From 165bcf28c9bc21d449253f05efba0b5f39ff6abf Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Thu, 11 Feb 2016 10:27:16 +0100 Subject: [PATCH] Fix support for detached upstream signatures MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit We should only allow upstream tarballs with detached signatures, but not native tarballs, «_.orig.asc» or «_.asc» filenames. We also need to allow this on all relevant regexes. This commit fixes and refactors the regexes to implement the above, and to make it easier to modify a single place in the future. Fixes commit 4911282cbf231b116872a6f16eb838f7862ebc36. Closes: #759401 --- daklib/regexes.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/daklib/regexes.py b/daklib/regexes.py index 40b4a741..3dccbba8 100644 --- a/daklib/regexes.py +++ b/daklib/regexes.py @@ -45,8 +45,9 @@ re_no_epoch = re.compile(r"^\d+\:") re_extract_src_version = re.compile (r"(\S+)\s*\((.*)\)") re_isadeb = re.compile (r"(.+?)_(.+?)_(.+)\.u?deb$") -orig_source_ext_re = r"orig(?:-.+)?\.tar\.(?:gz|bz2|xz)" -re_source_ext = re.compile("(" + orig_source_ext_re + r"|debian\.tar\.(?:gz|bz2|xz)|diff\.gz|tar\.(?:gz|bz2|xz)|dsc|asc)$") +orig_source_ext_re = r"orig(?:-[a-zA-Z0-9-]+)?\.tar\.(?:gz|bz2|xz)(?:\.asc)?" +file_source_ext_re = "(" + orig_source_ext_re + r"|(?:debian\.)?tar\.(?:gz|bz2|xz)|diff\.gz)" +re_source_ext = re.compile("(" + file_source_ext_re + r"|dsc)$") re_issource = re.compile(r"(.+)_(.+?)\." + re_source_ext.pattern) re_single_line_field = re.compile(r"^(\S*?)\s*:\s*(.*)") @@ -135,11 +136,11 @@ re_file_dsc = re.compile(_re_file_prefix + r'\.dsc$') # Match other source files # Groups: package, version -re_file_source = re.compile(_re_file_prefix + r'(?:(?:\.orig(?:-[a-zA-Z0-9-]+)?|\.debian)?\.tar\.(?:bz2|gz|xz)|\.diff\.gz|\.asc)$') +re_file_source = re.compile(_re_file_prefix + r'\.' + file_source_ext_re) # Match upstream tarball # Groups: package, version -re_file_orig = re.compile(_re_file_prefix + r'\.orig(?:-[a-zA-Z0-9-]+)?(?:\.tar\.(?:bz2|gz|xz)|\.asc)') +re_file_orig = re.compile(_re_file_prefix + r'\.' + orig_source_ext_re) # Match buildinfo file # Groups: package, version, suffix -- 2.39.2