Axel Beckert wrote... > That might be something for lintian-brush once a lintian check is > there. Cc'ing Jelmer, the author of lintian-brush.
What's the status of that story? I hacked a few lines together that work at least for the case where I encountered the problem. But it's fairly fragile since parsing in a textual output is bad. It was way better to *omit* --list-packets in the gpg invocation since then the output is by definition machine-readable (and there is an "Expired!" alert on stderr for free). Also upstream warns the output of --list-packets "may change with new releases." Christoph
--- /usr/share/lintian/checks/debian/upstream/signing-key.pm +++ /usr/share/lintian/checks/debian/upstream/signing-key.pm @@ -122,15 +122,20 @@ # look for third-party signatures my @thirdparty; + my $expired; for my $packet (@packets) { my $header = $packet->[0]; + my $body = $packet->[1]; if ($header =~ qr/^:signature packet: algo \d+, keyid (\S*)$/){ my $signatory = $1; push(@thirdparty, $signatory) unless $signatory eq $keyid; } + if ($body =~ qr/ expires 0/) { + $expired = 1; + } } # signatures by parties other than self @@ -141,6 +146,9 @@ $key_name, "has $extrasignatures extra signature(s) for keyid $keyid") if $extrasignatures; + $self->hint('public-upstream-key-expired', + $key_name,'has expired keys') + if $expired; } }
Tag: public-upstream-key-expired Severity: info Check: debian/upstream/signing-key See-Also: uscan(1) Explanation: The source package contains a public upstream signing key that contains at least one key that has expired. . Please obtain the correct key from upstream.
signature.asc
Description: PGP signature