use Dpkg::OpenPGP::ErrorCodes;
my @BACKENDS = qw(
sop
sq
gpg
);
my %BACKEND = (
sop => 'SOP',
sq => 'Sequoia',
gpg => 'GnuPG',
);
sub new {
my ($this, %opts) = @_;
my $class = ref($this) || $this;
my $self = {};
bless $self, $class;
my $backend = $opts{backend} // 'auto';
lib/Dpkg/OpenPGP/Backend/GnuPG.pm view on Meta::CPAN
use Dpkg::ErrorHandling;
use Dpkg::IPC;
use Dpkg::File;
use Dpkg::Path qw(find_command);
use Dpkg::OpenPGP::ErrorCodes;
use parent qw(Dpkg::OpenPGP::Backend);
sub DEFAULT_CMDV {
return [ qw(gpgv-sq gpgv) ];
}
sub DEFAULT_CMDSTORE {
return [ qw(gpg-agent) ];
}
sub DEFAULT_CMD {
return [ qw(gpg-sq gpg) ];
}
sub has_keystore {
my $self = shift;
return 0 if not defined $self->{cmdstore};
return 1 if ($ENV{GNUPGHOME} && -e $ENV{GNUPGHOME}) ||
($ENV{HOME} && -e "$ENV{HOME}/.gnupg");
return 0;
}
sub can_use_key {
my ($self, $key) = @_;
# With gpg, a secret key always requires gpg-agent (the key store).
return $self->has_keystore();
}
sub get_trusted_keyrings {
my $self = shift;
my $keystore;
if ($ENV{GNUPGHOME} && -e $ENV{GNUPGHOME}) {
$keystore = $ENV{GNUPGHOME};
} elsif ($ENV{HOME} && -e "$ENV{HOME}/.gnupg") {
$keystore = "$ENV{HOME}/.gnupg";
} else {
return;
}
my @keyrings;
foreach my $keyring (qw(trustedkeys.gpg trustedkeys.kbx)) {
push @keyrings, "$keystore/$keyring" if -r "$keystore/$keyring";
}
return @keyrings;
}
sub _gpg_exec
{
my ($self, @exec) = @_;
my ($stdout, $stderr);
spawn(
exec => \@exec,
wait_child => 1,
no_check => 1,
timeout => 10,
to_string => \$stdout,
lib/Dpkg/OpenPGP/Backend/GnuPG.pm view on Meta::CPAN
);
if (WIFEXITED($?)) {
my $status = WEXITSTATUS($?);
print { *STDERR } "$stdout$stderr" if $status;
return $status;
} else {
subprocerr("@exec");
}
}
sub _gpg_options_weak_digests {
my @gpg_weak_digests = map {
(qw(--weak-digest), $_)
} qw(SHA1 RIPEMD160);
return @gpg_weak_digests;
}
sub _file_is_keybox($file)
{
my $header;
open my $fh, '<', $file
or syserr(g_('cannot open %s'), $file);
my $rc = read $fh, $header, 32;
if (! defined $rc || $rc != 32) {
syserr(g_('cannot read %s'), $file);
}
close $fh;
my ($lead, $magic) = unpack 'a8a4', $header;
return $magic eq 'KBXf';
}
sub _gpg_verify {
my ($self, $signeddata, $sig, $data, @certs) = @_;
return OPENPGP_MISSING_CMD if ! $self->has_verify_cmd();
my $gpg_home = File::Temp->newdir(
TEMPLATE => 'dpkg-gpg-verify.XXXXXXXX',
TMPDIR => 1,
);
my @exec;
if ($self->{cmdv}) {
push @exec, $self->{cmdv};
# We need to touch the trustedkeys.gpg keyring, otherwise gpgv will
# emit an error about the trustedkeys.kbx file being of unknown type.
file_touch("$gpg_home/trustedkeys.gpg");
} else {
push @exec, $self->{cmd};
push @exec, qw(--no-options --no-default-keyring --batch --quiet);
}
push @exec, _gpg_options_weak_digests();
push @exec, '--homedir', $gpg_home;
foreach my $cert (@certs) {
my $certring = File::Temp->new(
UNLINK => 1,
SUFFIX => '.pgp',
);
my $rc;
if ($cert =~ m{\.kbx$} || _file_is_keybox($cert)) {
# Accept GnuPG apparent or real keybox-format keyrings as-is, but
# warn that they are deprecated.
$rc = 1;
warning(g_('using GnuPG specific KeyBox formatted keyring %s is deprecated; ' .
'use an OpenPGP formatted keyring instead'),
$cert);
} else {
# Note that these _pgp_* functions are only necessary while
# relying on gpgv, and gpgv itself does not verify multiple
# signatures correctly (see https://bugs.debian.org/1010955).
$rc = $self->dearmor('PUBLIC KEY BLOCK', $cert, $certring);
}
$certring = $cert if $rc;
push @exec, '--keyring', $certring;
}
push @exec, '--output', $data if defined $data;
if (! $self->{cmdv}) {
push @exec, '--verify';
}
push @exec, $sig if defined $sig;
push @exec, $signeddata;
my $rc = $self->_gpg_exec(@exec);
return OPENPGP_NO_SIG if $rc;
return OPENPGP_OK;
}
sub inline_verify {
my ($self, $inlinesigned, $data, @certs) = @_;
return OPENPGP_MISSING_KEYRINGS if @certs == 0;
return $self->_gpg_verify($inlinesigned, undef, $data, @certs);
}
sub verify {
my ($self, $data, $sig, @certs) = @_;
return OPENPGP_MISSING_KEYRINGS if @certs == 0;
return $self->_gpg_verify($data, $sig, undef, @certs);
}
sub _gpg_fixup_newline {
my $origfile = shift;
my $signdir = File::Temp->newdir(
TEMPLATE => 'dpkg-sign.XXXXXXXX',
TMPDIR => 1,
);
my $signfile = $signdir . q(/) . basename($origfile);
copy($origfile, $signfile);
lib/Dpkg/OpenPGP/Backend/GnuPG.pm view on Meta::CPAN
# thus not cleaned up within this function.
return ($signdir, $signfile);
}
sub inline_sign {
my ($self, $data, $inlinesigned, $key) = @_;
return OPENPGP_MISSING_CMD if ! $self->has_backend_cmd();
my ($signdir, $signfile);
if ($self->{cmd} !~ m{/gpg-sq$}) {
($signdir, $signfile) = _gpg_fixup_newline($data);
} else {
$signfile = $data;
}
my @exec = ($self->{cmd});
push @exec, _gpg_options_weak_digests();
push @exec, qw(--utf8-strings --textmode --armor);
# Set conformance level.
push @exec, '--openpgp';
# Set secure algorithm preferences.
push @exec, '--personal-digest-preferences', 'SHA512 SHA384 SHA256 SHA224';
if ($key->type eq 'keyfile') {
# Promote the keyfile keyhandle to a keystore, this way we share the
# same gpg-agent and can get any password cached.
my $gpg_home = File::Temp->newdir(
TEMPLATE => 'dpkg-sign.XXXXXXXX',
TMPDIR => 1,
);
push @exec, '--homedir', $gpg_home;
$self->_gpg_exec(@exec, qw(--quiet --no-tty --batch --import), $key->handle);
$key->set('keystore', $gpg_home);
} elsif ($key->type eq 'keystore') {
push @exec, '--homedir', $key->handle;
} else {
push @exec, '--local-user', $key->handle;
}
push @exec, '--output', $inlinesigned;
my $rc = $self->_gpg_exec(@exec, '--clearsign', $signfile);
return OPENPGP_CMD_CANNOT_SIGN if $rc;
return OPENPGP_OK;
}
=head1 CHANGES
=head2 Version 0.xx
This is a private module.
lib/Dpkg/Vendor/PureOS.pm view on Meta::CPAN
warning(g_('version number suggests %s vendor changes, ' .
'but there is no %s field'),
'PureOS', 'XSBC-Original-Maintainer');
}
}
} elsif ($hook eq 'keyrings') {
return $self->run_hook('package-keyrings', @params);
} elsif ($hook eq 'package-keyrings') {
return ($self->SUPER::run_hook($hook),
'/usr/share/keyrings/pureos-archive-keyring.gpg');
} elsif ($hook eq 'archive-keyrings') {
return ($self->SUPER::run_hook($hook),
'/usr/share/keyrings/pureos-archive-keyring.gpg');
} elsif ($hook eq 'archive-keyrings-historic') {
return ($self->SUPER::run_hook($hook),
'/usr/share/keyrings/pureos-archive-removed-keys.gpg');
} else {
return $self->SUPER::run_hook($hook, @params);
}
}
=head1 CHANGES
=head2 Version 0.xx
This is a private module.
lib/Dpkg/Vendor/Ubuntu.pm view on Meta::CPAN
}
}
unless ($fields->{'Original-Maintainer'}) {
warning(g_('version number suggests %s vendor changes, ' .
'but there is no %s field'),
'Ubuntu', 'XSBC-Original-Maintainer');
}
}
} elsif ($hook eq 'package-keyrings') {
return ($self->SUPER::run_hook($hook),
'/usr/share/keyrings/ubuntu-archive-keyring.gpg');
} elsif ($hook eq 'archive-keyrings') {
return ($self->SUPER::run_hook($hook),
'/usr/share/keyrings/ubuntu-archive-keyring.gpg');
} elsif ($hook eq 'archive-keyrings-historic') {
return ($self->SUPER::run_hook($hook),
'/usr/share/keyrings/ubuntu-archive-removed-keys.gpg');
} elsif ($hook eq 'register-custom-fields') {
my @field_ops = $self->SUPER::run_hook($hook);
push @field_ops, [
'register', 'Launchpad-Bugs-Fixed',
CTRL_FILE_CHANGES | CTRL_CHANGELOG,
], [
'insert_after', CTRL_FILE_CHANGES, 'Closes', 'Launchpad-Bugs-Fixed',
], [
'insert_after', CTRL_CHANGELOG, 'Closes', 'Launchpad-Bugs-Fixed',
];
lib/Test/Dpkg.pm view on Meta::CPAN
{
my $command = shift;
if (not can_run($command)) {
plan skip_all => "requires command $command";
}
}
my @openpgp_backends = (
{
backend => 'gpg',
cmd => 'gpg-sq',
cmdv => 'gpgv-sq',
},
{
backend => 'gpg',
cmd => 'gpg',
cmdv => 'gpgv',
},
{
backend => 'sq',
cmd => 'sq',
cmdv => 'sqv',
},
{
backend => 'sop',
cmd => 'sop',
cmdv => 'sopv',
( run in 1.078 second using v1.01-cache-2.11-cpan-e1769b4cff6 )