Package: devscripts Version: 2.25.15 Severity: serious File: /usr/bin/uscan X-Debbugs-CC: [email protected]
Upstream of src:mariadb-mysql-kbs, in addition to signing their release tags, also publish *.tar.xz.asc detached signatures in their releases at e.g. https://github.com/williamdes/mariadb-mysql-kbs/releases/tag/v1.3.0 Old v4 format for debian/watch works fine with this config: version=4 opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%@PACKAGE@-$1.tar.gz%, \ pgpsigurlmangle=s%archive/refs/tags/(v[\d\.]+)\.tar\.gz%releases/download/$1/$1.tar.gz.asc%" \ https://github.com/williamdes/mariadb-mysql-kbs/tags .*/v?(\d[\d.]*)\.tar\.gz debian However, using the new v5 format and GitHub template it is not possible to download the detached signature with any value passed to Pgp-Sig-Url-Mangle because the GitHub template downloads the releases from an URL under the domain api.github.com, while the signature is for download at https://github.com/williamdes/mariadb-mysql-kbs/releases/download/v1.3.0/v1.3.0.tar.gz.asc In the old v4 format it was possible to convert https://github.com/williamdes/mariadb-mysql-kbs/archive/refs/tags/v1.3.0.tar.gz with manging into https://github.com/williamdes/mariadb-mysql-kbs/releases/download/v1.3.0/v1.3.0.tar.gz.asc In the new v5 GitHub template now manging can turn https://api.github.com/repos/williamdes/mariadb-mysql-kbs/tarball/refs/tags/v1.3.0 into https://github.com/williamdes/mariadb-mysql-kbs/releases/download/v1.3.0/v1.3.0.tar.gz.asc I also tried other variations on the v5 syntax but didn't get any of them to work. If this is a user error, please close this bug with an documentation update to man page (https://manpages.debian.org/unstable/devscripts/uscan-templates.5.en.html#Github) showing example of using GitHub template with no signatures, with signed git tags, and with detached signatures in the GitHub "release".
