Bug#866998: pgpmode=next/previous not working as expected?

James McCoy jamessan at debian.org
Tue Jul 4 17:44:49 UTC 2017


On Mon, Jul 03, 2017 at 12:34:58PM +0200, Laurent Bigonville wrote:
> With the following debian/watch file, it cannot verify the signature of
> the tarball:
> 
> version=4
> opts="pgpmode=next" \
> https://red.libssh.org/projects/libssh/files \
>     /attachments/download/(?:\d+)/libssh- at ANY_VERSION@@ARCHIVE_EXT@ debian
> opts="pgpmode=previous" \
> https://red.libssh.org/projects/libssh/files \
>     /attachments/download/(?:\d+)/libssh- at ANY_VERSION@.tar.asc previous
> 
> I get the following output:
> 
> bigon at valinor:~/Development/Debian/libssh [git: debian]$ LC_ALL=C uscan --destdir ../tarballs  
> uscan: Newest version of libssh on remote site is 0.7.5, local version is 0.7.3
> uscan:    => Newer package available from
>       https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
> dpkg: error: version '1:-0' has bad syntax: version number is empty
> dpkg: error: version '1:-0' has bad syntax: version number is empty

These syntax errors are fixed in git.

> uscan: Newest version of libssh on remote site is 0.7.5, specified download version is 0.7.5
> gpgv: Signature made Thu Apr 13 16:35:40 2017 CEST
> gpgv:                using RSA key 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
> gpgv: BAD signature from "Andreas Schneider <asn at cryptomilk.org>"
> uscan warn: OpenPGP signature did not verify.

I saw this as well.  You should rename debian/upstream-signing-key.pgp
to debian/upstream/signing-key.asc.  First, the preferred location is
under debian/upstream.  Second, your file is armored so it should use
the asc extension instead of the pgp extension.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB



More information about the devscripts-devel mailing list