Hi, On Thu, Sep 07, 2017 at 12:52:22PM +0200, Laurent Bigonville wrote: > Le 07/09/17 à 12:33, Guido Günther a écrit : > > Hi, > > On Thu, Sep 07, 2017 at 12:16:15PM +0200, Guido Günther wrote: > > > control: retitle -1 Please symlink upstream signature file to > > > ../build-area as well > > > > > > Hi, > > > On Thu, Sep 07, 2017 at 12:03:27PM +0200, Laurent Bigonville wrote: > > > > Le 07/09/17 à 11:06, Guido Günther a écrit : > > > > > Hi Laurent, > > > > > On Thu, Sep 07, 2017 at 10:55:14AM +0200, Laurent Bigonville wrote: > > > > > > Package: git-buildpackage > > > > > > Version: 0.9.0~exp4 > > > > > > Severity: normal > > > > > > > > > > > > Hi, > > > > > > > > > > > > It's now possible to include the gpg/pgp signature of the original > > > > > > upstream tarball in the source (.dsc) package. > > > > > > > > > > > > Currently, gbp buildpackage -S is not copying that file when > > > > > > preparing > > > > > > the source package that means that dpkg is not adding it to the .dsc > > > > > > file. > > > > > > > > > > > > gbp buildpackags -S should copy this (and maybe check if the name > > > > > > of the > > > > > > file is OK). > > > > > The "-S" is passed verbatim to the builder (dpkg-buildpackage, sbuild, > > > > > pbuilder, ...). I assume you want gbp to checkout the signature when > > > > > building a tarball (#872864)? > > > > I think this is related, but not completely the same, I don't see the > > > > signature being commited in the pristine-tar branch here. > > > …it's not implemented yet > > > > > > > My setup here is the following: > > > > > > > > The orig tarball and its signature (.pgp) is in the ../tarballs > > > > directory, > > > > when running gbp buildpackage -S, the orig tarball is symliked (or > > > > generated > > > > if it's absent) to the ../build-area directory. > > > > > > > > The thing is, that the signature file is not copied at the same time in > > > > that > > > > ../build-area directory > > > Yeah, the symlinking is a different case. Let's keep it as a separate > > > bug. > > One more thing. It seems dpkg-source wants these alsways named as > > <upstream-tarball-name>.asc but you're writing (.pgp) above - is that a > > typo or should uscan rename this to .asc right away? > uscan downloads the file as .pgp even if the upstream file is .asc, when > using pgpsigurlmangle > > I guess that's a bug in uscan?
I think so. Could you file that one as well please? (since my knowledge is based on what's in the manpages and what I read from the source, I didn't get around to try to add upstream signatures myself to an upload yet). We should try to standardize on one thing and since dpkg-source uses .asc and has the final say it's probably best to use that one. Otherwise we'll end up with lots of different heuristics. Cheers, -- Guido