Your message dated Tue, 17 Dec 2024 18:30:56 +0100 with message-id <2864944.mvXUDI8C0e@grummly> and subject line Re: Bug#1088973: uscan orig tarball signature verification fails with gpg-from-sq has caused the Debian Bug report #1088973, regarding uscan orig tarball signature verification fails with gpg-from-sq to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1088973: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088973 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: gpg-from-sq Version: 0.11.2-6 Severity: important Dear Maintainer, installing gpg-from-sq makes some upstream tarball signature verifications fail while using uscan. 1. Install gpg-from-sq 2. Clone breeze-grub repo [1] 3. Run uscan: Newest version of breeze-grub on remote site is 6.2.4, local version is 6.2.3 => Newer package available from: => https://download.kde.org/stable/plasma/6.2.4/breeze-grub-6.2.4.tar.xz gpgv: Signature made Tue Nov 26 11:06:47 2024 +01:00 gpgv: using RSA key E0A3EB202F8E57528E13E72FD7574483BB57B18D gpgv: Can't check signature: No public key uscan die: OpenPGP signature did not verify. at /usr/share/perl5/Devscripts/Uscan/Output.pm line 77. 4. Remove gpg-from-sq 5. Rerun uscan: Newest version of breeze-grub on remote site is 6.2.4, local version is 6.2.3 => Newer package available from: => https://download.kde.org/stable/plasma/6.2.4/breeze-grub-6.2.4.tar.xz gpgv: Signature made Tue Nov 26 11:06:47 2024 +01:00 gpgv: using RSA key E0A3EB202F8E57528E13E72FD7574483BB57B18D gpgv: Good signature from "Jonathan Esk-Riddell <[email protected]>" Successfully symlinked ../breeze-grub-6.2.4.tar.xz to ../breeze-grub_6.2.4.orig.tar.xz. [1] https://salsa.debian.org/qt-kde-team/kde/breeze-grub.git -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'testing'), (500, 'stable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.11.10-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gpg-from-sq depends on: ii gpg-sq 0.11.2-6 Versions of packages gpg-from-sq recommends: ii gpgv-from-sq 0.11.2-6 gpg-from-sq suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Le mardi 17 décembre 2024, 16:44:57 UTC+1 Holger Levsen a écrit : > control: tags -1 + moreinfo > thanks > > Hi Aurélien, Dear Holger, > thanks for the bug report! > > On Tue, Dec 03, 2024 at 04:20:09PM +0100, Aurélien COUDERC wrote: > > installing gpg-from-sq makes some upstream tarball signature > > verifications fail while using uscan. > > 1. Install gpg-from-sq > > 2. Clone breeze-grub repo [1] > > 3. Run uscan: > > can you retry with latest uscan from devscripts in unstable? > > AFAIK it's fixed there. Yes it is ! And for the record the upstream signature file had an issue that I had missed earlier and the new versions of the tools raised immediately : uscan warn: Found multiple concatenated ASCII Armor blocks in debian/upstream/signing-key.asc, which is not an interoperable construct. See <https://tests.sequoia-pgp.org/results.html#ASCII_Armor>. Please concatenate them into a single ASCII Armor block. For example: sq keyring merge --overwrite --output debian/upstream/signing-key.asc \ debian/upstream/signing-key.asc All the best, -- Aurélien
--- End Message ---
