3
# $Progeny: debsigs-installer,v 1.4 2001/05/30 13:27:21 jgoerzen Exp $
10
my $KEYTYPE = 'origin';
11
my $KEYRING = '/usr/local/debsigs/origin-secring.gpg';
12
my $TMPDIR = "/tmp/debsigs-installer.$$";
19
mkdir($TMPDIR, 0700) or die
20
"Couldn't mkdir $TMPDIR: $!";
22
foreach $file (@ARGV) {
32
my ($file) = shift @_;
34
my $TMPFILE = "$TMPDIR/file-$COUNTER.deb";
36
# Copy the file to $TMPDIR.
38
copy($file, $TMPFILE) or die
39
"Couldn't copy file to $TMPFILE: $!";
41
# Add the signature to it.
43
(system("debsigs", "-K", $KEYRING,
44
"--default-key=$KEY", "--sign=$KEYTYPE", $TMPFILE) == 0) or die
47
# Now verify the result.
49
if (system("debsig-verify", "-q", $TMPFILE) != 0) {
50
print STDERR "Error validating $file!\n";
51
cleanup($TMPDIR, $TMPFILE);
55
# We're OK here, so flag the file for copying.
57
$copyfiles{$TMPFILE} = $file;
61
my ($dir, $file) = @_;
63
# Let them pass in a file to unlink too, in case it's being
64
# called before being added to %copyfiles.
68
# print STDERR "Deleting $file\n";
72
foreach $file (keys %copyfiles) {
73
# print STDERR "Deleting $file\n";
77
# print STDERR "Removing $dir\n";
85
foreach $source (keys %copyfiles) {
86
copy($source, $copyfiles{$source}) or die
87
"Couldn't copy $source to " . $copyfiles{$source} . ": $!";
88
# print STDERR "Copied $source to " . $copyfiles{$source} . "\n";
96
debsigs-installer - process signatures in .deb packages
100
B<debsigs-installer> file [file...]
104
B<debsigs-installer> is designed to be called in an automated fashion from
105
an installer. It is given one or more files on the command line. For each
106
file, it will apply the origin signature and make sure that the resulting
107
package verifies (it will fail to verify if it is missing one of the other
108
required signatures). It will try its best to do either an all or nothing
109
approach; that is, if there is a problem with any .deb, all of them will be
110
unmodified and error code is returned. It can assure this for all except
111
system call failures (can't copy files, etc.) If success is returned, all
112
files should be assumed to have succeeded. If failure is returned, all
113
files should be assumed to have failed.
121
This program isn't finished yet. It uses hard-coded values for the key ID,
122
key type (see debsigs(1)), keyring file, and temporary directory.
126
John Goerzen <jgoerzen@progenylinux.com>
130
debsig-verify(1), gpg(1)