This file is indexed.

/usr/bin/debsigs-installer is in debsigs 0.1.20.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
#!/usr/bin/perl -w

use strict;

use File::Copy;
use Getopt::Long;

use Debian::debsigs::debsigsmain;

sub processfile($);
sub cleanup($; $);
sub copyfiles();
sub syntax($);
sub version();

my ($showhelp, $showversion);
Getopt::Long::Configure('no_ignore_case');
GetOptions ('help|h' => \$showhelp,
	    'version|V' => \$showversion);

version() if $showversion;
syntax(0) if $showhelp;
exit(0) if $showhelp || $showversion;

syntax(1) unless @ARGV;

# What we need to add:

my $KEY = 'E435EC07';
my $KEYTYPE = 'origin';
my $KEYRING = '/usr/local/debsigs/origin-secring.gpg';
my $TMPDIR = "/tmp/debsigs-installer.$$";
my $COUNTER = 0;

my $file;

my %copyfiles;

mkdir($TMPDIR, 0700) or die
  "Couldn't mkdir $TMPDIR: $!";

foreach $file (@ARGV) {
  $COUNTER++;
  processfile($file);
}

copyfiles();
cleanup($TMPDIR);
exit(0);

sub processfile($) {
  my ($file) = shift @_;

  my $TMPFILE = "$TMPDIR/file-$COUNTER.deb";

  # Copy the file to $TMPDIR.

  copy($file, $TMPFILE) or die
    "Couldn't copy file to $TMPFILE: $!";

  # Add the signature to it.

  (system("debsigs", "-K", $KEYRING,
          "--default-key=$KEY", "--sign=$KEYTYPE", $TMPFILE) == 0) or die
            "Error signing!";

  # Now verify the result.

  if (system("debsig-verify", "-q", $TMPFILE) != 0) {
    print STDERR "Error validating $file!\n";
    cleanup($TMPDIR, $TMPFILE);
    exit(2);
  }

  # We're OK here, so flag the file for copying.

  $copyfiles{$TMPFILE} = $file;
}

sub cleanup($; $) {
  my ($dir, $file) = @_;

  # Let them pass in a file to unlink too, in case it's being
  # called before being added to %copyfiles.


  if (defined($file)) {
    # print STDERR "Deleting $file\n";
    unlink($file);
  }

  foreach $file (keys %copyfiles) {
    # print STDERR "Deleting $file\n";
    unlink($file);
  }

  # print STDERR "Removing $dir\n";
  rmdir($dir);

}

sub copyfiles() {
  my ($source, $dest);

  foreach $source (keys %copyfiles) {
    copy($source, $copyfiles{$source}) or die
      "Couldn't copy $source to " . $copyfiles{$source} . ": $!";
  #  print STDERR "Copied $source to " . $copyfiles{$source} . "\n";
  }
}

sub syntax($) {
  my ($err) = @_;
  my $s = "Usage: debsigs-installer file...\n";

  if ($err) {
    print STDERR "$s";
    exit(1);
  } else {
    print "$s";
  }
}

sub version() {
  print "debsigs-installer $Debian::debsigs::debsigsmain::VERSION\n";
}

__END__

=head1 NAME

debsigs-installer - process signatures in .deb packages

=head1 SYNOPSIS

B<debsigs-installer> file [file...]

=head1 DESCRIPTION

B<debsigs-installer> is designed to be called in an automated fashion from
an installer.  It is given one or more files on the command line.  For each
file, it will apply the origin signature and make sure that the resulting
package verifies (it will fail to verify if it is missing one of the other
required signatures).  It will try its best to do either an all or nothing
approach; that is, if there is a problem with any .deb, all of them will be
unmodified and error code is returned.  It can assure this for all except
system call failures (can't copy files, etc.)  If success is returned, all
files should be assumed to have succeeded.  If failure is returned, all
files should be assumed to have failed.

=head1 OPTIONS

None.

=head1 BUGS

This program isn't finished yet.  It uses hard-coded values for the key ID,
key type (see debsigs(1)), keyring file, and temporary directory.

=head1 AUTHOR

John Goerzen <jgoerzen@progenylinux.com>

=head1 SEE ALSO

debsig-verify(1), gpg(1)

=cut