Re: Bug#833585: lintian: Check presence of upstream signature if signing key available
Hi Bastien, > Lack git-buildpackage, gitpkg, git dpm ... Support in git-buildpackage is blocked on pristine-tar, but I worked on that yesterday: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871809#20 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Re: Bug#833585: lintian: Check presence of upstream signature if signing key available
Hi, (This is RFH) On Mon, Aug 21, 2017 at 09:43:13AM +0200, Kurt Roeckx wrote: > On Mon, Aug 21, 2017 at 09:30:41AM +0200, Vincent Bernat wrote: > > ❦ 15 juillet 2017 23:06 +0100, Chris Lamb: ... > > Integration with uscan is not done either. The stretch uscan has download and verification included. The buster uscan is aiming to do the proper renaming to match dpkg-source expectation. > There is a bug against uscan to do this, I understand that it's > been committed just not uploaded yet. Yes. With test script run on the build time, I confirmed it is working. (Cross my fingers) The updated uscan should support typical upstream combinations: 1) (foo-ver.tar.gz, foo-ver.tar.gz.{pgp,gpg,sgn,sign,asc}) -> (foo_ver.tar.orig.gz, foo_ver.orig.tar.gz.asc) 2) (foo-ver.tar.gz, foo-ver.tar.{pgp,gpg,sgn,sign,asc}) -> (foo_ver.tar.orig.gz, foo_ver.orig.tar.asc) I think the output of 1) is supported by the stretch dpkg-source but I am not sure for the output of 2). There is another way of signing package: non-detached signature with gpg -s or gpg -sa. Not so popular but there were wishlist bug for it in BTS. For such an upstream file, I wish to convert to -> (foo_ver.tar.orig.gz, foo_ver.orig.tar.gz.asc) I know how to get the foo_ver.tar.orig.gz but the conversion of signature to detached format seems non-intuitive task. Your expert help on gpg trick is most appreciated. Regards, Osamu
Re: Bug#833585: lintian: Check presence of upstream signature if signing key available
On Mon, Aug 21, 2017 at 9:43 AM, Kurt Roeckxwrote: > On Mon, Aug 21, 2017 at 09:30:41AM +0200, Vincent Bernat wrote: >> ❦ 15 juillet 2017 23:06 +0100, Chris Lamb : >> >> > Dear Niels, >> > >> >> You need the $group parameter (the 5th parameter to the run sub). >> > >> > >> > >> > Bingo, that works. Will tidy a bunch of things up and push it tomorrow. >> > Thanks again! >> >> So, this adds a new Lintian "error". I am using gbp and I have no clue >> on how to include this signature file. Integration with uscan is not >> done either. > > There is a bug against uscan to do this, I understand that it's > been commited just not uploaded yet. > > > Kurt > Lack git-buildpackage, gitpkg, git dpm ...
Re: Bug#833585: lintian: Check presence of upstream signature if signing key available
On Mon, Aug 21, 2017 at 09:30:41AM +0200, Vincent Bernat wrote: > ❦ 15 juillet 2017 23:06 +0100, Chris Lamb: > > > Dear Niels, > > > >> You need the $group parameter (the 5th parameter to the run sub). > > > > > > > > Bingo, that works. Will tidy a bunch of things up and push it tomorrow. > > Thanks again! > > So, this adds a new Lintian "error". I am using gbp and I have no clue > on how to include this signature file. Integration with uscan is not > done either. There is a bug against uscan to do this, I understand that it's been commited just not uploaded yet. Kurt
Re: Bug#833585: lintian: Check presence of upstream signature if signing key available
❦ 15 juillet 2017 23:06 +0100, Chris Lamb: > Dear Niels, > >> You need the $group parameter (the 5th parameter to the run sub). > > > > Bingo, that works. Will tidy a bunch of things up and push it tomorrow. > Thanks again! So, this adds a new Lintian "error". I am using gbp and I have no clue on how to include this signature file. Integration with uscan is not done either. Why is it even an error? Could these kind of changes be discussed more widely? -- 10.0 times 0.1 is hardly ever 1.0. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature