[Pkg-rust-maintainers] Bug#1088973: uscan orig tarball signature verification fails with gpg-from-sq
Aurélien COUDERC
coucouf at debian.org
Tue Dec 17 17:30:56 GMT 2024
Le mardi 17 décembre 2024, 16:44:57 UTC+1 Holger Levsen a écrit :
> control: tags -1 + moreinfo
> thanks
>
> Hi Aurélien,
Dear Holger,
> thanks for the bug report!
>
> On Tue, Dec 03, 2024 at 04:20:09PM +0100, Aurélien COUDERC wrote:
> > installing gpg-from-sq makes some upstream tarball signature
> > verifications fail while using uscan.
> > 1. Install gpg-from-sq
> > 2. Clone breeze-grub repo [1]
> > 3. Run uscan:
>
> can you retry with latest uscan from devscripts in unstable?
>
> AFAIK it's fixed there.
Yes it is !
And for the record the upstream signature file had an issue that I had missed earlier and the new versions of the tools raised immediately :
uscan warn: Found multiple concatenated ASCII Armor blocks in
debian/upstream/signing-key.asc, which is not an interoperable construct.
See <https://tests.sequoia-pgp.org/results.html#ASCII_Armor>.
Please concatenate them into a single ASCII Armor block. For example:
sq keyring merge --overwrite --output debian/upstream/signing-key.asc \
debian/upstream/signing-key.asc
All the best,
--
Aurélien
More information about the Pkg-rust-maintainers
mailing list