Bug#727096: uscan: store signature for upstream tarball in debian/
Sven Joachim
svenjoac at gmx.de
Wed Jul 26 18:19:30 UTC 2017
On 2016-04-12 09:19 +0200, Ansgar Burchardt wrote:
> Paul Wise <pabs at debian.org> writes:
>> On Tue, 22 Oct 2013 10:42:51 +0200 Ansgar Burchardt wrote:
>>> uscan would store the signature for the upstream tarball as
>>> obtained via pgpsigurlmangle=... in the debian/ directory
>>
>> ISTR another idea was to place the upstream signature alongside the
>> upstream tarball instead of inside the debian/ directory.
>>
>> foo_0.1.2.orig.tar.gz
>> foo_0.1.2.orig.tar.gz.<fingerprint>.asc
>>
>> AFAIR, there was some work in dak done already to allow this?
>
> Yes, but there was a bug and I somehow forgot about the patches in
> #759401 that Guillem Jover provided. So dak should now accept upstream
> signatures, dpkg in stable should ignore them (but not throw an error)
> and dpkg in unstable/testing will hopefully start to include them in the
> source package (.dsc) soon.
>
> For a given upstream tarball the upstream signature should go in a file
> with the extension `.asc`. For example, for
> dune-common_2.4.1.orig.tar.xz
> the signature should be in
> dune-common_2.4.1.orig.tar.xz.asc
FWIW, lintian 2.5.52 throws an error
("orig-tarball-missing-upstream-signature") if the file is not there.
> It should be safe for uscan to already create this file: older versions
> of dpkg should just ignore it.
Uscan already stores the upstream signature, albeit under a different
filename ending in .pgp. All it needs to do is to create a link for it
under the name that dpkg-source and lintian expect (unless the upstream
tarball needs to be repacked, that is).
Cheers,
Sven
More information about the devscripts-devel
mailing list