Bug#796293: insufficient/confusing documentation for pgpsigurlmangle

Thomas Koch thomas at koch.ro
Fri Aug 21 07:13:02 UTC 2015 

Package: devscripts
Version: 2.15.8~bpo8+1
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

There are a few related shortcomings with the documentation of
pgpsigurlmangle and the related lintian tag
debian-watch-may-check-gpg-signature.

1) The uscan manpage says:
"This signature must be made  by  a  key  found  in  the keyring
debian/upstream/signing-key.pgp  or the armored keyring
debian/upstream/signing-key.asc."
- - What is an armored keyring?
- - Isn't it, that the .asc file is just one public key as produced
by gpg --armor --export $KEYID?
- - Please give an example how to correctly produce this file.
- - How can I produce a keyring .pgp file?
- - Which format should be preferred? I don't like choices.

2) There is no example of a full watch file with a pgpsigurlmangle
option. I needed several tries to get it right because it was the
first time that I had to produce a non trivial watch file with an
option. I believe that many others might be in the same situation.
Please add an example to the uscan manpage or the lintian tag or
both.

3) The lintian tag says:
"verified against a keyring stored in debian/upstream-signing-key.asc"
The manpage does not mention this file. It seems that the code
still uses it, but it is confusing.

4) How about a script, that checks all watch files, tries GET
requests against $URL.sig, $URL.asc and proposes a new watch file
to the maintainer in case it finds something?

Thomas Koch

- -- Package-specific info:

- --- /etc/devscripts.conf ---

- --- ~/.devscripts ---
DEBSIGN_KEYID="042BA65A"
DEBUILD_DPKG_BUILDPACKAGE_OPTS="-i\.git -I.git"
DEBEMAIL="thomas at koch.ro"
DEBFULLNAME="Thomas Koch"
BTS_INTERACTIVE=yes
BTS_DEFAULT_CC="thomas at koch.ro"

- -- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.1.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages devscripts depends on:
ii  dpkg-dev     1.17.25
ii  libc6        2.19-18
ii  perl         5.20.2-3+deb8u1
ii  python3      3.4.2-2
pn  python3:any  <none>

Versions of packages devscripts recommends:
ii  at                          3.1.16-1
ii  curl                        7.38.0-4+deb8u2
ii  dctrl-tools                 2.23
ii  debian-keyring              2015.04.10
ii  dput                        0.9.6.4
ii  equivs                      2.0.9
ii  fakeroot                    1.20.2-1
ii  file                        1:5.22+15-2
ii  gnupg                       1.4.18-7
ii  libdistro-info-perl         0.14
ii  libencode-locale-perl       1.03-1
ii  libjson-perl                2.61-1
ii  liblwp-protocol-https-perl  6.06-2
ii  libsoap-lite-perl           1.11-1
ii  liburi-perl                 1.64-1
ii  libwww-perl                 6.08-1
ii  lintian                     2.5.35~bpo8+1
ii  man-db                      2.7.0.2-5
ii  patch                       2.7.5-1
ii  patchutils                  0.3.3-1
ii  python3-debian              0.1.27
ii  python3-magic               1:5.22+15-2
ii  sensible-utils              0.0.9
ii  strace                      4.9-2
ii  unzip                       6.0-16
ii  wdiff                       1.2.2-1
ii  wget                        1.16-1
ii  xz-utils                    5.1.1alpha+20120614-2+b3

Versions of packages devscripts suggests:
ii  bsd-mailx [mailx]            8.1.2-0.20141216cvs-2
ii  build-essential              11.7
pn  cvs-buildpackage             <none>
pn  debbindiff                   <none>
ii  devscripts-el                35.12
ii  gnuplot                      4.6.6-2
ii  gpgv                         1.4.18-7
ii  libauthen-sasl-perl          2.1600-1
ii  libfile-desktopentry-perl    0.07-1
ii  libnet-smtp-ssl-perl         1.01-3
pn  libterm-size-perl            <none>
ii  libtimedate-perl             2.3000-2
pn  libyaml-syck-perl            <none>
ii  mutt                         1.5.23-3
ii  openssh-client [ssh-client]  1:6.7p1-5
pn  svn-buildpackage             <none>
ii  w3m                          0.5.3-19

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV1s9+AAoJEAf8SJEEK6Za6PkP/3TiZFiDqh8XFe5h6ycs7NtC
7YlVkoZAQ6LHzH4qFJo3xmnjSdMtX+t8f0uyAUijCIVKR0eFFl+IhcymzhMuHZve
ddU8UouXZWm4jkUfXluyoJkHJkEWri90nZaq1F6iCMmJCljKVK0J4XZP4OJlZZ3k
6ka26KBkDp+wTTAPUWrRDckYsxMN60mOo+2OAGm+Gmyg5/QKcdf/VoKUWnLBt1ak
/l7uRSRd422CWDOqQJX1MpPM5nz65f16S1+AEWtkMnq3BxrfFKkudD26dam+lnLo
en1V6Ia1/uMS1/jgzrJsxpGn6kHrSVQkqcKRco+5yiGRYylvcQG237Gh04LAiCO2
IctQCtG05mGUPKBR44PMULgal18JkAwgZB5Ty9z+hNugiOGsuQOIV9u8MdKs1ll6
nqT+QzlttS1nFeHtB39RfNHF319DDsE5Wfuh3GZdi0sRXPUdncY7tncqJ3AVRQUx
475LdfmkRh81IMoKaFbJy3MayVAbT2LOtsU2+SJlzRJtueVyTukuBUR0vkflPB2d
JPFJW8UgG6v2sLZu9f11nsh60MkugO1iDfcO+HRXXSZQ47Noyr7YPqzdAs0dzJNH
XQBYLv7tNs1g0v4I2CnY3zCr+TLk0gTdidisvKINWwy7uXUkho0nwFJuYYcGzn3l
oEKKgNOqWP5OshvrK1dt
=puBp
-----END PGP SIGNATURE-----

More information about the devscripts-devel mailing list