Bug#747412: marked as pending
Osamu Aoki
osamu at debian.org
Fri Oct 16 13:08:16 UTC 2015
Hi,
Maybe chencgelog text has room for improvement.... but
On Fri, Oct 16, 2015 at 12:26:47AM +0800, Paul Wise wrote:
> On Thu, 15 Oct 2015 16:07:13 +0000 Osamu Aoki wrote:
> > + + Add the --overwrite-download, --skip-signature, and similar options
> > + to reorganize behavior around existing downloaded files.
> > + (Closes: #532182, #740366, #747412)
>
> None of the new options seem to be relevant to #747412, removed pending.
You requested
uscan: option to verify current upstream tarball
Doesn't the following look like what you requested
$ uscan --download-current-version --nodownload --signature
uscan: uscan (version 2.15.9+multitar1) See uscan(1) for help
uscan: Scan watch files in .
uscan: ./debian/changelog sets package="coreutils" version="8.23"
uscan: Newest version on remote site is 8.23, specified download version is 8.23
gpgv: Signature made Sat 19 Jul 2014 08:07:15 AM JST using RSA key ID 306037D9
gpgv: Good signature from "Pádraig Brady <P at draigBrady.com>"
gpgv: aka "Pádraig Brady <pbrady at redhat.com>"
gpgv: aka "Pádraig Brady <pixelbeat at gnu.org>"
uscan: Successfully downloaded package coreutils-8.23.tar.xz
uscan warn: ??? STRANGE ??? uscan log file already exists: ../coreutils_8.23.uscan.log (appending)
uscan: Leaving ../coreutils_8.23.orig.tar.xz where it is.
uscan: Executing user specified script: uupdate -f -b --upstream-version 8.23; output:
uscan: uupdate: You can not execute this from ../coreutils-8.23/.
Here, uscan skips "download" and uses the existing local tarball.
Maybe, adding one option like --stop-after-signature to stop processing after
signature may be a good idea. But this does good job using existing
tarball and do things like uupdate if possible.
For the specific tool just for such functionality, splitting out like
mk-origtargz is the way to go. But the restructuring around download
and sig-check now allows to proceed to sig-check without downloading the
tarball. That is why I closed this. If you have separate bug to have
independent program to check sig only, please file it so.
Osamu
PS: coreutil's current watch file is not good enough. I also added
upstream signature file. If you have suggestion for the good test
package case, let me know.
$ cat debian/watch
version=4
opts="pgpsigurlmangle=s/$/.sig/" \
ftp://ftp.gnu.org/gnu/coreutils/coreutils-([\d+\.]+)\.tar\.(?:gz|bz2|lzma|xz) debian uupdate
More information about the devscripts-devel
mailing list