Package: devscripts Version: 2.15.10 Severity: normal File: /usr/bin/uscan Control: user adn+...@diwi.org Control: usertag -1 + uscan
Hello, I started experimenting with uscan's pgp mechanism to verfiy the signature of rt-tests. You can reproduce my tests using: debcheckout rt-tests cd rt-tests echo > debian/watch 'version=4' echo >> debian/watch echo >> debian/watch 'opts="pgpsigurlmangle=s%.xz$%.sign%, decompress" \' echo >> debian/watch 'http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-(.*)\.tar\.xz' now running uscan --debug ends in uscan: Downloading OpenPGP signature from http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-0.96.tar.sign (pgpsigurlmangled) as rt-tests-0.96.tar.xz.pgp uscan info: Requesting URL: http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-0.96.tar.sign uscan warn: FAIL Checking OpenPGP signature (no upstream tarball downloaded). uscan info: Scan finished (Here I would have expected a more verbose output to explain the FAIL.) My expectations is that uscan downloads rt-tests-0.96.tar.xz and rt-tests-0.96.tar.sign, does something like: zcat rt-tests-0.96.tar.xz | gpg --verify rt-tests-0.96.tar.sign - with the right keyring added to the mix and then links it to rt-tests_0.96.orig.tar.xz. When doing: cd .. wget http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-0.96.tar.xz cd rt-tests and starting uscan again I get: uscan: uscan (version 2.15.10) See uscan(1) for help uscan: Scan watch files in . uscan: ./debian/changelog sets package="rt-tests" version="0.96" uscan: Newest version on remote site is 0.96, local version is 0.96 uscan: => Package is up to date uscan: Don't download and use the existing file: rt-tests-0.96.tar.xz uscan: Downloading OpenPGP signature from http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-0.96.tar.sign (pgpsigurlmangled) as rt-tests-0.96.tar.pgp gpgv: Signature made Thu 22 Oct 2015 12:41:14 PM CEST using RSA key ID 639D2D16 gpgv: Good signature from "John Kacur <jka...@gmail.com>" gpgv: aka "John Kacur <jka...@redhat.com>" uscan: Successfully downloaded package rt-tests-0.96.tar.xz Could not read ../rt-tests-0.96.tar.xz: No such file or directory at /usr/bin/mk-origtargz line 361. uscan: error: mk-origtargz --package rt-tests --version 0.96 --compression gzip --directory .. --copyright-file debian/copyright ../rt-tests-0.96.tar.xz gave error exit status 2 where the problem seems to be that uscan decompresses the archive but in the same go removes the tar.xz for mk-origtargz. Without decompress in the options the signature verification obviously fails. Is this just me using uscan in a wrong way, or is there something fishy with uscan? In the first case an example would be great. Best regards Uwe -- Package-specific info: --- /etc/devscripts.conf --- --- ~/.devscripts --- BTS_CACHE=no DEBCHANGE_RELEASE_HEURISTIC=changelog DEBSIGN_KEYID=32669bd6 -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (800, 'testing'), (600, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages devscripts depends on: ii dpkg-dev 1.18.4 ii libc6 2.21-6 ii perl 5.22.1-4 pn python3:any <none> Versions of packages devscripts recommends: ii apt 1.2 ii at 3.1.18-2 ii curl 7.46.0-1 ii dctrl-tools 2.24-1 ii debian-keyring 2016.01.20 ii dput-ng [dput] 1.10 ii equivs 2.0.9+nmu1 ii fakeroot 1.20.2-1 ii file 1:5.25-2 ii gnupg 1.4.20-1 ii gnupg2 2.0.28-3 ii libdistro-info-perl 0.14 ii libencode-locale-perl 1.05-1 ii libjson-perl 2.90-1 ii liblwp-protocol-https-perl 6.06-2 ii libsoap-lite-perl 1.19-1 ii liburi-perl 1.71-1 ii libwww-perl 6.15-1 ii lintian 2.5.39.1 ii man-db 2.7.5-1 ii patch 2.7.5-1 ii patchutils 0.3.4-1 ii python3-debian 0.1.27 ii python3-magic 1:5.25-2 ii sensible-utils 0.0.9 ii strace 4.10-3 ii unzip 6.0-20 ii wdiff 1.2.2-1+b1 ii wget 1.17.1-1 ii xz-utils 5.1.1alpha+20120614-2.1 Versions of packages devscripts suggests: ii build-essential 11.7 pn cvs-buildpackage <none> pn debbindiff <none> pn devscripts-el <none> pn gnuplot <none> ii gpgv 1.4.20-1 ii libauthen-sasl-perl 2.1600-1 ii libfile-desktopentry-perl 0.22-1 ii libnet-smtp-ssl-perl 1.03-1 pn libterm-size-perl <none> ii libtimedate-perl 2.3000-2 pn libyaml-syck-perl <none> pn mozilla-devscripts <none> ii mutt 1.5.24-1 ii openssh-client [ssh-client] 1:7.1p2-2 ii s-nail [mailx] 14.8.6-1 pn svn-buildpackage <none> pn w3m <none> -- no debconf information