1 #!/usr/bin/perl

     2 

     3 # Some source packages come unsigned. This wouldnt be a problem if it wouldnt

     4 # cause reprepro to spit messages like: 'Data seems not to be signed trying to

     5 # use directly...' which may be confusing when you think that it is related to

     6 # a changes file

     7 # play with -d option of dpkg-buildpackage to either show unmet build deps and

     8 # fail or to hide and try to ignore them

     9 use strict;

    10 

    11 die 'dont use me, use sign-unsigned-dsc-and-changes instead';

    12 

    13 use IO::File;

    14 use File::Basename;

    15 use Symbol qw(gensym);

    16 

    17 my $build_dir = "/home/apt/build";

    18 my $sign_with = 'me@debrep.vbox.hurz.is.schlittermann.de';

    19 my @unsigned = qw(

    20 

    21   /home/apt/incoming/nagios-client-check_1.4.5-1_i386.changes

    22   /home/apt/incoming/freeradius_1.0.0+cvs20040609-0.hs_i386.changes

    23 

    24 );

    25 

    26 my $vc = "gpg --verify";

    27 my $cc = "gpg --clearsign";

    28 

    29 -d $build_dir or mkdir $build_dir or die "Can't mkdir [$build_dir]: $!";

    30 chdir $build_dir or die "Can't chdir [$build_dir]: $!";

    31 

    32 for my $cf (@unsigned) {

    33 

    34   (my $sf = $cf) =~ s/_[0-9a-z]+\.changes$/.dsc/;

    35 

    36   # we assume that the dsc has been successfully rebuilt when its signature can

    37   # be verified

    38   my $r = qx/$vc $sf 2>&1/;

    39   next unless $?;

    40 

    41   print "Attempting to rebuild unsigned [$sf] ... ";

    42 

    43   $cf =~ /^(.+\/)?(.+)_([^-]+)(-(.+))?_(.+).changes$/;

    44   my ($p, $v, $r, $a) = ($2, $3, $5, $6);

    45 

    46   my $ra = qx/dpkg --print-architecture/;

    47   chomp $ra;

    48   unless ($a eq $ra) {

    49     warn "skipping foreign arch [$a]\n";

    50     next;

    51   }

    52 

    53   system("dpkg-source -x $sf") == 0 or warn "[dpkg-source -x $sf] failed: $?\n";

    54   chdir "$p-$v" or warn "Can't chdir [$p-$v]: $!\n";

    55   

    56   apply_patches($sf);

    57 

    58   my $cmd = "dpkg-buildpackage -d -k$sign_with -rfakeroot";

    59   system($cmd) == 0 or warn "[$cmd] failed: $?\n";

    60   chdir ".." or warn "Can't chdir [..]: $!\n";

    61   (my $uf = basename($cf)) =~ s/.changes$/.upload/;

    62   -e $uf and { unlink $uf or warn "Can't unlink [$uf]: $!\n" };

    63   system("dupload " . basename($cf)) == 0 or warn "[dupload $cf] failed: $?\n";

    64 

    65   print "finished\n";

    66 }

    67 

    68 sub apply_patches($) {

    69 

    70   my ($f) = @_;

    71 

    72   if ($f eq "/home/apt/incoming/freeradius_1.0.0+cvs20040609-0.hs.dsc") {

    73     my $ch = gensym;

    74     my $cmd = "|patch -p0";

    75     open $ch, $cmd or warn "Can't run [$cmd]: $!\n";

    76     print $ch <<EOP;

    77 --- src/modules/rlm_x99_token/x99_rlm.c.orig	2004-02-26 20:04:37.000000000 +0100

    78 +++ src/modules/rlm_x99_token/x99_rlm.c	2009-06-15 11:12:48.000000000 +0200

    79 @@ -516,9 +516,7 @@

    80  		return RLM_MODULE_INVALID;

    81  	    }

    82  

    83 -	    /* Fast path if we didn't protect the state. */

    84 -	    if (!(user_info.card_id & X99_CF_AM))

    85 -		goto good_state;

    86 +	    if (user_info.card_id & X99_CF_AM) {

    87  

    88  	    /* Verify the state. */

    89  	    (void) memset(challenge, 0, sizeof(challenge));

    90 @@ -544,8 +542,8 @@

    91  			"auth: bad state for [%s]: expired", username);

    92  		return RLM_MODULE_REJECT;

    93  	    }

    94 -good_state:

    95 -	    /* State is good! */

    96 +

    97 +      }

    98  

    99  	} else {

   100  	    /* This should only happen if the authorize code didn't run. */

   101 EOP

   102     close $ch or warn "Can't close [$ch]: $!\n";

   103   }

   104 

   105 }