Good evening. I am not sure what exactly is happening. Do you have solution? or not.
At least it works here with the URL mentioned. On Wed, Sep 30, 2015 at 03:46:43PM +0200, Sandro Knauß wrote: > Moin, > > it is not working. > > libkolabxml*.tar.gz.pgp is not encrypted it is only verified, thats why I > added the 0001-verify-not-decrypt to uscan. But still it does not work [see > output]. OK. > i also attached the patch for libkolabxml to use the self mode. > > Regards, > > sandro > > > Am Mittwoch, 30. September 2015, 20:27:10 schrieb Osamu Aoki: > > On Tue, Sep 29, 2015 at 01:04:22AM +0200, Sandro Knauß wrote: > > > Moin, > > > > > > > * Add dependency to gnupg|gnupg2 as suggest > > > > * Add option: opts="pgpmode=self" (there is a place holder now.) > > > > * Check availability of /usr/bin/gpg or /usr/bin/gpg2 if pgpmode=self > > > > * match pattern to look for libkolabxml-([\d.]+)\.tar\.(?:gz|xz)\.gpg > > > > > > > > in http://mirror.kolabsys.com/pub/releases/ > > > > > > > > * download the latest libkolabxml-1.1.1.tar.gz.gpg if it is now. > > > > * run the following to see if authentic and get the tarball > > > > > > > > F=libkolabxml-1.1.1.tar.gz && gpg -o ${F%.gpg} --decrypt $F > > > > > > > > * Ensure to find generated file ${F%.gpg} (or ${F%.asc} ...) and > > > > > > > > run mk-origtargz to get libkolabxml_1.1.1.orog.tar.gz from it. > > > > > > > > Is this what you wish? If so this is very simple and will be added to > > > > a multitar branch commit in near future. > > > > > > sounds like that what I had in mind. > > > > It is already committed. Please checkout from git repo. > > > > Osamu > From caf885a7cdb5bc8758b0daf496d737fd3d0478d6 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Sandro=20Knau=C3=9F?= <b...@sandroknauss.de> > Date: Wed, 30 Sep 2015 14:42:52 +0200 > Subject: [PATCH] use pgpmode=self to verify signature ... so you added sig. > +-----END PGP PUBLIC KEY BLOCK----- > diff --git a/debian/watch b/debian/watch > index 9f88268..a27ac44 100644 > --- a/debian/watch > +++ b/debian/watch > @@ -1,2 +1,3 @@ > version=3 > -http://mirror.kolabsys.com/pub/releases/libkolabxml-([0-9\.]+)\.tar\.gz > +opts="pgpmode=self" \ > +http://mirror.kolabsys.com/pub/releases/libkolabxml-([0-9\.]+)\.tar\.gz.gpg I tested on this URL and work. > 2.1.4 > > From ee8b56ba78cc0a1419e0fb6022dc7aff0dff68d8 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Sandro=20Knau=C3=9F?= <m...@sandroknauss.de> > Date: Wed, 30 Sep 2015 14:50:20 +0200 > Subject: [PATCH] verify not decrypt > > --- > scripts/uscan.pl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/scripts/uscan.pl b/scripts/uscan.pl > index 99f90d2..336f117 100755 > --- a/scripts/uscan.pl > +++ b/scripts/uscan.pl > @@ -3084,7 +3084,7 @@ EOF > print "-- Verifying OpenPGP self signature of $sigfile_base and extract > $newfile_base\n" if $verbose; > system($havegpg, '--homedir', $gpghome, > '--no-options', '-q', '--batch', '--no-default-keyring', > - '--keyring', $keyring, '--trust-model', 'always', '--decrypt', > '-o', > + '--keyring', $keyring, '--trust-model', 'always', '--verify', > '-o', But decrypt works here nicely. > "$destdir/$newfile_base", "$destdir/$sigfile_base") >> 8 == 0 > or uscan_die("$progname: OpenPGP signature did not > verify.\n"); > $previousfile_base = undef; > -- > 2.1.4 Please run command under LANG=en_US.UTF-8 Also run with --debug as option. > % ~/git/devscripts/scripts/uscan.pl --force-download --verbose What! Are you running unstable? > -- Scanning for watchfiles in . > -- Found watchfile in ./debian > -- In debian/watch, processing watchfile line: > opts="pgpmode=self" > http://mirror.kolabsys.com/pub/releases/libkolabxml-([0-9\.]+)\.tar\.gz.gpg > Newest version on remote site is 1.1.1, local version is 1.1.1 > => Package is up to date > Newest version on remote site is 1.1.1, local version is 1.1.1 > => Forcing download as requested > -- Downloading updated package libkolabxml-1.1.1.tar.gz.gpg > -- Verifying OpenPGP self signature of libkolabxml-1.1.1.tar.gz.gpg and > extract libkolabxml-1.1.1.tar.gz > gpg: Signature made Fr 31 Jul 2015 10:52:40 CEST using DSA key ID 9342BF08 > gpg: Good signature from "Jeroen van Meeuwen (kanarip) <kana...@kanarip.com>" > [unknown] > gpg: aka "Jeroen van Meeuwen (GMail) <kana...@gmail.com>" > [unknown] > gpg: aka "Jeroen van Meeuwen (OGD) <j.van.meeu...@ogd.nl>" > [unknown] > gpg: aka "Jeroen van Meeuwen (XS4All) <kana...@xs4all.nl>" > [unknown] > gpg: aka "Jeroen van Meeuwen (GameDrome) > <kana...@gamedrome.com>" [unknown] > gpg: aka "Jeroen van Meeuwen (PC Zone Clan) > <kana...@pczone-clan.nl>" [unknown] > gpg: aka "Jeroen van Meeuwen (Fedora Unity) > <kana...@fedoraunity.org>" [unknown] > gpg: aka "Jeroen van Meeuwen (Fedora Project) > <kana...@fedoraproject.org>" [unknown] > gpg: aka "Jeroen van Meeuwen (Kolab Systems) (Kolab Systems > AG) <vanmeeu...@kolabsys.com>" [unknown] > gpg: aka "Jeroen van Meeuwen (Ergo Project) (Ergo Project) > <jeroen.van.meeu...@ergo-project.org>" [unknown] > -- Executing internal command > mk-origtargz --package libkolabxml --version 1.1.1 --compression gzip > --directory .. --copyright-file debian/copyright ../libkolabxml-1.1.1.tar.gz > Could not read ../libkolabxml-1.1.1.tar.gz: Datei oder Verzeichnis nicht > gefunden at /usr/bin/mk-origtargz line 320. You changed to verify. Then no file generated. That is not too surprising. > uscan.pl: Fehler: Fehler-Exitstatus von mk-origtargz --package libkolabxml > --version 1.1.1 --compression gzip --directory .. --copyright-file > debian/copyright ../libkolabxml-1.1.1.tar.gz war 2 google translate: uscan.pl: error: error exit status of mk-origtargz --package libkolabxml --version 1.1.1 --compression gzip --directory .. --copyright-file debian / copyright ../libkolabxml-1.1.1.tar .gz was 2 Anyway,.... $ apt-get source libkolabxml $ mv libkolabxml-1.1.1 libkolabxml ... remove upstream files and add signature $ cd libkolabxml $ uscan --verbose --force-download -- Scanning for watchfiles in . -- Found watchfile in ./debian -- In debian/watch, processing watchfile line: http://mirror.kolabsys.com/pub/releases/libkolabxml-([0-9\.]+)\.tar\.gz Newest version on remote site is 1.1.1, local version is 1.1.1 => Package is up to date Newest version on remote site is 1.1.1, local version is 1.1.1 => Forcing download as requested -- Downloading updated package libkolabxml-1.1.1.tar.gz -- Checking for common possible upstream OpenPGP signatures libkolabxml: Possible OpenPGP signature found at: http://mirror.kolabsys.com/pub/releases/libkolabxml-1.1.1.tar.gz.gpg. Please consider adding opts=pgpsigurlmangle=s/$/.gpg/ to debian/watch. see uscan(1) for more details. -- Executing internal command mk-origtargz --package libkolabxml --version 1.1.1 --compression gzip --directory .. --copyright-file debian/copyright ../libkolabxml-1.1.1.tar.gz -- Successfully downloaded updated package libkolabxml-1.1.1.tar.gz -- Successfully symlinked ../libkolabxml-1.1.1.tar.gz to ../libkolabxml_1.1.1.orig.tar.gz. -- Scan finished Press any key to continue... Please compile whole package using debuild. Otherswise you may be failing with libraries used. Osamu
