Bug#866998: pgpmode=next/previous not working as expected?
James McCoy
jamessan at debian.org
Tue Jul 4 17:44:49 UTC 2017
On Mon, Jul 03, 2017 at 12:34:58PM +0200, Laurent Bigonville wrote:
> With the following debian/watch file, it cannot verify the signature of
> the tarball:
>
> version=4
> opts="pgpmode=next" \
> https://red.libssh.org/projects/libssh/files \
> /attachments/download/(?:\d+)/libssh- at ANY_VERSION@@ARCHIVE_EXT@ debian
> opts="pgpmode=previous" \
> https://red.libssh.org/projects/libssh/files \
> /attachments/download/(?:\d+)/libssh- at ANY_VERSION@.tar.asc previous
>
> I get the following output:
>
> bigon at valinor:~/Development/Debian/libssh [git: debian]$ LC_ALL=C uscan --destdir ../tarballs
> uscan: Newest version of libssh on remote site is 0.7.5, local version is 0.7.3
> uscan: => Newer package available from
> https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
> dpkg: error: version '1:-0' has bad syntax: version number is empty
> dpkg: error: version '1:-0' has bad syntax: version number is empty
These syntax errors are fixed in git.
> uscan: Newest version of libssh on remote site is 0.7.5, specified download version is 0.7.5
> gpgv: Signature made Thu Apr 13 16:35:40 2017 CEST
> gpgv: using RSA key 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
> gpgv: BAD signature from "Andreas Schneider <asn at cryptomilk.org>"
> uscan warn: OpenPGP signature did not verify.
I saw this as well. You should rename debian/upstream-signing-key.pgp
to debian/upstream/signing-key.asc. First, the preferred location is
under debian/upstream. Second, your file is armored so it should use
the asc extension instead of the pgp extension.
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
More information about the devscripts-devel
mailing list