--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/bin/rebuild-unsigned-dsc Fri Jul 03 15:23:10 2009 +0200
@@ -0,0 +1,105 @@
+#!/usr/bin/perl
+
+# Some source packages come unsigned. This wouldnt be a problem if it wouldnt
+# cause reprepro to spit messages like: 'Data seems not to be signed trying to
+# use directly...' which may be confusing when you think that it is related to
+# a changes file
+# play with -d option of dpkg-buildpackage to either show unmet build deps and
+# fail or to hide and try to ignore them
+use strict;
+
+die 'dont use me, use sign-unsigned-dsc-and-changes instead';
+
+use IO::File;
+use File::Basename;
+use Symbol qw(gensym);
+
+my $build_dir = "/home/apt/build";
+my $sign_with = 'me@debrep.vbox.hurz.is.schlittermann.de';
+my @unsigned = qw(
+
+ /home/apt/incoming/nagios-client-check_1.4.5-1_i386.changes
+ /home/apt/incoming/freeradius_1.0.0+cvs20040609-0.hs_i386.changes
+
+);
+
+my $vc = "gpg --verify";
+my $cc = "gpg --clearsign";
+
+-d $build_dir or mkdir $build_dir or die "Can't mkdir [$build_dir]: $!";
+chdir $build_dir or die "Can't chdir [$build_dir]: $!";
+
+for my $cf (@unsigned) {
+
+ (my $sf = $cf) =~ s/_[0-9a-z]+\.changes$/.dsc/;
+
+ # we assume that the dsc has been successfully rebuilt when its signature can
+ # be verified
+ my $r = qx/$vc $sf 2>&1/;
+ next unless $?;
+
+ print "Attempting to rebuild unsigned [$sf] ... ";
+
+ $cf =~ /^(.+\/)?(.+)_([^-]+)(-(.+))?_(.+).changes$/;
+ my ($p, $v, $r, $a) = ($2, $3, $5, $6);
+
+ my $ra = qx/dpkg --print-architecture/;
+ chomp $ra;
+ unless ($a eq $ra) {
+ warn "skipping foreign arch [$a]\n";
+ next;
+ }
+
+ system("dpkg-source -x $sf") == 0 or warn "[dpkg-source -x $sf] failed: $?\n";
+ chdir "$p-$v" or warn "Can't chdir [$p-$v]: $!\n";
+
+ apply_patches($sf);
+
+ my $cmd = "dpkg-buildpackage -d -k$sign_with -rfakeroot";
+ system($cmd) == 0 or warn "[$cmd] failed: $?\n";
+ chdir ".." or warn "Can't chdir [..]: $!\n";
+ (my $uf = basename($cf)) =~ s/.changes$/.upload/;
+ -e $uf and { unlink $uf or warn "Can't unlink [$uf]: $!\n" };
+ system("dupload " . basename($cf)) == 0 or warn "[dupload $cf] failed: $?\n";
+
+ print "finished\n";
+}
+
+sub apply_patches($) {
+
+ my ($f) = @_;
+
+ if ($f eq "/home/apt/incoming/freeradius_1.0.0+cvs20040609-0.hs.dsc") {
+ my $ch = gensym;
+ my $cmd = "|patch -p0";
+ open $ch, $cmd or warn "Can't run [$cmd]: $!\n";
+ print $ch <<EOP;
+--- src/modules/rlm_x99_token/x99_rlm.c.orig 2004-02-26 20:04:37.000000000 +0100
++++ src/modules/rlm_x99_token/x99_rlm.c 2009-06-15 11:12:48.000000000 +0200
+@@ -516,9 +516,7 @@
+ return RLM_MODULE_INVALID;
+ }
+
+- /* Fast path if we didn't protect the state. */
+- if (!(user_info.card_id & X99_CF_AM))
+- goto good_state;
++ if (user_info.card_id & X99_CF_AM) {
+
+ /* Verify the state. */
+ (void) memset(challenge, 0, sizeof(challenge));
+@@ -544,8 +542,8 @@
+ "auth: bad state for [%s]: expired", username);
+ return RLM_MODULE_REJECT;
+ }
+-good_state:
+- /* State is good! */
++
++ }
+
+ } else {
+ /* This should only happen if the authorize code didn't run. */
+EOP
+ close $ch or warn "Can't close [$ch]: $!\n";
+ }
+
+}