On Mon, Aug 29, 2011 at 06:39:08PM +0100, Adam D. Barratt wrote: > On Thu, 2011-08-25 at 01:26 +0200, Yann Dirson wrote: > > The message is quite misleading: > > > > $ debsign tulip_3.6.0dfsg-1_amd64.changes > > signfile tulip_3.6.0dfsg-1.dsc 5C33C1B8 > > It might be, but the problem isn't really what you suggest in the > subject. > > > $ mv ~/.gnupg/ ~/.gnupg.away > > $ debsign tulip_3.6.0dfsg-1_amd64.changes > > Could not find a signing program (pgp or gpg)! > > $ which gpg > > /usr/bin/gpg > > The test for gpg is: > > if [ \( -n "$GNUPGHOME" -a -e "$GNUPGHOME" \) -o -e $HOME/.gnupg ] && \ > command -v gpg > /dev/null 2>&1; then > > The result of your moving ~/.gnupg is that the first part of the test > fails, so gpg is assumed not to be present.
This appears to be a check for giving preference to gpg over pgp, but is it really necessary to even consider pgp? According to archive.debian.net, there hasn't ever been a package providing a pgp binary and the debian-keyring NEWS mentions that as of Dec. 2010 Debian doesn't use PGP keys anywhere anymore. I think changing it to check for the gpg or gpg2 commands only (no directory or environment variables) and providing an appropriate error message would be a good change. -- James GPG Key: 1024D/61326D40 2003-09-02 James Vega <[email protected]>
signature.asc
Description: Digital signature
