On Fri, Sep 16, 2016 at 02:40:06PM -0400, Lennart Sorensen wrote: > On Fri, Sep 16, 2016 at 02:17:24PM -0400, Lennart Sorensen wrote: > > On Fri, Sep 16, 2016 at 02:06:51PM -0400, Lennart Sorensen wrote: > > > On Fri, Sep 16, 2016 at 08:02:10PM +0200, Julien Cristau wrote: > > > > On Fri, Sep 16, 2016 at 13:55:53 -0400, Lennart Sorensen wrote: > > > > > > > > > On Fri, Sep 16, 2016 at 06:59:44PM +0200, Julien Cristau wrote: > > > > > > On Fri, Sep 2, 2016 at 20:35:12 +0200, Julien Cristau wrote: > > > > > > > > > > > > > On Mon, Aug 15, 2016 at 12:12:02 +0200, Ansgar Burchardt wrote: > > > > > > > > > > > > > > > If you restore support for `InRelease` and want to use `gpgv`, > > > > > > > > please > > > > > > > > split `InRelease` into two files, i.e. `Release` and > > > > > > > > `Release.gpg`, and > > > > > > > > verify that the signature actually covers all of `Release`. > > > > > > > > > > > > > > > Here's an attempt at doing that. Only lightly tested. > > > > > > > > > > > > > Ansgar pointed out on IRC that so far nothing in debootstrap > > > > > > requires > > > > > > awk on the host. I haven't found a way to kill the last newline > > > > > > with > > > > > > sed in a quick attempt, and I don't know how big of a deal > > > > > > requiring awk > > > > > > would be, so help welcome. > > > > > > > > > > How about instead of the awk bit using: > > > > > > > > > > sed '1,/^$/d;/^-----BEGIN PGP SIGNATURE-----$/,$d' < "$inreldest" > > > > > > "$reldest" > > > > > > > > > > At least that works for the InRelease in debian sid since it has a > > > > > blank > > > > > line at the end of the PGP header before the Release file data. > > > > > > > > > My problem is getting something that I can feed to gpgv to verify the > > > > signature, I don't think your command provides that. > > > > > > Well it makes a Release file that is totally bit for bit identical to > > > the Release file that goes with Release.gpg > > > > > > diff verified that. > > > > > > So if gpgv wants something different than the original Release file, > > > then that's weird. > > > > Wow, it does want the last newline removed. That's just stupid. > > If assuming gnu head or busybox head is available (head is certainly > assumed to exist), then one could do: > > sed '1,/^$/d;/^-----BEGIN PGP SIGNATURE-----$/,$d' < "$inreldest" | head -c > -1 > "$reldest" > > But it is not pure posix compliant. But it would work with both gnu > coreutils and busybox versions of head.
A bit of a hack but I believe posix compliant would be: sed '1,/^$/d;/^-----BEGIN PGP SIGNATURE-----$/,$d' < "$inreldest" | tr '\n' '\a' | sed 's/\a$//' | tr '\a' '\n' > "$reldest" So simply replace all newlines with bells, then delete the last bell and then convert the bells back to newlines. I sure can't imagine the Release file contains any bell characters. Could use escape instead if prefered. Pretty awful compared to the head -c -1 option, but maybe not that bad. -- Len Sorensen
