Hi! On Thu, 2025-05-15 at 23:02:56 +0200, Guillem Jover wrote: > On Thu, 2025-05-15 at 20:55:30 +0200, Paul Gevers wrote: > > On 15-05-2025 19:00, Guillem Jover wrote: > > > > Ack, but please (for avoidance of any trouble) only upload after the > > > > debian-installer RC1 has been released, which will be announced on > > > > d-d-a. > > > > > > Perfect thanks! Ah, and also thanks for the explicit note, it was not > > > entirely clear to me from the announcement, as that only mentioned > > > udeb-producing packages, which dpkg is not. I'll wait until the > > > release has happened. > > > > I don't think dpkg is involved, but I'd rather be safe then sorry. > > Sure, no problem.
I've just uploaded it now. > > > > While reviewing I spotted the following, it seems like this might > > > > now be obsolete in the Breaks: > > > > # Uses new sq features, w/o requiring a hard dependency on sq. > > > > sq (<< 0.40.0~), > > > > > > In stable/bookworm sq is currently at 0.27.0-2+b1, so to avoid > > > breakage during partial upgrades it seems to me that's still relevant, > > > but perhaps you were thinking about sqv which in stable/bookworm > > > is currently at 1.1.0-1+b5? Or perhaps something else? > > > > I was more thinking that dpkg now doesn't drive sq anymore (as it's > > not in the list of Depends) so I'd expect an older version of that > > wouldn't matter. But reading the diff again, I see that > > `DEFAULT_CMD` still points at sq, so I guess the code to drive sq is > > still there. Or did I still misread the diff? Or perhaps something > > else? > > Ah. The OpenPGP backends can support a "full" (in terms of what dpkg > needs) OpenPGP implementation that can sign, verify, etc, (for the Sequoia > backend that would be «sq»), or a "verification-only" implementation > (for the Sequoia backend that would now be «sqv»). The users of the > API can request whether the latter is enough for their use (such as > dpkg-source), and then the auto-detection code will try to find a > backend that has a suitable command available. > > sq is still in the list of Recommends/Suggests for the "full" > implementation alternatives. sqv is now in the alternatives for the > "verification-only" implementations (where in case an implementation > does not have a matching "verification-only" command the one providing > the "full" one is listed instead). > > Hope that clarifies. :) I took the liberty (given the nature of the change) and ended up adding a couple of comments trying to clarify the above in the debian/control file, patch attached, hope that's fine! Thanks, Guillem
From f089a3c89956e5a1ff2b96361c4e0201c27d598b Mon Sep 17 00:00:00 2001 From: Guillem Jover <guil...@debian.org> Date: Sun, 18 May 2025 23:33:30 +0200 Subject: [PATCH] debian: Document OpenPGP implementation dependencies Clarify that the ones are for full implementations, and the others are for at least verification-only implementations. Prompted-by: Paul Gevers <elb...@debian.org> --- debian/control | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/debian/control b/debian/control index 429a438e6..9e15c9bb4 100644 --- a/debian/control +++ b/debian/control @@ -131,7 +131,9 @@ Recommends: build-essential, gcc | c-compiler, fakeroot, +# OpenPGP implementations providing full support. sq | sqop | rsop | gosop | pgpainless-cli | gpg-sq | gnupg, +# OpenPGP implementations providing at least verification-only support. sqv | sqopv | rsopv | sopv | gosop | pgpainless-cli | gpgv-sq | gpgv, # Used by dpkg-mergechangelogs. libalgorithm-merge-perl, @@ -185,7 +187,9 @@ Recommends: Suggests: debian-keyring, debian-tag2upload-keyring, +# OpenPGP implementations providing full support. sq | sqop | rsop | gosop | pgpainless-cli | gpg-sq | gnupg, +# OpenPGP implementations providing at least verification-only support. sqv | sqopv | rsopv | sopv | gosop | pgpainless-cli | gpgv-sq | gpgv, gcc | c-compiler, binutils, -- 2.49.0
