#237216 dpkg-dev: dpkg-genchanges can't PGP sign anymore

Package:
pgpgpg
Source:
pgpgpg
Description:
Wrapper for using GnuPG in programs designed for PGP
Submitter:
Paul Seelig
Date:
2025-08-17 17:47:13 UTC
Severity:
important
Tags:
#237216#5
Date:
2004-03-10 11:49:22 UTC
From:
To:
This is what i get repeatedly when executing dpkg-buildpackage on various
packages:

Enter pass phrase:
Pass phrase is good.  Just a moment....
 dpkg-genchanges
 dpkg-genchanges: error: syntax error in source control file ../ethiop_0.7-8.dsc at line 31: expected PGP signature, found something else `'
------- snip -------------

Downgrading to dpkg-dev version 1.10.18.1 (at least temporarily) solved
this problem for me. Seems like the fix for #232916 (which never has been a
problem in my environment) actually made things worse...
#237216#10
Date:
2004-03-10 12:29:34 UTC
From:
To:
What version of PGP are you using?  Javier, what version of PGP are
*you* using?

Can you two fight it out and decide whether that blank line is needed
there or not? :-)

Scott
#237216#15
Date:
2004-03-10 12:34:26 UTC
From:
To:
package dpkg-dev
severity 237216 important
thanks
You misinterpret the severity levels.

    grave
	makes the package in question unusable or mostly so, or causes
	data loss, or introduces a security hole allowing access to the
	accounts of users who use the package.

This does not render the package unusable, or mostly unusable.  The vast
majority of users use GPG to sign their packages, and according to
Javier, the fix is required for at least some versions of PGP.

    important
	a bug which has a major effect on the usability of a package,
	without rendering it completely unusable to everyone.

However, it does have a major effect on the usability of the package
(for *some* PGP users) without rendering it completely unusable to
everyone (you can use GPG instead, or the same version of PGP as
Javier).


I am downgrading this bug accordingly.

Thanks,

Scott
#237216#20
Date:
2004-03-10 12:37:52 UTC
From:
To:
I'm using "ii pgp-i 2.6.3a-7 Public key encryption system (International)"
according to dpkg.

------- snip -------------
[pseelig]~ > pgp
Pretty Good Privacy(tm) 2.6.3ia - Public-key encryption for the masses.
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-03-04
International version - not for use in the USA. Does not use RSAREF.
Current time: 2004/03/10 12:31 GMT
------- snip -------------
Sorry, but i can be of no help here.
                                      Thanks, P. *8^)
#237216#27
Date:
2004-03-10 22:58:28 UTC
From:
To:
$ dpkg --status pgp
Package: pgp
Status: install ok installed
Priority: optional
Section: non-US/non-free
Installed-Size: 632
Maintainer: Richard Braakman <dark@xs4all.nl>
Version: 2.6.3a-9
Replaces: pgp-i, pgp-us
Depends: libc6 (>= 2.2.1)

But then I realised:

$ ls -la /usr/bin/pgp
lrwxrwxrwx    1 root     root           21 2004-02-06 18:52 /usr/bin/pgp ->
/etc/alternatives/pgp
$ ls -la /usr/bin/pgpgpg
-rwxr-xr-x    1 root     root        19268 2004-01-20 09:53 /usr/bin/pgpgpg
$ dpkg --status pgpgpg
Package: pgpgpg
Status: install ok installed
Priority: optional
Section: non-US
Installed-Size: 92
Maintainer: Pawel Wiecek <coven@debian.org>
Version: 0.13-6
Provides: pgp
Depends: libc6 (>= 2.3.2.ds1-4), gnupg
Description: Wrapper for using GnuPG in programs designed for PGP
 Pgpgpg is a wrapper around Gnu Privacy Guard which takes PGP 2.6
 command line options, translate them and then call GnuPG (Gnu Privacy
 Guard) to perform the desired action.

So maybe this is a bug in pgpgpg and the fix should be reverted.
I missed this because pgpgpg did not conflict with pgp (see bug #236195)

1.- reassign the bug to pgpgpg and revert my patch

2.- have dpkg-buildpackage handle a _third_ method which is similar to
gnupg's but when pgpgpg is installed (i.e. /etc/alternatives/pgp exists).
Maybe changing:
        if test "$signinterface" = "gpg" ; then
		[GPG stuff]
	else
		[PGP stuff]
	fi
to:
        if test "$signinterface" = "gpg" ; then
		[GPG stuff]
	elsif test -e /etc/alternatives/pgp; then
		[PGP stuff with the newline]
	else
		[PGP stuff]
	fi
would do the trick

Does that sound reasonable at all? I'm not sure how many packages might
provide /etc/alternatives/pgp, it looks like only pgpgpg does it.

Sorry for the mistake in producing the patch. I should have verified the
facts better.

Javier
#237216#32
Date:
2004-03-11 16:15:22 UTC
From:
To:
package dpkg-dev
reassign 237216 pgpgpg
thanks
*snip: pgp 2.6.3a-9*
*snip: pgpgpg 0.13-6 through pgp diversion*
As I (now) understand this.  When dpkg-buildpackage calls gpg it needs
to insert a blank line, but when it calls pgp, it does not.  If it is
called with pgp=pgpgpg the blank line *is* needed because it's really
talking to gpg.
This I have done.  dpkg_1.10.20 reverts your patch and is uploaded
today.  This mail reassigns the bug to pgpgpg.

pgpgpg is supposed to be a wrapper, therefore it should emulate the
behaviour of pgp precisely, this includes blank lines and such-forth.
gah!  No.  If someone's using pgpgpg then they have a gpg setup, so they
can just use the gpg method.
I tested the patch with pgpgpg as well, so didn't spot it was wrong :-)

Scott