bin/rebuild-unsigned-dsc
branchdist
changeset 0 98411ab74262
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/bin/rebuild-unsigned-dsc	Fri Jul 03 15:23:10 2009 +0200
@@ -0,0 +1,105 @@
+#!/usr/bin/perl
+
+# Some source packages come unsigned. This wouldnt be a problem if it wouldnt
+# cause reprepro to spit messages like: 'Data seems not to be signed trying to
+# use directly...' which may be confusing when you think that it is related to
+# a changes file
+# play with -d option of dpkg-buildpackage to either show unmet build deps and
+# fail or to hide and try to ignore them
+use strict;
+
+die 'dont use me, use sign-unsigned-dsc-and-changes instead';
+
+use IO::File;
+use File::Basename;
+use Symbol qw(gensym);
+
+my $build_dir = "/home/apt/build";
+my $sign_with = 'me@debrep.vbox.hurz.is.schlittermann.de';
+my @unsigned = qw(
+
+  /home/apt/incoming/nagios-client-check_1.4.5-1_i386.changes
+  /home/apt/incoming/freeradius_1.0.0+cvs20040609-0.hs_i386.changes
+
+);
+
+my $vc = "gpg --verify";
+my $cc = "gpg --clearsign";
+
+-d $build_dir or mkdir $build_dir or die "Can't mkdir [$build_dir]: $!";
+chdir $build_dir or die "Can't chdir [$build_dir]: $!";
+
+for my $cf (@unsigned) {
+
+  (my $sf = $cf) =~ s/_[0-9a-z]+\.changes$/.dsc/;
+
+  # we assume that the dsc has been successfully rebuilt when its signature can
+  # be verified
+  my $r = qx/$vc $sf 2>&1/;
+  next unless $?;
+
+  print "Attempting to rebuild unsigned [$sf] ... ";
+
+  $cf =~ /^(.+\/)?(.+)_([^-]+)(-(.+))?_(.+).changes$/;
+  my ($p, $v, $r, $a) = ($2, $3, $5, $6);
+
+  my $ra = qx/dpkg --print-architecture/;
+  chomp $ra;
+  unless ($a eq $ra) {
+    warn "skipping foreign arch [$a]\n";
+    next;
+  }
+
+  system("dpkg-source -x $sf") == 0 or warn "[dpkg-source -x $sf] failed: $?\n";
+  chdir "$p-$v" or warn "Can't chdir [$p-$v]: $!\n";
+  
+  apply_patches($sf);
+
+  my $cmd = "dpkg-buildpackage -d -k$sign_with -rfakeroot";
+  system($cmd) == 0 or warn "[$cmd] failed: $?\n";
+  chdir ".." or warn "Can't chdir [..]: $!\n";
+  (my $uf = basename($cf)) =~ s/.changes$/.upload/;
+  -e $uf and { unlink $uf or warn "Can't unlink [$uf]: $!\n" };
+  system("dupload " . basename($cf)) == 0 or warn "[dupload $cf] failed: $?\n";
+
+  print "finished\n";
+}
+
+sub apply_patches($) {
+
+  my ($f) = @_;
+
+  if ($f eq "/home/apt/incoming/freeradius_1.0.0+cvs20040609-0.hs.dsc") {
+    my $ch = gensym;
+    my $cmd = "|patch -p0";
+    open $ch, $cmd or warn "Can't run [$cmd]: $!\n";
+    print $ch <<EOP;
+--- src/modules/rlm_x99_token/x99_rlm.c.orig	2004-02-26 20:04:37.000000000 +0100
++++ src/modules/rlm_x99_token/x99_rlm.c	2009-06-15 11:12:48.000000000 +0200
+@@ -516,9 +516,7 @@
+ 		return RLM_MODULE_INVALID;
+ 	    }
+ 
+-	    /* Fast path if we didn't protect the state. */
+-	    if (!(user_info.card_id & X99_CF_AM))
+-		goto good_state;
++	    if (user_info.card_id & X99_CF_AM) {
+ 
+ 	    /* Verify the state. */
+ 	    (void) memset(challenge, 0, sizeof(challenge));
+@@ -544,8 +542,8 @@
+ 			"auth: bad state for [%s]: expired", username);
+ 		return RLM_MODULE_REJECT;
+ 	    }
+-good_state:
+-	    /* State is good! */
++
++      }
+ 
+ 	} else {
+ 	    /* This should only happen if the authorize code didn't run. */
+EOP
+    close $ch or warn "Can't close [$ch]: $!\n";
+  }
+
+}