- Package:
- git-buildpackage
- Source:
- git-buildpackage
- Submitter:
- Laurent Bigonville
- Date:
- 2025-08-17 12:57:02 UTC
- Severity:
- normal
Hi, It's now possible to include the gpg/pgp signature of the original upstream tarball in the source (.dsc) package. Currently, gbp buildpackage -S is not copying that file when preparing the source package that means that dpkg is not adding it to the .dsc file. gbp buildpackags -S should copy this (and maybe check if the name of the file is OK). Regards, Laurent Bigonville
Hi Laurent, The "-S" is passed verbatim to the builder (dpkg-buildpackage, sbuild, pbuilder, ...). I assume you want gbp to checkout the signature when building a tarball (#872864)? Cheers, -- Guido
Le 07/09/17 à 11:06, Guido Günther a écrit : I think this is related, but not completely the same, I don't see the signature being commited in the pristine-tar branch here. My setup here is the following: The orig tarball and its signature (.pgp) is in the ../tarballs directory, when running gbp buildpackage -S, the orig tarball is symliked (or generated if it's absent) to the ../build-area directory. The thing is, that the signature file is not copied at the same time in that ../build-area directory
control: retitle -1 Please symlink upstream signature file to ../build-area as well Hi, …it's not implemented yet Yeah, the symlinking is a different case. Let's keep it as a separate bug. Thanks for the clarification. -- Guido
Hi, One more thing. It seems dpkg-source wants these alsways named as <upstream-tarball-name>.asc but you're writing (.pgp) above - is that a typo or should uscan rename this to .asc right away? Cheers, -- Guido
Le 07/09/17 à 12:33, Guido Günther a écrit : uscan downloads the file as .pgp even if the upstream file is .asc, when using pgpsigurlmangle I guess that's a bug in uscan?
Hi, I think so. Could you file that one as well please? (since my knowledge is based on what's in the manpages and what I read from the source, I didn't get around to try to add upstream signatures myself to an upload yet). We should try to standardize on one thing and since dpkg-source uses .asc and has the final say it's probably best to use that one. Otherwise we'll end up with lots of different heuristics. Cheers, -- Guido
Hi, This is fixed in uscan now. This bug is almost the same then #872864. Implementation wise when one works so will the other but let's keep both open since from the users perspective they're slightly different. Cheers, -- Guido
With #872864 having been fixed in Feb 2020, this bug always having been handled as closey related to #872864, this bug having had its fourth anniversary recently, and this bug giving me lintian warnings every time I have cleaned up a build-area directory, ... gentle ping about this please. Why do developers still have to manually link the .orig.tar.gz.asc to build-area while .orig.tar.gz gets linked automatically? Greetings Marc
With #872864 having been fixed in Feb 2020, this bug always having been handled as closey related to #872864, this bug having had its fourth anniversary recently, and this bug giving me lintian warnings every time I have cleaned up a build-area directory, ... gentle ping about this please. Why do developers still have to manually link the .orig.tar.gz.asc to build-area while .orig.tar.gz gets linked automatically? Greetings Marc
Three and a half years later, after one more successful build missing the upstream signature, may I remind once more? Greetings Marc
Three and a half years later, after one more successful build missing the upstream signature, may I remind once more? Greetings Marc