Hi, Let's talk about https://bugs.debian.org/778723
It took me a while to understand your wish. This is about getting a source from http://mirror.kolabsys.com/pub/releases/ There, the upstream releases libkolabxml-1.1.0.tar.gz a usual and there is libkolabxml-1.1.0.tar.gz.gpg next to it. But libkolabxml-1.1.0.tar.gz.gpg is not the small normal signature file which can be handled by gpgv but the one which requires --decrypt issued from gpg or gpg2. (gpgv does not seem to support it.) So what is needed seems to be: * Add dependency to gnupg|gnupg2 as suggest * Add option: opts="pgpmode=self" (there is a place holder now.) * Check availability of /usr/bin/gpg or /usr/bin/gpg2 if pgpmode=self * match pattern to look for libkolabxml-([\d.]+)\.tar\.(?:gz|xz)\.gpg in http://mirror.kolabsys.com/pub/releases/ * download the latest libkolabxml-1.1.1.tar.gz.gpg if it is now. * run the following to see if authentic and get the tarball F=libkolabxml-1.1.1.tar.gz && gpg -o ${F%.gpg} --decrypt $F * Ensure to find generated file ${F%.gpg} (or ${F%.asc} ...) and run mk-origtargz to get libkolabxml_1.1.1.orog.tar.gz from it. Is this what you wish? If so this is very simple and will be added to a multitar branch commit in near future. Regards, Osamu
