Bug#833012: uscan: don't look for OpenPGP signatures by appending .asc to a query string
Sean Whitton
spwhitton at spwhitton.name
Sat Jul 30 21:01:51 UTC 2016
Package: devscripts
Version: 2.16.6
Severity: normal
Dear maintainers,
uscan tries appending .asc to the tarball download URI. If that returns
HTTP 200, it will say something like this:
> uscan warn: Possible OpenPGP signature found at:
> https://addons.mozilla.org/firefox/downloads/file/423258/self_destructing_cookies-0.4.10-an+fx.xpi?src=version-history.asc.
> Please consider adding opts=pgpsigurlmangle=s/$/.asc/
> to debian/watch. see uscan(1) for more details.
However, as can be seen from this example, uscan has appended .asc to
the query string i.e. the part of the URI after the final '?'
character. It is highly unlikely that this will ever be a real
signature file.
uscan should, in this kind of case, try the following URI:
https://addons.mozilla.org/firefox/downloads/file/423258/self_destructing_cookies-0.4.10-an+fx.xpi.asc?src=version-history
i.e. append the .asc to the part of the URI before the query string.
Thanks!
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
DEBCHANGE_FORCE_SAVE_ON_RELEASE=no
DEBRELEASE_UPLOADER=dput
DEBSIGN_KEYID=0x0F56D0553B6D411B
DEB_SIGN_KEYID=0x0F56D0553B6D411B
DEBSIGN_PROGRAM=gpg
RMADISON_DEFAULT_URL=debian,ubuntu
DSCVERIFY_KEYRINGS=~/.gnupg/pubring.gpg
DEBUILD_DPKG_BUILDPACKAGE_OPTS="-us -uc"
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: i386 (i686)
Kernel: Linux 4.5.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.9
ii libc6 2.23-2
ii perl 5.22.2-3
pn python3:any <none>
Versions of packages devscripts recommends:
ii apt 1.3~pre2
ii at 3.1.20-1
ii curl 7.47.0-1
ii dctrl-tools 2.24-2
ii debian-keyring 2016.07.02
ii dput 0.9.6.4
ii equivs 2.0.9+nmu1
ii fakeroot 1.21-1
ii file 1:5.28-2
ii gnupg 1.4.20-6
ii gnupg2 2.1.11-7
ii libdistro-info-perl 0.14
ii libencode-locale-perl 1.05-1
ii liblwp-protocol-https-perl 6.06-2
ii libsoap-lite-perl 1.20-1
ii liburi-perl 1.71-1
ii libwww-perl 6.15-1
ii licensecheck 3.0.1-1
ii lintian 2.5.45
ii man-db 2.7.5-1
ii patch 2.7.5-1
ii patchutils 0.3.4-1
ii python3-debian 0.1.28
ii python3-magic 1:5.28-2
ii sensible-utils 0.0.9
ii strace 4.12-3
ii unzip 6.0-20
ii wdiff 1.2.2-1+b1
ii wget 1.18-2
ii xz-utils 5.1.1alpha+20120614-2.1
Versions of packages devscripts suggests:
pn bsd-mailx | mailx <none>
ii build-essential 12.2
pn cvs-buildpackage <none>
pn devscripts-el <none>
pn diffoscope <none>
pn dose-extra <none>
pn gnuplot <none>
ii gpgv 1.4.20-6
ii libauthen-sasl-perl 2.1600-1
ii libfile-desktopentry-perl 0.22-1
ii libnet-smtp-ssl-perl 1.03-1
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
ii mozilla-devscripts 0.47
ii mutt 1.6.0-1
ii openssh-client [ssh-client] 1:7.2p2-7
ii svn-buildpackage 0.8.6
ii w3m 0.5.3-29
-- no debconf information
--
Sean Whitton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20160730/5b192fea/attachment.sig>
More information about the devscripts-devel
mailing list