Your message dated Fri, 12 Feb 2016 04:19:38 +0000
with message-id <[email protected]>
and subject line Bug#812860: fixed in devscripts 2.16.1
has caused the Debian Bug report #812860,
regarding /usr/bin/uscan: [uscan] failure to download and verify package.tar.xz
with package.sign
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
812860: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812860
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: devscripts
Version: 2.15.10
Severity: normal
File: /usr/bin/uscan
Control: user [email protected]
Control: usertag -1 + uscan
Hello,
I started experimenting with uscan's pgp mechanism to verfiy the
signature of rt-tests. You can reproduce my tests using:
debcheckout rt-tests
cd rt-tests
echo > debian/watch 'version=4'
echo >> debian/watch
echo >> debian/watch 'opts="pgpsigurlmangle=s%.xz$%.sign%, decompress"
\'
echo >> debian/watch
'http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-(.*)\.tar\.xz'
now running
uscan --debug
ends in
uscan: Downloading OpenPGP signature from
http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-0.96.tar.sign
(pgpsigurlmangled)
as rt-tests-0.96.tar.xz.pgp
uscan info: Requesting URL:
http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-0.96.tar.sign
uscan warn: FAIL Checking OpenPGP signature (no upstream tarball
downloaded).
uscan info: Scan finished
(Here I would have expected a more verbose output to explain the FAIL.)
My expectations is that uscan downloads rt-tests-0.96.tar.xz and
rt-tests-0.96.tar.sign, does something like:
zcat rt-tests-0.96.tar.xz | gpg --verify rt-tests-0.96.tar.sign -
with the right keyring added to the mix and then links it to
rt-tests_0.96.orig.tar.xz.
When doing:
cd ..
wget http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-0.96.tar.xz
cd rt-tests
and starting uscan again I get:
uscan: uscan (version 2.15.10) See uscan(1) for help
uscan: Scan watch files in .
uscan: ./debian/changelog sets package="rt-tests" version="0.96"
uscan: Newest version on remote site is 0.96, local version is 0.96
uscan: => Package is up to date
uscan: Don't download and use the existing file: rt-tests-0.96.tar.xz
uscan: Downloading OpenPGP signature from
http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-0.96.tar.sign
(pgpsigurlmangled)
as rt-tests-0.96.tar.pgp
gpgv: Signature made Thu 22 Oct 2015 12:41:14 PM CEST using RSA key ID
639D2D16
gpgv: Good signature from "John Kacur <[email protected]>"
gpgv: aka "John Kacur <[email protected]>"
uscan: Successfully downloaded package rt-tests-0.96.tar.xz
Could not read ../rt-tests-0.96.tar.xz: No such file or directory at
/usr/bin/mk-origtargz line 361.
uscan: error: mk-origtargz --package rt-tests --version 0.96
--compression gzip --directory .. --copyright-file debian/copyright
../rt-tests-0.96.tar.xz gave error exit status 2
where the problem seems to be that uscan decompresses the archive but in
the same go removes the tar.xz for mk-origtargz.
Without decompress in the options the signature verification obviously
fails.
Is this just me using uscan in a wrong way, or is there something fishy
with uscan? In the first case an example would be great.
Best regards
Uwe
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
BTS_CACHE=no
DEBCHANGE_RELEASE_HEURISTIC=changelog
DEBSIGN_KEYID=32669bd6
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (800, 'testing'), (600, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.4
ii libc6 2.21-6
ii perl 5.22.1-4
pn python3:any <none>
Versions of packages devscripts recommends:
ii apt 1.2
ii at 3.1.18-2
ii curl 7.46.0-1
ii dctrl-tools 2.24-1
ii debian-keyring 2016.01.20
ii dput-ng [dput] 1.10
ii equivs 2.0.9+nmu1
ii fakeroot 1.20.2-1
ii file 1:5.25-2
ii gnupg 1.4.20-1
ii gnupg2 2.0.28-3
ii libdistro-info-perl 0.14
ii libencode-locale-perl 1.05-1
ii libjson-perl 2.90-1
ii liblwp-protocol-https-perl 6.06-2
ii libsoap-lite-perl 1.19-1
ii liburi-perl 1.71-1
ii libwww-perl 6.15-1
ii lintian 2.5.39.1
ii man-db 2.7.5-1
ii patch 2.7.5-1
ii patchutils 0.3.4-1
ii python3-debian 0.1.27
ii python3-magic 1:5.25-2
ii sensible-utils 0.0.9
ii strace 4.10-3
ii unzip 6.0-20
ii wdiff 1.2.2-1+b1
ii wget 1.17.1-1
ii xz-utils 5.1.1alpha+20120614-2.1
Versions of packages devscripts suggests:
ii build-essential 11.7
pn cvs-buildpackage <none>
pn debbindiff <none>
pn devscripts-el <none>
pn gnuplot <none>
ii gpgv 1.4.20-1
ii libauthen-sasl-perl 2.1600-1
ii libfile-desktopentry-perl 0.22-1
ii libnet-smtp-ssl-perl 1.03-1
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
pn mozilla-devscripts <none>
ii mutt 1.5.24-1
ii openssh-client [ssh-client] 1:7.1p2-2
ii s-nail [mailx] 14.8.6-1
pn svn-buildpackage <none>
pn w3m <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: devscripts
Source-Version: 2.16.1
We believe that the bug you reported is fixed in the latest version of
devscripts, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <[email protected]> (supplier of updated devscripts package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Feb 2016 21:07:17 -0500
Source: devscripts
Binary: devscripts
Architecture: source
Version: 2.16.1
Distribution: unstable
Urgency: medium
Maintainer: Devscripts Devel Team <[email protected]>
Changed-By: James McCoy <[email protected]>
Closes: 750024 774554 783497 803315 804735 809541 809554 809604 809662 809806
812119 812417 812661 812860 814447
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Changes:
devscripts (2.16.1) unstable; urgency=medium
.
[ Antonio Terceiro ]
* uscan:
- fix regression in uscan when --destdir is set (Closes: #809662)
Patch by Alex Mestiashvili <[email protected]>
- fix crash when --rename is passed (Closes: #812417)
- when scanning for directories called 'debian', ignore the ones that
don't have a file called 'watch'. This removes several annoying warnings
when uscan is run on a package that has several directories called
'debian' in its upstream source.
- fix English phrases when logging download-related actions
* mk-build-deps:
- When installing, pass `-o Debug::pkgProblemResolver=yes` to `apt-get
install` so that when build dependencies can't be satisfied, you know
why.
Otherwise it would just tell you that the *-build-deps package needs to
be removed and you will never know why.
* debian/control:
- change Vcs-Git: to a https:// URL
.
[ James McCoy ]
* checkbashisms:
+ Recognize dash as a valid shell.
+ Check scripts which use “#!/path/to/env $interpreter”
+ Allow %b as a printf conversion specifier. Thanks to Mike Frysinger for
the patch. (Closes: #804735)
* debian/tests/control: Add gcc as a dependency for dpkg-architecture.
* chdist:
+ Symlink, rather than copy, the archive keyrings into the chdist tree so
they don't get stale. (Closes: #783497)
* test_package_lifecycle: Ignore listing of dh_* commands in debuild output.
The specific commands aren't interesting, so much as the steps that the
build goes through. Fixes FTBFS due to new dh_update_autotools_config
command. (Closes: #812661)
* dd-list:
+ Use apt interfaces to find sources files and extract their contents,
instead of globbing and directly reading files.
* dcmd:
+ Support .buildinfo files. Thanks to Johannes Schauer for the patch.
(Closes: #774554)
* debsnap:
+ Remove use of JSON module in favor of the core Perl JSON::PP module.
Thanks to RjY and Jakub Wilk. (Closes: #803315)
* dep3changelog:
+ Recognize https URLs for Bug-Debian. (Closes: #750024)
.
[ Christoph Berg ]
* debcheckout: Add auth mapping for https://github.com.
.
[ Osamu Aoki ]
* uscan:
+ Fix regressions and glitches in the prioritizing mechanism of packages.
(Closes: #809604)
+ Fix regressions of the verbosety. (Closes: #809541, #809554)
+ Keep the original compressed file when decompressing it for the
signature verification. (Closes: #812860)
+ Write *.uscan.log only when requested by --log. (Closes: #809806)
+ Fix syntax of GitHub watch file example. (Closes: #814447)
* uscan, mk-origtargz:
+ Document Files-Excluded better. (Closes: #812119)
.
[ Dominique Dumont ]
* licensecheck:
+ detect LGPL license in Perl files handled by Dist::Zilla
Checksums-Sha1:
0472c93b894d8fb89a9fe4e25491f3fc80aa69a8 2368 devscripts_2.16.1.dsc
68e5391819589ba06f0ac68d33fb61e84ed29eb5 681124 devscripts_2.16.1.tar.xz
Checksums-Sha256:
fe4b40d1c8f92e6a27fa0c8cbff4244ecd36aa7863c12a031b645531fe567720 2368
devscripts_2.16.1.dsc
3f938d51c82c32171fc7db024bc4ad88310ec8542f258f0fd97c9a0f9611ce24 681124
devscripts_2.16.1.tar.xz
Files:
6c053bd8fcd6fda15c2b415a6f27479a 2368 devel optional devscripts_2.16.1.dsc
310a0e0a7fcf21a86f3ad860124b0b60 681124 devel optional devscripts_2.16.1.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJWvT94XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MUJGQkY0RDY5NTZCRDVERjdCNzJEMjNE
RkU2OTFBRTMzMUJBM0RCAAoJEN/mka4zG6Pbr+UP/0YSMSlprqykpM4NYBq3Ibsn
uxZ/etASFt/nqcGcpSw1INwK/5nf1ZU7j9WNF4V1ceF5FYorWwDvYrZmnk6n205r
AHPnWy2Ev3P8Y6ddC71dr9RXUYgR/yykoptKQG0cMnlm293ICQODXkzA7CXIeIOd
da/1VpBfXI9ZJeSgFn2Riu0p7h0BR7BE+9+SHeX09lnM25XoaMuuvu/elK+45+vC
1VuxToeGKNEzhqtqQtfp3CvnN7EtAGZQLYff3tkGf5IX3dAMtfFkK+cwr5CVWGMm
rtr3+mfaTm7J8zWvYe61BG8gzLoGkYuQxVR+LrqHbTmEVI7am1/vgDaqh2yZwbTd
afXkkMPqEAd/dCPnQraMaxac/u2WcpMc1Tz6wofYQ9KtdR/30uXGoP1Koo/hzhJD
MS93NpNoFuLP+qMNEkiVOHPhhVGUqCRteysB03S+9k8dUjr1sfcJThvoUNjUpiQO
rlzx1kLWIZdfxZq9ypHzINmA1rlN2BrrdvyiJXTToVnVF24lo8dNWI2/fkSCDEFP
VOHMwniwT1NUOG9LTQd8MIT3vxsWPwSD50omUafDKxgAKSDXo83IF/3zkb0YFF7P
F6U4n53XjVMFBxUv+PL1kmsGZtvDJVgPnxRTL7nYMWD32QM9py1mDXQuOc4memhO
F4KrbDXKrsFJBx9hlZ6z
=DxQe
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
devscripts-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
