Bug#888046: devscripts: Support signatures against uncompressed tarballs
Vagrant Cascadian
vagrant at debian.org
Mon Jan 22 21:24:20 UTC 2018
Package: devscripts
Version: 2.17.12~bpo9+1
Severity: wishlist
File: /usr/bin/uscan
There are a number of projects hosted at kernel.org that use the
kup-client utility to handle uploads. While it may upload a signature to
verify the uploaded tarballs, those signatures are against the
uncompressed tarball, rather than the compressed tarballs.
For example, for dtc version 1.4.6, there is:
https://www.kernel.org/pub/software/utils/dtc/
dtc-1.4.6.tar.gz
dtc-1.4.6.tar.sign
dtc-1.4.6.tar.xz
I can download either .tar.gz or .tar.xz, decompress them, and then use
the .tar.sign to verify it, but I don't see any obvious way to do this
From debian/watch.
I'm also not sure the Debian archive supports uploading a signature file
against a file that isn't included in the distribution, so maybe this
isn't really an issue worth handling in uscan...
live well,
vagrant
-- Package-specific info:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20180122/d5e6c780/attachment.ksh>
-------------- next part --------------
-- System Information:
Debian Release: 9.3
APT prefers stable
APT policy: (500, 'stable'), (210, 'proposed-updates'), (120, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf, arm64
Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.24
ii libc6 2.24-11+deb9u1
ii libfile-homedir-perl 1.00-1
ii perl 5.24.1-3+deb9u2
ii python3 3.5.3-1
ii sensible-utils 0.0.9+deb9u1
Versions of packages devscripts recommends:
ii apt 1.4.8
ii at 3.1.20-3
ii curl 7.52.1-5+deb9u3
ii dctrl-tools 2.24-2+b1
ii debian-keyring 2017.11.24
ii dput-ng [dput] 1.13
ii equivs 2.0.9+nmu1
ii fakeroot 1.21-3.1
ii file 1:5.30-1+deb9u1
ii gnupg 2.1.18-8~deb9u1
ii gnupg2 2.1.18-8~deb9u1
ii libdistro-info-perl 0.14
ii libdpkg-perl 1.18.24
ii libencode-locale-perl 1.05-1
ii libgit-wrapper-perl 0.047-1
ii liblist-compare-perl 0.53-1
ii liblwp-protocol-https-perl 6.06-2
ii libsoap-lite-perl 1.20-1
ii liburi-perl 1.71-1
ii libwww-perl 6.15-1
ii licensecheck 3.0.29-1
ii lintian 2.5.67~bpo9+1
ii man-db 2.7.6.1-2
ii patch 2.7.5-1+b2
ii patchutils 0.3.4-2
ii python3-apt 1.4.0~beta3
ii python3-debian 0.1.30
ii python3-magic 1:5.30-1+deb9u1
ii python3-requests 2.12.4-1
pn python3-unidiff <none>
ii python3-xdg 0.25-4
ii strace 4.15-2
ii unzip 6.0-21
ii wdiff 1.2.2-2
ii wget 1.18-5+deb9u1
ii xz-utils 5.2.2-1.2+b1
Versions of packages devscripts suggests:
pn adequate <none>
ii autopkgtest 4.4
pn bls-standalone <none>
ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-4
ii build-essential 12.3
pn check-all-the-things <none>
pn cvs-buildpackage <none>
pn devscripts-el <none>
pn diffoscope <none>
pn disorderfs <none>
pn dose-extra <none>
pn duck <none>
pn faketime <none>
pn gnuplot <none>
ii gpgv 2.1.18-8~deb9u1
pn how-can-i-help <none>
ii libauthen-sasl-perl 2.1600-1
ii libfile-desktopentry-perl 0.22-1
pn libnet-smtps-perl <none>
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
pn mozilla-devscripts <none>
ii mutt 1.7.2-1
ii openssh-client [ssh-client] 1:7.4p1-10+deb9u2
pn piuparts <none>
pn postgresql-client <none>
ii quilt 0.63-8
pn ratt <none>
pn reprotest <none>
pn svn-buildpackage <none>
ii w3m 0.5.3-34
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20180122/d5e6c780/attachment.sig>
More information about the devscripts-devel
mailing list