Hi Thanks for the suggestion. I like the solution. The question is whether we should do this for more commands or not.
// Ola On Mon, Jul 21, 2014 at 12:27 AM, Ron <[email protected]> wrote: > Package: debarchiver > Version: 0.10.1 > Severity: normal > > Hi Ola, > > I ran into another quirk today :) The way that $vrfycmd is used means > it's not directly possible to set that to a command that requires some > arguments other than the changes file. > > What I wanted to do was this: > > $vrfycmd = "dscverify --no-default-keyrings --keyring > /var/lib/debarchiver/.gnupg/pubring.gpg"; > > So that I could sign packages uploaded to this repo with a different key > to the one that is in the DD keyring, to avoid there ever being any sort > of accident with them actually getting pushed into a distro upload queue > (either by me, or by someone else later). > > It looks like there's a few easy options to fix this though. > My favourite so far is the patch below, which is backward compatible for > any existing user config, but lets me instead do: > > @vrfycmd = ("dscverify", "--no-default-keyrings", "--keyring", > "/var/lib/debarchiver/.gnupg/pubring.gpg"); > > Which ensures there'll never be any quoting issues for weird arguments. > > Alternatively we could do system("$vrfycmd $cfile"), but that has a > different set of pros and cons. > > It looks like the rest of the *cmd options go through cmdaction() so > they don't have this problem. > > If you like this version, it probably also wants a oneliner in the > sample debarchiver.conf too to note @vrfycmd can be an array now. > > Cheers, > Ron > > > --- /usr/bin/debarchiver 2014-07-21 06:05:08.059769856 +0930 > +++ debarchiver 2014-07-21 07:22:11.316828267 +0930 > @@ -96,6 +96,7 @@ > $rmcmd = "rm -f"; > $movecmd = "mv"; > $vrfycmd = "dscverify"; > +@vrfycmd = ($vrfycmd); > $cachedir = "/var/cache/debarchiver"; > $inputdir = "/var/lib/debarchiver/incoming"; > $destdir = "/var/lib/debarchiver/dists"; > @@ -1742,9 +1743,9 @@ > } > # Verify signatures. > if ($verify) { > - if (system($vrfycmd,$cfile)) { # non-zero == verification failure > + if (system(@vrfycmd,$cfile)) { # non-zero == verification failure > pdebug(4, "Signature verification failed for $cfile"); > - $CConf{ERROR} = "$CConf{ERROR}$vrfycmd was not able to verify > $cfile.\n"; > + $CConf{ERROR} = "$CConf{ERROR}@vrfycmd was not able to verify > $cfile.\n"; > return "reject"; > } > } > -- --- Inguza Technology AB --- MSc in Information Technology ---- / [email protected] Annebergsslingan 37 \ | [email protected] 654 65 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------

