On Mon, Jul 03, 2017 at 12:34:58PM +0200, Laurent Bigonville wrote: > With the following debian/watch file, it cannot verify the signature of > the tarball: > > version=4 > opts="pgpmode=next" \ > https://red.libssh.org/projects/libssh/files \ > /attachments/download/(?:\d+)/libssh-@ANY_VERSION@@ARCHIVE_EXT@ debian > opts="pgpmode=previous" \ > https://red.libssh.org/projects/libssh/files \ > /attachments/download/(?:\d+)/libssh-@[email protected] previous > > I get the following output: > > bigon@valinor:~/Development/Debian/libssh [git: debian]$ LC_ALL=C uscan > --destdir ../tarballs > uscan: Newest version of libssh on remote site is 0.7.5, local version is > 0.7.3 > uscan: => Newer package available from > https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz > dpkg: error: version '1:-0' has bad syntax: version number is empty > dpkg: error: version '1:-0' has bad syntax: version number is empty
These syntax errors are fixed in git. > uscan: Newest version of libssh on remote site is 0.7.5, specified download > version is 0.7.5 > gpgv: Signature made Thu Apr 13 16:35:40 2017 CEST > gpgv: using RSA key 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D > gpgv: BAD signature from "Andreas Schneider <[email protected]>" > uscan warn: OpenPGP signature did not verify. I saw this as well. You should rename debian/upstream-signing-key.pgp to debian/upstream/signing-key.asc. First, the preferred location is under debian/upstream. Second, your file is armored so it should use the asc extension instead of the pgp extension. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB _______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
