On Fri, Aug 21, 2015 at 11:33 PM, Thomas Schmitt <[email protected]> wrote: > Hi, > > after some fight with the keyring i am able to produce > signed packages on sid. > > Will this warning be a problem ? > > $ gpg --verify ../libisoburn_1.4.0-1.1_source.changes > gpg: Signature made Fri 21 Aug 2015 10:44:01 PM CEST using DSA key ID > ABC0A854 > gpg: Good signature from "Thomas Schmitt <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 44BC 9FD0 D688 EB00 7C4D D029 E9CB DFC0 ABC0 A854
This indicates that you have not set a trust level for that key. If you run gpg --edit-key ABC0A854 type "trust" and set to: I trust fully (or whatever you trust yourself :-)) > --------------------------------------------------------------- > > I need a translator from debian-speak to english (or german). > > My first runs of debuild showed lintian warnings, which i could > silence, except this class from debuild -b: > > W: libburn4: hardening-no-relro usr/lib/libburn.so.4.93.0 > W: cdrskin: hardening-no-relro usr/bin/cdrskin > W: libisofs6: hardening-no-relro usr/lib/libisofs.so.6.76.0 > W: libisoburn1: hardening-no-relro usr/lib/libisoburn.so.1.97.0 > W: xorriso: hardening-no-relro usr/bin/xorriso > > "This package was likely not built with the default > Debian compiler flags defined by dpkg-buildflags." > > What does it want me to do ? > Where ? In debian/rules ? In upstream ? Examples available ? What debhelper version are you using (check debian/compat). Try going to 9, if that does not help: share your packaging work, it is hard to find out without seeing the code. More explanations here: https://wiki.debian.org/HardeningWalkthrough > > -------------------------------------------------------------- > Riddle: > > During my work something caused unconditional regeneration > of unpacked > libisoburn-1.4.0/xorriso/xorrecord.info > The versions of makeinfo differ between release machine > and sid, which causes different .info result. > In subsequent runs of debuild this causes a complaint > about uncommitted changes. > > The makeinfo run is indeed in my upstream autotools empire. > But it should only trigger if .info is missing or outdated. > In a build run out of the upstream tarball, the makeinfo > run is not triggered. On the same sid. > > Only one of three .info gets regenerated in this way: > -rw-r--r-- 1 thomas thomas 41768 Aug 21 22:25 xorriso/xorrecord.info > -rw-r--r-- 1 thomas thomas 291521 Aug 21 14:56 xorriso/xorriso.info > -rw-r--r-- 1 thomas thomas 108424 Aug 21 14:56 xorriso/xorrisofs.info > > > What is the magic difference between tar xzf and cp ? > Why does it not happen with ./configure && make > from upstream tarball ? I suppose it is this: copying will set the timestamp at the time of copying, so make (or another tool) does not detect a changed version: the generated version is newer than it sources. When extracting you get the original timestamp. Kind Regards, Johan
