Bug#812860: /usr/bin/uscan: [uscan] failure to download and verify package.tar.xz with package.sign
Osamu Aoki
osamu at debian.org
Thu Jan 28 15:49:58 UTC 2016
Hi,
On Wed, Jan 27, 2016 at 11:36:52AM +0100, Uwe Kleine-König wrote:
> Package: devscripts
> Version: 2.15.10
> Severity: normal
> File: /usr/bin/uscan
> Control: user adn+deb at diwi.org
> Control: usertag -1 + uscan
>
> Hello,
>
> I started experimenting with uscan's pgp mechanism to verfiy the
> signature of rt-tests. You can reproduce my tests using:
>
> debcheckout rt-tests
> cd rt-tests
> echo > debian/watch 'version=4'
> echo >> debian/watch
> echo >> debian/watch 'opts="pgpsigurlmangle=s%.xz$%.sign%, decompress" \'
> echo >> debian/watch 'http://www.kernel.org/pub/linux/utils/rt-tests/rt-tests-(.*)\.tar\.xz'
...
> where the problem seems to be that uscan decompresses the archive but in
> the same go removes the tar.xz for mk-origtargz.
>
> Without decompress in the options the signature verification obviously
> fails.
You are right. uscan should keep the compressed file when decompressing
it for the signature verification.
> Is this just me using uscan in a wrong way, or is there something fishy
> with uscan? In the first case an example would be great.
No it is uscan problem I created.
Osamu
More information about the devscripts-devel
mailing list