Hi, sorry it took me a bit longer to verify this.
On Fri, Sep 24, 2021 at 11:02:55AM +0100, Nikolaus Rath wrote:
> On Fri, 24 Sep 2021, at 11:00, Mattia Rizzolo wrote:
> >> At first I thought that the upstream signature file was corrupted, but
> >> it seems that gpgv can't deal with a the keyring if it is generated the
> >> way that uscan(1) says it should be:
> >
> > I'll need to check your specifc case, but I can assure you that armored
> > keys are very much fine and I'm using them all the time with uscan.
>
>
> Thanks for the quick response. Let me know if I can help in any way -
> I don't see myself doing anything special, just executing the commands
> given in uscan(1) on a bullseye system (with devscripts installed from
> unstable, just in case).
I'm still convinced you did something weird.
So I cloned your s3ql repo and
% git checkout a8a5cd2633e372e238595004e92a6e93f94d6714^
% cd debian
% mkdir upstream
% mv upstream-signing-key.pgp upstream/signing-key.asc
% ..
% uscan
uscan info: uscan (version 2.21.4) See uscan(1) for help
uscan info: Scan watch files in .
uscan info: Check debian/watch and debian/changelog in .
uscan info: package="s3ql" version="3.7.0+dfsg-3" (as seen in debian/changelog)
uscan info: package="s3ql" version="3.7.0+dfsg" (no epoch/revision)
...
uscan: Newest version of s3ql on remote site is 3.7.3+dfsg, local version is
3.7.0+dfsg
uscan: => Newer package available from:
=>
https://github.com/s3ql/s3ql/releases/download/release-3.7.3/s3ql-3.7.3.tar.bz2
uscan info: Downloading upstream package: s3ql-3.7.3.tar.bz2
uscan info: Requesting URL:
https://github.com/s3ql/s3ql/releases/download/release-3.7.3/s3ql-3.7.3.tar.bz2
uscan info: Successfully downloaded package: s3ql-3.7.3.tar.bz2
uscan info: Downloading OpenPGP signature from:
https://github.com/s3ql/s3ql/releases/download/release-3.7.3/s3ql-3.7.3.tar.bz2.asc
(pgpsigurlmangled)
as s3ql-3.7.3.tar.bz2.asc
uscan info: Requesting URL:
https://github.com/s3ql/s3ql/releases/download/release-3.7.3/s3ql-3.7.3.tar.bz2.asc
uscan info: Verifying OpenPGP signature ../s3ql-3.7.3.tar.bz2.asc for
../s3ql-3.7.3.tar.bz2
gpgv: Signature made Thu 03 Jun 2021 09:40:47 PM CEST
gpgv: using RSA key ED31791B2C5C1613AF388B8AD113FCAC3C4E599F
gpgv: Good signature from "Nikolaus Rath <nikol...@rath.org>"
uscan info: New orig.tar.* tarball version (oversionmangled): 3.7.3+dfsg
uscan info: Launch mk-origtargz with options:
--package s3ql --version 3.7.3+dfsg --rename --signature 1 --signature-file
../s3ql-3.7.3.tar.bz2.asc --compression default --directory .. --copyright-file
debian/copyright ../s3ql-3.7.3.tar.bz2
Skip adding upstream signature since upstream file is repacked.
Successfully repacked ../s3ql-3.7.3.tar.bz2 as ../s3ql_3.7.3+dfsg.orig.tar.xz,
deleting 108 files from it.
uscan info: New orig.tar.* tarball version (after mk-origtargz): 3.7.3+dfsg
uscan info: Scan finished
I didn't even bother to export it anew, since what you have (although
with a .pgp extension) already was armored.
Anyway, since you are DM and I already have your key in my local copyof
the keyring:
% gpg --export --export-options export-minimal --armor nikol...@rath.org >
debian/upstream/signing-key.asc
% uscan -ddd
[same result as above]
(btw, you should use both `export-clean,export-minimal`, not just
`export-minimal`).
For you to try I pushed what works for me (once I got to this point, I'm
not sure anymore why I checked branch aboveā¦) to a "test-uscan" branch
of s3ql. In there `uscan -ddd` downloads and verify appropriately.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
