Bug#778723: uscan: non detached signatures
Osamu Aoki
osamu at debian.org
Sat Sep 26 12:53:38 UTC 2015
Hi,
Let's talk about https://bugs.debian.org/778723
It took me a while to understand your wish.
This is about getting a source from
http://mirror.kolabsys.com/pub/releases/
There, the upstream releases libkolabxml-1.1.0.tar.gz a usual and there
is libkolabxml-1.1.0.tar.gz.gpg next to it. But
libkolabxml-1.1.0.tar.gz.gpg is not the small normal signature file
which can be handled by gpgv but the one which requires --decrypt issued
from gpg or gpg2. (gpgv does not seem to support it.)
So what is needed seems to be:
* Add dependency to gnupg|gnupg2 as suggest
* Add option: opts="pgpmode=self" (there is a place holder now.)
* Check availability of /usr/bin/gpg or /usr/bin/gpg2 if pgpmode=self
* match pattern to look for libkolabxml-([\d.]+)\.tar\.(?:gz|xz)\.gpg
in http://mirror.kolabsys.com/pub/releases/
* download the latest libkolabxml-1.1.1.tar.gz.gpg if it is now.
* run the following to see if authentic and get the tarball
F=libkolabxml-1.1.1.tar.gz && gpg -o ${F%.gpg} --decrypt $F
* Ensure to find generated file ${F%.gpg} (or ${F%.asc} ...) and
run mk-origtargz to get libkolabxml_1.1.1.orog.tar.gz from it.
Is this what you wish? If so this is very simple and will be added to
a multitar branch commit in near future.
Regards,
Osamu
More information about the devscripts-devel
mailing list