Debian Quality Assurance

debsigs (0.1.26) [PTS] [DDPO]

COMMITS: VCS has seen 12 commits since the archive/debian/0.1.26 tag

• Git: https://gitlab.com/debsigs/debsigs.git
• JSON
  Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
  For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
  The next upload will reset the information from the source package headers.
• Branch: master
• Path: debian/changelog
• Repo size: 565248
• Browser: https://gitlab.com/debsigs/debsigs
• Last scan: 2024-07-16 03:22:12+00
• Next scan: 2024-07-17 00:46:00+00
• Debian changelog in Git:

  debsigs (0.1.26) unstable; urgency=medium
  
    * Declare compliance with Debian Policy 4.6.0 with no changes.
    * Add the year 2021 to my debian/* copyright notice.
    * Explicitly declare dh-sequence-single-binary as a virtual build
      dependency.
    * Regenerate the signing-policy.txt file during the build.
    * Correct some typographical errors in the signing policy document.
    * Fix listing signatures with GnuPG 2. Closes: #988368
  
   -- Peter Pentchev <roam@debian.org>  Wed, 29 Dec 2021 16:46:40 +0200

• This branch is 12 commits ahead of tag archive/debian/0.1.26
• Git log:

  commit dfda18c439d31437518f2b1c3030d60fb3b550b4
  Author: Peter Pentchev <roam@debian.org>
  Date:   Tue Jul 9 01:12:27 2024 +0300
  
      testsigs: minor match/case refactoring
  
  commit 3858401c33778c8dc6323c43b3ed7c34f825b5be
  Author: Peter Pentchev <roam@debian.org>
  Date:   Mon Jul 8 20:39:15 2024 +0300
  
      Add a Python tool that builds `debsigs` and runs the test tool
      
      Prepare for a future in which there is more than one debsigs implementation.
  
  commit 160c90fd830a4530f4cb862af04300f5cb9806e4
  Author: Peter Pentchev <roam@debian.org>
  Date:   Sat Jul 6 12:04:06 2024 +0300
  
      Add a Python test tool
      
      Add a Python tool (python/tests/testsigs/) that:
      - creates a temporary directory
      - points HOME to a temporary location within that directory for GnuPG's benefit
      - uses a stateless OpenPGP tool to create a keypair
      - imports that keypair into GnuPG's store in the temporary home directory
      - downloads a Debian package
      - signs it
      - verifies the signature using debsigs's new --verify implementation
      - generates a debsig-verify policy and verifies the signature using that, too
  
  commit 5c843dcd283357c56531b41317faa98a12084eb8
  Author: Peter Pentchev <roam@debian.org>
  Date:   Mon Jul 8 23:28:54 2024 +0300
  
      Also support zstd-compressed archives
      
      This is similar to the !7 merge request, but the code was reorganized, and
      also the merge request combines two changes into one.
      
      Closes: #3
  
  commit fcc521d8e42073e26c39a322a15a49addb003ebe
  Author: Peter Pentchev <roam@debian.org>
  Date:   Mon Jul 8 23:28:33 2024 +0300
  
      DRY: only define the control/data member regular expressions once
  
  commit 92ba672f3ac02d90cba5d26c096a4d0d88b2d104
  Author: Todd C. Miller <Todd.Miller@sudo.ws>
  Date:   Sun Sep 26 20:03:11 2021 -0600
  
      Implement verify mode.
  
  commit eb3b211ec58f82f12785c9a24022962493b0e341
  Author: Todd C. Miller <Todd.Miller@sudo.ws>
  Date:   Sun Sep 26 19:31:20 2021 -0600
  
      Use mkdtemp() to create the temp dir instead of using a predictable name.
  
  commit 0ff7d54fcc1f73ad78bc539e24a0a024876e28da
  Author: Todd C. Miller <Todd.Miller@sudo.ws>
  Date:   Sun Sep 26 19:51:18 2021 -0600
  
      Do not hard-code the path to gpg.
      There's no need to do this as perl will use execvp() which searches PATH.
  
  commit b2977db7abcb227e93cf0935d10c4e6bc3e23098
  Author: Peter Pentchev <roam@debian.org>
  Date:   Mon Jul 8 20:59:26 2024 +0300
  
      Use Perl's version module and switch to a semver-like v0.2.0
  
  commit 5ffc00ca32afe25881f5f98130791dffc1779fbf
  Author: Peter Pentchev <roam@debian.org>
  Date:   Mon Jul 8 20:56:58 2024 +0300
  
      Bump the --version output to 0.2.0
      
      Dropping the `--openpgp` command-line option is an incompatible change in
      the behavior of debsigs, even though (in combination with the newly-fixed
      `--gpgopts` one) it allows for a better user experience.
  
  commit 75c6c8f96e6cdc33bca9c5f32195b68ff35bc32f
  Author: Peter Pentchev <roam@debian.org>
  Date:   Mon Jul 8 20:51:22 2024 +0300
  
      Do not pass --openpgp to GnuPG any more
      
      Unfortunately, right now the normative RFC for OpenPGP specifies
      outdated algorithms, e.g. mandatory SHA1 as a digest algorithm.
      Thus, passing the `--openpgp` option to GnuPG does more harm than
      good right now, especially as the external `debsig-verify` tool
      has rejected SHA1 signatures since 2021.
      
      Closes: #2
  
  commit 160138f5de1ec110376d3c807b60a37388bc7c90
  Author: Peter Pentchev <roam@debian.org>
  Date:   Mon Jul 8 20:48:54 2024 +0300
  
      Actually pass the options specified in --gpgopts to GnuPG
      
      This implementation is similar to the !1 merge request (thanks!), but
      it uses the Text::ParseWords module from the Perl standard library to
      parse the argument to --gpgopts as one or more arguments for GnuPG,
      allowing shell-style word quoting and escaping.
      
      Closes: #1

Package: JSON [Main page]

---

Back to the Debian Project homepage.

---