Bug#727096: uscan: store signature for upstream tarball in debian/
Ansgar Burchardt
ansgar at debian.org
Tue Apr 12 07:19:41 UTC 2016
Paul Wise <pabs at debian.org> writes:
> On Tue, 22 Oct 2013 10:42:51 +0200 Ansgar Burchardt wrote:
>> uscan would store the signature for the upstream tarball as
>> obtained via pgpsigurlmangle=... in the debian/ directory
>
> ISTR another idea was to place the upstream signature alongside the
> upstream tarball instead of inside the debian/ directory.
>
> foo_0.1.2.orig.tar.gz
> foo_0.1.2.orig.tar.gz.<fingerprint>.asc
>
> AFAIR, there was some work in dak done already to allow this?
Yes, but there was a bug and I somehow forgot about the patches in
#759401 that Guillem Jover provided. So dak should now accept upstream
signatures, dpkg in stable should ignore them (but not throw an error)
and dpkg in unstable/testing will hopefully start to include them in the
source package (.dsc) soon.
For a given upstream tarball the upstream signature should go in a file
with the extension `.asc`. For example, for
dune-common_2.4.1.orig.tar.xz
the signature should be in
dune-common_2.4.1.orig.tar.xz.asc
It should be safe for uscan to already create this file: older versions
of dpkg should just ignore it.
Ansgar
More information about the devscripts-devel
mailing list