summaryrefslogtreecommitdiff
path: root/dgit.7
diff options
context:
space:
mode:
authorIan Jackson <ijackson@chiark.greenend.org.uk>2017-07-08 17:22:53 +0100
committerIan Jackson <ijackson@chiark.greenend.org.uk>2017-07-08 17:23:02 +0100
commitfa5bd1281c3c7500104a7ca15795e6448819f391 (patch)
tree72a1e7847b132a50954454322bf38f11eac41b4d /dgit.7
parent2046b269f987d70a6b89cbcd8926ef4931586706 (diff)
dgit: fix rpush+buildinfo: Transfer buildinfos for signing.
buildinfos are supposed to be signed. And, indeed, if they are present, debsign wants to sign them. That means they need to be transferred to the signing end, and back again. We check that the filename is not totally unreasonable, but do not attempt to verify it completely. If there are situations where unwanted or confusing buildinfos are generated, this is the fault of the build process. dgit rpush should, in this respect, do the same as debsign+dput - ie faithfully sign and upload what the build has provided. We do check that the buildinfo doesn't look too much like a .changes, and mentions the same files as the .changes (insofar as they mention files in common). This is a rather nugatory defence against some kinds of bait and switch attacks. This is in some sense an incompatible protocol change: if the build host has a new dgit, and sends buildinfos, an old dgit on the initiator will declare a protocol violation. However, the new protocol elements occur only when needed. in this situation, the only way to get things to work at all with the old dgit at either end would be to strip out the buildinfos, which is obviously undesirable. Closes:#867693. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Diffstat (limited to 'dgit.7')
0 files changed, 0 insertions, 0 deletions