Re: Bug#833585: lintian: Check presence of upstream signature if signing key available

[Chris Lamb]

Hi Bastien,

> Lack git-buildpackage, gitpkg, git dpm ...

Support in git-buildpackage is blocked on pristine-tar, but I worked
on that yesterday:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871809#20


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Re: Bug#833585: lintian: Check presence of upstream signature if signing key available

[Osamu Aoki]

Hi, (This is RFH)

On Mon, Aug 21, 2017 at 09:43:13AM +0200, Kurt Roeckx wrote:
> On Mon, Aug 21, 2017 at 09:30:41AM +0200, Vincent Bernat wrote:
> >  ❦ 15 juillet 2017 23:06 +0100, Chris Lamb  :
...
> > Integration with uscan is not done either.

The stretch uscan has download and verification included.  The buster
uscan is aiming to do the proper renaming to match dpkg-source
expectation.

> There is a bug against uscan to do this, I understand that it's
> been committed just not uploaded yet.

Yes.  With test script run on the build time, I confirmed it is working.
(Cross my fingers)

The updated uscan should support typical upstream combinations:
 1) (foo-ver.tar.gz, foo-ver.tar.gz.{pgp,gpg,sgn,sign,asc})
-> (foo_ver.tar.orig.gz, foo_ver.orig.tar.gz.asc)
 2) (foo-ver.tar.gz, foo-ver.tar.{pgp,gpg,sgn,sign,asc})
-> (foo_ver.tar.orig.gz, foo_ver.orig.tar.asc)

I think the output of 1) is supported by the stretch dpkg-source but I
am not sure for the output of 2).

There is another way of signing package: non-detached signature
with gpg -s or gpg -sa.  Not so popular but there were wishlist bug for
it in BTS.  For such an upstream file, I wish to convert to 
-> (foo_ver.tar.orig.gz, foo_ver.orig.tar.gz.asc)
I know how to get the foo_ver.tar.orig.gz but the conversion of
signature to detached format seems non-intuitive task.  Your expert help
on gpg trick is most appreciated.

Regards,

Osamu

Re: Bug#833585: lintian: Check presence of upstream signature if signing key available

[Bastien ROUCARIES]

On Mon, Aug 21, 2017 at 9:43 AM, Kurt Roeckx  wrote:
> On Mon, Aug 21, 2017 at 09:30:41AM +0200, Vincent Bernat wrote:
>>  ❦ 15 juillet 2017 23:06 +0100, Chris Lamb  :
>>
>> > Dear Niels,
>> >
>> >> You need the $group parameter (the 5th parameter to the run sub).
>> >
>> > 
>> >
>> > Bingo, that works. Will tidy a bunch of things up and push it tomorrow.
>> > Thanks again!
>>
>> So, this adds a new Lintian "error". I am using gbp and I have no clue
>> on how to include this signature file. Integration with uscan is not
>> done either.
>
> There is a bug against uscan to do this, I understand that it's
> been commited just not uploaded yet.
>
>
> Kurt
>
Lack git-buildpackage, gitpkg, git dpm ...

Re: Bug#833585: lintian: Check presence of upstream signature if signing key available

[Kurt Roeckx]

On Mon, Aug 21, 2017 at 09:30:41AM +0200, Vincent Bernat wrote:
>  ❦ 15 juillet 2017 23:06 +0100, Chris Lamb  :
> 
> > Dear Niels,
> >
> >> You need the $group parameter (the 5th parameter to the run sub).
> >
> > 
> >
> > Bingo, that works. Will tidy a bunch of things up and push it tomorrow.
> > Thanks again!
> 
> So, this adds a new Lintian "error". I am using gbp and I have no clue
> on how to include this signature file. Integration with uscan is not
> done either.

There is a bug against uscan to do this, I understand that it's
been commited just not uploaded yet.


Kurt

Re: Bug#833585: lintian: Check presence of upstream signature if signing key available

[Vincent Bernat]

 ❦ 15 juillet 2017 23:06 +0100, Chris Lamb  :

> Dear Niels,
>
>> You need the $group parameter (the 5th parameter to the run sub).
>
> 
>
> Bingo, that works. Will tidy a bunch of things up and push it tomorrow.
> Thanks again!

So, this adds a new Lintian "error". I am using gbp and I have no clue
on how to include this signature file. Integration with uscan is not
done either.

Why is it even an error? Could these kind of changes be discussed more
widely?
-- 
10.0 times 0.1 is hardly ever 1.0.
- The Elements of Programming Style (Kernighan & Plauger)


signature.asc
Description: PGP signature