import-dsc: Support --require-valid-signature

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/dgit b/dgit
index c6d1be7bae1027e535243d285ce20db114726d81..19245e0ed1ef2c75c379048149aed8ecea5e04b2 100755 (executable)
--- a/dgit
+++ b/dgit
@@ -5276,6 +5276,19 @@ sub cmd_quilt_fixup {
 }
 
 sub cmd_import_dsc {
+    my $needsig = 0;
+
+    while (@ARGV) {
+       last unless $ARGV[0] =~ m/^-/;
+       $_ = shift @ARGV;
+       last if m/^--?$/;
+       if (m/^--require-valid-signature$/) {
+           $needsig = 1;
+       } else {
+           badusage "unknown dgit import-dsc sub-option \`$_'";
+       }
+    }
+
     badusage "usage: dgit import-dsc .../PATH/TO/.DSC BRANCH" unless @ARGV==2;
     my ($dscfn, $dstbranch) = @ARGV;
 
@@ -5307,13 +5320,19 @@ sub cmd_import_dsc {
 
     # we don't normally need this so import it here
     use Dpkg::Source::Package;
-    my $dp = new Dpkg::Source::Package filename => $dscfn;
+    my $dp = new Dpkg::Source::Package filename => $dscfn,
+       require_valid_signature => $needsig;
     {
-       local $SIG{__WARN__} = undef;
+       local $SIG{__WARN__} = sub {
+           return unless $needsig;
+           print STDERR $_[0];
+           fail "import-dsc signature check failed";
+       };
        if (!$dp->is_signed()) {
            warn "$us: warning: importing unsigned .dsc\n";
        } else {
            my $r = $dp->check_signature();
+           die "->check_signature => $r" if $needsig && $r;
        }
     }