Moin, it is not working.
libkolabxml*.tar.gz.pgp is not encrypted it is only verified, thats why I added the 0001-verify-not-decrypt to uscan. But still it does not work [see output]. i also attached the patch for libkolabxml to use the self mode. Regards, sandro Am Mittwoch, 30. September 2015, 20:27:10 schrieb Osamu Aoki: > On Tue, Sep 29, 2015 at 01:04:22AM +0200, Sandro Knauß wrote: > > Moin, > > > > > * Add dependency to gnupg|gnupg2 as suggest > > > * Add option: opts="pgpmode=self" (there is a place holder now.) > > > * Check availability of /usr/bin/gpg or /usr/bin/gpg2 if pgpmode=self > > > * match pattern to look for libkolabxml-([\d.]+)\.tar\.(?:gz|xz)\.gpg > > > > > > in http://mirror.kolabsys.com/pub/releases/ > > > > > > * download the latest libkolabxml-1.1.1.tar.gz.gpg if it is now. > > > * run the following to see if authentic and get the tarball > > > > > > F=libkolabxml-1.1.1.tar.gz && gpg -o ${F%.gpg} --decrypt $F > > > > > > * Ensure to find generated file ${F%.gpg} (or ${F%.asc} ...) and > > > > > > run mk-origtargz to get libkolabxml_1.1.1.orog.tar.gz from it. > > > > > > Is this what you wish? If so this is very simple and will be added to > > > a multitar branch commit in near future. > > > > sounds like that what I had in mind. > > It is already committed. Please checkout from git repo. > > Osamu
From caf885a7cdb5bc8758b0daf496d737fd3d0478d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro Knauß?= <[email protected]> Date: Wed, 30 Sep 2015 14:42:52 +0200 Subject: [PATCH] use pgpmode=self to verify signature --- debian/upstream/signing-key.asc | 60 +++++++++++++++++++++++++++++++++++++++++ debian/watch | 3 ++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 debian/upstream/signing-key.asc diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..2b5baea --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,60 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQGiBER7QVIRBADCB7UDDXuZ72uwtxsOG71qgRgAnV4TGM1OthNrk8g4rfzfXvvL +lZH4zntjMCS9ObKiekOXPciCwpBSOfJ9GcaeP+QzjFP19YbhQiT+DP2fOUDA3dlo +qZL2tyQg07QMV7JmKbeG6/hEiJNglMfgLxij66ZLUONMZmTExPlux+P58wCg19L1 +YbznAnaBvHjzDGQ5no1OxmED/iSHbjnUC1sTqymEiTSxepX0qtyZxEpB3PvGoX7o +x40jOGQ5gH2Npm5ct9BFBat/TXC9swSuynVm4aMXc9MT61a4MxEChxrAVa0XKQLM +3I7yKepcRjaoUFpTL3IK20R7WvqPZQkfqmzZ/hFkxmEq+VSGBE6DIH8xaVnY7624 +4fnXBACEDpwe1LyuJj2MahDh12typpj5OU7/oAqYjuF+Dz226XsaheabUSGZqr6d +FaUJm63hXjsFwN8jNvOdLDSv/Bws7RyHzOSXq4sqvZ1rrS2tiBTK7TzBq5gqJQ/a +Af+Q7QiZ6WZ0AMpyeyJ10p7U0+f357P/9nIOqNMykzencMuE57QuSmVyb2VuIHZh +biBNZWV1d2VuIChHTWFpbCkgPGthbmFyaXBAZ21haWwuY29tPohgBBMRAgAgBQJF +51QsAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQKN6f2pNCvwinhwCgiMrZ +jOPJZzGDda0FYqkmr82dCgkAnR4uPMF1NR3U4ekj1+lN/5UvhJGPtC9KZXJvZW4g +dmFuIE1lZXV3ZW4gKE9HRCkgPGoudmFuLm1lZXV3ZW5Ab2dkLm5sPohgBBMRAgAg +BQJF51RGAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQKN6f2pNCvwgJtgCe +NjBzAYQhximIyH7kQ/KFw6Q3PpgAnR782PFHaivxxYe1zJZ1uljyrS+ltC9KZXJv +ZW4gdmFuIE1lZXV3ZW4gKFhTNEFsbCkgPGthbmFyaXBAeHM0YWxsLm5sPohgBBMR +AgAgBQJF51QOAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQKN6f2pNCvwir +1gCfb9WxykMe73eiTQKrpGuXXuXVGgYAoJgyIRGGtryI85NM0dsjYxSf87qutDJK +ZXJvZW4gdmFuIE1lZXV3ZW4gKGthbmFyaXApIDxrYW5hcmlwQGthbmFyaXAuY29t +PohjBBMRAgAjAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAkXnVLICGQEACgkQ +KN6f2pNCvwgGzgCgrFzeuAewpVWO1/Mf5yxUTYXqh18AoM6WhsdvGczPeYrN2bwv +zVHDKXa/tDZKZXJvZW4gdmFuIE1lZXV3ZW4gKEdhbWVEcm9tZSkgPGthbmFyaXBA +Z2FtZWRyb21lLmNvbT6IYAQTEQIAIAUCRedUeAIbAwYLCQgHAwIEFQIIAwQWAgMB +Ah4BAheAAAoJECjen9qTQr8I5qUAn0r19O5xKt+0N9pduoO7C2j5kfgYAJ97h5+7 +WajLWWu9RWrmbO45E/gyaLQ6SmVyb2VuIHZhbiBNZWV1d2VuIChQQyBab25lIENs +YW4pIDxrYW5hcmlwQHBjem9uZS1jbGFuLm5sPohgBBMRAgAgBQJF51P8AhsDBgsJ +CAcDAgQVAggDBBYCAwECHgECF4AACgkQKN6f2pNCvwiOwgCgxoEOOA/2eV3qU9OM +loJHgX1cMOQAn02Tgc9ZXChJCR6234Z9XQtN4lSotDtKZXJvZW4gdmFuIE1lZXV3 +ZW4gKEZlZG9yYSBVbml0eSkgPGthbmFyaXBAZmVkb3JhdW5pdHkub3JnPohgBBMR +AgAgAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAkXnVK8ACgkQKN6f2pNCvwhx +pwCgh9ogAfRqkZAnBqBtLEKAS6R1BzIAnihm/a+4cuFYonEaNzjlbwEkicvBtD9K +ZXJvZW4gdmFuIE1lZXV3ZW4gKEZlZG9yYSBQcm9qZWN0KSA8a2FuYXJpcEBmZWRv +cmFwcm9qZWN0Lm9yZz6IYAQTEQIAIAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheA +BQJF51SmAAoJECjen9qTQr8I9kwAoMNFISjU6Zw/nh0y1GEibR93eSCAAKCSEaKs +g1PkzFT9Xfal8V+xIsxgRLRPSmVyb2VuIHZhbiBNZWV1d2VuIChLb2xhYiBTeXN0 +ZW1zKSAoS29sYWIgU3lzdGVtcyBBRykgPHZhbm1lZXV3ZW5Aa29sYWJzeXMuY29t +PohiBBMRAgAiBQJLsowjAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAo +3p/ak0K/CJRvAJ4mNcEeDnFtb4I3hc7wNa89JvR3GwCcDiJNUVQd+j5H2JCWTgI9 +n50Frf60Vkplcm9lbiB2YW4gTWVldXdlbiAoRXJnbyBQcm9qZWN0KSAoRXJnbyBQ +cm9qZWN0KSA8amVyb2VuLnZhbi5tZWV1d2VuQGVyZ28tcHJvamVjdC5vcmc+iGIE +ExECACIFAkuyjFgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECjen9qT +Qr8IGpcAnj5tSyh+o51oeHgYxai4xiN6gvC2AJ93XQBqfNJf8ePU7zfE/FsYQ4hp +M7kCDQREe0FZEAgAvr3GOdM1WkaDAnPALnOkKfd8K694dGAzXQPyrtgXQb5CQesx +9JyWMuCgVBbCbZlBPozK4Nfl48TyiPYPU7bplrHjr8HwhTppKXRD7rLgAeoSier4 +uMsT7Meo/zkbECi77IsltXfByJ/NNXa+pxMfr3AywFBPFuruH9gxiDDIxzKbE7zZ +DzldZ0KTHR55XOFV3dk7f8fKlG+qiEhSF/K0+J2yYwczn6NRICuvOovB2ZVfcB33 +s3U2Tv2tiUL3n8uYy86739AR0svDO/S/jGC3c/pJ8kaM3jyk8L0oKK4HYNS6Kt9+ +T1AV/bYMGA33sgTNPM5gIojSZy6YEPERd2Dl2wADBQf8Cfy0Uy/Zos6hF+Z2pc3F +oArwEAtQZfwACyI8Odr8+LVmBfkDNdIRt67Dcz9gJwnRe6vYTiDxT2x1jc556Eyv +UwKUzsN0awx3JJriG+qAs4WCjKCjvyTGSNONKpzbeJ+Mg6wKWYmftDX/93+rVqWV +diKExLzxyuhu5YohDyFNdpK3oTPqYSLcM1UzWMObVDztpGIhb9kksKbiGVsKeBXX +U6XK1LdFb8enhOfClqq0UyJNHTyepApARwDWQt5uMQBEfEp+7FNj4qJEdjca/Qmh +Y5k6SiALNrcxaZ1PGEBl6LsiWIqqW7S5hj/dgqQH2s/KkzIHVEkiVCj/9jFnGvHh +BYhJBBgRAgAJBQJEe0FZAhsMAAoJECjen9qTQr8IxzMAoK7xjnrzc58FHpPBqRp7 +IrpQ+J3CAJwPgqIR+Kfg2pYfHUQ+SL8ZHEEtLA=+=O5Us +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch index 9f88268..a27ac44 100644 --- a/debian/watch +++ b/debian/watch @@ -1,2 +1,3 @@ version=3 -http://mirror.kolabsys.com/pub/releases/libkolabxml-([0-9\.]+)\.tar\.gz +opts="pgpmode=self" \ +http://mirror.kolabsys.com/pub/releases/libkolabxml-([0-9\.]+)\.tar\.gz.gpg -- 2.1.4
From ee8b56ba78cc0a1419e0fb6022dc7aff0dff68d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro Knauß?= <[email protected]> Date: Wed, 30 Sep 2015 14:50:20 +0200 Subject: [PATCH] verify not decrypt --- scripts/uscan.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/uscan.pl b/scripts/uscan.pl index 99f90d2..336f117 100755 --- a/scripts/uscan.pl +++ b/scripts/uscan.pl @@ -3084,7 +3084,7 @@ EOF print "-- Verifying OpenPGP self signature of $sigfile_base and extract $newfile_base\n" if $verbose; system($havegpg, '--homedir', $gpghome, '--no-options', '-q', '--batch', '--no-default-keyring', - '--keyring', $keyring, '--trust-model', 'always', '--decrypt', '-o', + '--keyring', $keyring, '--trust-model', 'always', '--verify', '-o', "$destdir/$newfile_base", "$destdir/$sigfile_base") >> 8 == 0 or uscan_die("$progname: OpenPGP signature did not verify.\n"); $previousfile_base = undef; -- 2.1.4
% ~/git/devscripts/scripts/uscan.pl --force-download --verbose -- Scanning for watchfiles in . -- Found watchfile in ./debian -- In debian/watch, processing watchfile line: opts="pgpmode=self" http://mirror.kolabsys.com/pub/releases/libkolabxml-([0-9\.]+)\.tar\.gz.gpg Newest version on remote site is 1.1.1, local version is 1.1.1 => Package is up to date Newest version on remote site is 1.1.1, local version is 1.1.1 => Forcing download as requested -- Downloading updated package libkolabxml-1.1.1.tar.gz.gpg -- Verifying OpenPGP self signature of libkolabxml-1.1.1.tar.gz.gpg and extract libkolabxml-1.1.1.tar.gz gpg: Signature made Fr 31 Jul 2015 10:52:40 CEST using DSA key ID 9342BF08 gpg: Good signature from "Jeroen van Meeuwen (kanarip) <[email protected]>" [unknown] gpg: aka "Jeroen van Meeuwen (GMail) <[email protected]>" [unknown] gpg: aka "Jeroen van Meeuwen (OGD) <[email protected]>" [unknown] gpg: aka "Jeroen van Meeuwen (XS4All) <[email protected]>" [unknown] gpg: aka "Jeroen van Meeuwen (GameDrome) <[email protected]>" [unknown] gpg: aka "Jeroen van Meeuwen (PC Zone Clan) <[email protected]>" [unknown] gpg: aka "Jeroen van Meeuwen (Fedora Unity) <[email protected]>" [unknown] gpg: aka "Jeroen van Meeuwen (Fedora Project) <[email protected]>" [unknown] gpg: aka "Jeroen van Meeuwen (Kolab Systems) (Kolab Systems AG) <[email protected]>" [unknown] gpg: aka "Jeroen van Meeuwen (Ergo Project) (Ergo Project) <[email protected]>" [unknown] -- Executing internal command mk-origtargz --package libkolabxml --version 1.1.1 --compression gzip --directory .. --copyright-file debian/copyright ../libkolabxml-1.1.1.tar.gz Could not read ../libkolabxml-1.1.1.tar.gz: Datei oder Verzeichnis nicht gefunden at /usr/bin/mk-origtargz line 320. uscan.pl: Fehler: Fehler-Exitstatus von mk-origtargz --package libkolabxml --version 1.1.1 --compression gzip --directory .. --copyright-file debian/copyright ../libkolabxml-1.1.1.tar.gz war 2
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
