dpkg-sig --verify fails on packages compressed with xz
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dpkg-sig (Debian) |
Fix Released
|
Unknown
|
|||
dpkg-sig (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
On small packages, everything is hunky-dory:
$ apt-get download dpkg-sig
$ ar t dpkg-sig*deb
debian-binary
control.tar.gz
data.tar.gz
$ dpkg-sig --sign builder dpkg-sig_
Processing dpkg-sig_
Signed deb dpkg-sig_
$ dpkg-sig --verify dpkg-sig_
Processing dpkg-sig_
GOODSIG _gpgbuilder 9B9AB05C20B3C82
But on large packages, it's a bit pear-shaped:
$ apt-get download perl
$ ar t perl*deb
debian-binary
control.tar.gz
data.tar.xz
$ dpkg-sig --sign builder perl*deb
Processing perl_5.
Signed deb perl_5.
$ dpkg-sig --verify perl*deb
Processing perl_5.
BADSIG _gpgbuilder
The following patch seems to fix the problem:
--- dpkg-sig-
+++ dpkg-sig-
@@ -634,7 +634,7 @@
}
return "FORCE_BAD" unless ($seen_
- $seen_files{
+ ($seen_
return "GOOD";
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: dpkg-sig 0.13.1+nmu1
ProcVersionSign
Uname: Linux 3.13.0-30-generic x86_64
NonfreeKernelMo
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Jul 16 13:04:46 2014
InstallationDate: Installed on 2014-04-07 (99 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Beta amd64 (20140326)
PackageArchitec
SourcePackage: dpkg-sig
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in dpkg-sig (Debian): | |
status: | Unknown → Fix Released |
That patch again, attached: