#874550 Please symlink upstream signature file to ../build-area as well

#874550#5
Date:
2017-09-07 08:55:14 UTC
From:
To:
Hi,

It's now possible to include the gpg/pgp signature of the original
upstream tarball in the source (.dsc) package.

Currently, gbp buildpackage -S is not copying that file when preparing
the source package that means that dpkg is not adding it to the .dsc
file.

gbp buildpackags -S should copy this (and maybe check if the name of the
file is OK).

Regards,

Laurent Bigonville

#874550#10
Date:
2017-09-07 09:06:28 UTC
From:
To:
Hi Laurent,

The "-S" is passed verbatim to the builder (dpkg-buildpackage, sbuild,
pbuilder, ...). I assume you want gbp to checkout the signature when
building a tarball (#872864)?

Cheers,
 -- Guido

#874550#15
Date:
2017-09-07 10:03:27 UTC
From:
To:
Le 07/09/17 à 11:06, Guido Günther a écrit :

I think this is related, but not completely the same, I don't see the
signature being commited in the pristine-tar branch here.

My setup here is the following:

The orig tarball and its signature (.pgp) is in the ../tarballs
directory, when running gbp buildpackage -S, the orig tarball is
symliked (or generated if it's absent) to the ../build-area directory.

The thing is, that the signature file is not copied at the same time in
that ../build-area directory

#874550#20
Date:
2017-09-07 10:16:15 UTC
From:
To:
control: retitle -1 Please symlink upstream signature file to ../build-area as well

Hi,

…it's not implemented yet

Yeah, the symlinking is a different case. Let's keep it as a separate
bug.

Thanks for the clarification.
 -- Guido

#874550#27
Date:
2017-09-07 10:33:42 UTC
From:
To:
Hi,

One more thing. It seems dpkg-source wants these alsways named as
<upstream-tarball-name>.asc but you're writing (.pgp) above - is that a
typo or should uscan rename this to .asc right away?

Cheers,
 -- Guido

#874550#32
Date:
2017-09-07 10:52:22 UTC
From:
To:
Le 07/09/17 à 12:33, Guido Günther a écrit :
uscan downloads the file as .pgp even if the upstream file is .asc, when
using pgpsigurlmangle

I guess that's a bug in uscan?

#874550#37
Date:
2017-09-07 10:57:27 UTC
From:
To:
Hi,

I think so. Could you file that one as well please? (since my knowledge
is based on what's in the manpages and what I read from the source, I
didn't get around to try to add upstream signatures myself to an upload
yet).

We should try to standardize on one thing and since dpkg-source uses
.asc and has the final say it's probably best to use that one. Otherwise
we'll end up with lots of different heuristics.

Cheers,
 -- Guido

#874550#42
Date:
2017-11-12 14:28:48 UTC
From:
To:
Hi,

This is fixed in uscan now. This bug is almost the same then
#872864. Implementation wise when one works so will the other but let's
keep both open since from the users perspective they're slightly
different.
Cheers,
 -- Guido

#874550#47
Date:
2021-11-28 12:41:18 UTC
From:
To:
With #872864 having been fixed in Feb 2020, this bug always having been
handled as closey related to #872864, this bug having had its fourth
anniversary recently, and this bug giving me lintian warnings every time
I have cleaned up a build-area directory, ...

gentle ping about this please. Why do developers still have to manually
link the .orig.tar.gz.asc to build-area while .orig.tar.gz gets linked
automatically?

Greetings
Marc

#874550#50
Date:
2021-11-28 12:41:18 UTC
From:
To:
With #872864 having been fixed in Feb 2020, this bug always having been
handled as closey related to #872864, this bug having had its fourth
anniversary recently, and this bug giving me lintian warnings every time
I have cleaned up a build-area directory, ...

gentle ping about this please. Why do developers still have to manually
link the .orig.tar.gz.asc to build-area while .orig.tar.gz gets linked
automatically?

Greetings
Marc

#874550#55
Date:
2025-08-17 12:54:55 UTC
From:
To:
Three and a half years later, after one more successful build missing
the upstream signature, may I remind once more?

Greetings
Marc

#874550#58
Date:
2025-08-17 12:54:55 UTC
From:
To:
Three and a half years later, after one more successful build missing
the upstream signature, may I remind once more?

Greetings
Marc