Your message dated Wed, 04 Jun 2025 23:19:03 +0000
with message-id <e1umxnv-006beq...@fasolo.debian.org>
and subject line Bug#1106148: fixed in dpkg 1.22.20
has caused the Debian Bug report #1106148,
regarding dpkg-dev: dpkg-source -x: please fix 'sqv' support
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1106148: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106148
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dpkg-dev
Version: 1.22.19
Severity: normal
X-Debbugs-Cc: martin-eric.rac...@iki.fi
Now that APT pulls 'sqv' in, dpkg-source seemingly no longer knows how to check
signatures:
--------------------------------------------------
$ dpkg-source -x ~/Projects/Salsa/upgrade-system_1.9.8.dsc
error: the following required arguments were not provided:
--keyring <FILE>
Usage: sqv --keyring <FILE> --cleartext --output <FILE> <FILE>
For more information, try '--help'.
dpkg-source: warning: cannot verify inline signature for
/home/perkelix/Projects/Salsa/upgrade-system_1.9.8.dsc: no acceptable signature
found
dpkg-source: info: extracting upgrade-system in upgrade-system-1.9.8
dpkg-source: info: unpacking upgrade-system_1.9.8.tar.xz
--------------------------------------------------
I cannot help but wonder why 'sqv' insists on getting told which keyring to
use. gpgv was perfectly capable of using all available keyrings.
Anyhow, until this has been fixed, the primary signature verification method
fails on Trixie.
Martin-Éric
-- System Information:
Debian Release: 13.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: i386 (x86_64)
Kernel: Linux 6.12.22+bpo-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dpkg-dev depends on:
ii binutils 2.44-3
ii bzip2 1.0.8-6
ii libdpkg-perl 1.22.19
ii make 4.4.1-2
ii patch 2.8-1
ii perl 5.40.1-3
ii tar 1.35+dfsg-3.1
ii xz-utils 5.8.1-1
Versions of packages dpkg-dev recommends:
ii build-essential 12.12
ii fakeroot 1.37.1.2-1
ii gcc [c-compiler] 4:14.2.0-1
ii gcc-14 [c-compiler] 14.2.0-19
ii gnupg 2.4.7-19
ii gpgv 2.4.7-19
ii libalgorithm-merge-perl 0.08-5
ii sq 1.3.1-2+b1
ii sqv 1.3.0-2
Versions of packages dpkg-dev suggests:
pn debian-keyring <none>
pn debian-tag2upload-keyring <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: dpkg
Source-Version: 1.22.20
Done: Guillem Jover <guil...@debian.org>
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1106...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <guil...@debian.org> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 04 Jun 2025 02:12:28 +0200
Source: dpkg
Architecture: source
Version: 1.22.20
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <debian-d...@lists.debian.org>
Changed-By: Guillem Jover <guil...@debian.org>
Closes: 1106148
Changes:
dpkg (1.22.20) unstable; urgency=medium
.
[ Guillem Jover ]
* Perl modules:
- Dpkg::OpenPGP::Backend::Sequoia: Do not run sq/sqv to verify with no
keyrings. Closes: #1106148
- Dpkg::OpenPGP::Backend::Sequoia: Run sq in stateless mode for
verification. Suggested by Neal H. Walfield <n...@sequoia-pgp.org>.
* Localization:
- Update Catalan translations.
- Update German scripts translation.
Thanks to Helge Kreutzmann <deb...@helgefjell.de>.
- Update Portuguese scripts translation.
- Update Swedish scripts translation.
Checksums-Sha1:
63deb735cb2e9b0c2f867c3bb36cbb7187ba5d41 3449 dpkg_1.22.20.dsc
6f13f5aa73bc360c850b11a277f413d7fcdd4253 5741308 dpkg_1.22.20.tar.xz
e75119662bc9d9d3a1606137e5fd5537c93114d4 8081 dpkg_1.22.20_amd64.buildinfo
Checksums-Sha256:
507420a03f1d2504c94af875be6f6fc5cb072bdacf41bbecdafe3cf6cd938846 3449
dpkg_1.22.20.dsc
f21bd89cca601500a7ecc446160be72413d822fe09b4ea155c9593b46321d5e4 5741308
dpkg_1.22.20.tar.xz
39d662287e17de7e1a76b151ea26949dd8b12d25271706cd956c23924449c655 8081
dpkg_1.22.20_amd64.buildinfo
Files:
14fac6f8b008b322cb93d975395ee2e4 3449 admin required dpkg_1.22.20.dsc
30f5cf990cac27538720275908cd90a6 5741308 admin required dpkg_1.22.20.tar.xz
95f6a40647cd93ace52396d046405e67 8081 admin required
dpkg_1.22.20_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJoP5OfCRC5cr8+pK5Xo0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmcXYWO534uqoCj9Ga2aYLTUsdIYibQl1ORbebq1YroK
UhYhBE8+dPQ2BQwQ9WlldLlyvz6krlejAAAqRxAA6R2eBgVnSFW/0u9kK9NPKxzB
VWjy+CNTBU6IOcCQOEFlJoL38H8b0IeR4x7YmlZ0QW+OTYNGFHt7Jl52X+t3QkT9
+6Yu5BgL5J/HmJnVmEL6ZP2rjTKa/MGIgmZpQaACTiE17ahaIYIFZhZsJ4EmGXz+
T2fNix1kPBtIF9emUCuZs39d/0yQTHL0JA0gqqOvJ7/MpAHYbEhq5np4G1iJZpuk
DO/aTf47AwMT6HjH8mq2YebH7Qdrth1WZzpJ0G3utJe1hlcuuUSZJg2FMxWHBYWB
hAN1BA3imYfUVJqlr5HlPMpud383G7PAcP/e/ol5PEeyFH7mjZ85/nAygtLX3U3I
az4tEjTz5S1cC6JzE/3XrBu2AHQWFNkeQZ3VLMPgB3xVVJPjx+cRQOXVRQ4xiLzg
XBl3A+wkgsbtWXQoTt1APO6zli4id4mTnxinwjo/oC1MRrZha4a8wENQsdNH8X0f
yHtute/Di1DPIljjcdnpbWx/Cs7d1AP3626lNKyy3yLQNbM4dC1MH2vEUfKQF0P0
4tqootIbcGC0d3gVq/DLXZ6f0jjQV4WEjDnEtzafFhcr4+SDxy/CjDx2fE+b7H3C
CEAL1ZlD+QqVQUPejjFJ7JF2TPSK7n8QdBvVGwm+P8ysAEmRA6ZuMVUMYxTRczSP
STVFm/tob4EgCJ0W/Ls=
=N4yT
-----END PGP SIGNATURE-----
pgpu1OY6fqbgG.pgp
Description: PGP signature
--- End Message ---
