Hi Yadd,
thank you very much for your work on uscan. That new version 5
format looks really promising.
* Yadd <yadd@debian.org> [2021-12-01 09:11]:
* Version 5:
* Main (first) paragraph contains "Version: 5" and optional options
that change default values for source-paragraph
* URL and regex are separated
* Some default values change. For example, `dversionmangle` default
value will be "auto" (drop +dfsg, ~ds,...), uversionmangle=s/-/~/g,
filenamemangle=s/.*?(\d[\d\.]*@ARCHIVE_EXT@)/@PACKAGE@-$1/...
[...]
Of course, comments are welcome!
I have a feature request regarding signature verification. As luck would
have it, I maintain three packages with upstream
signatures; one of them is me being my own upstream, and the other
two do not use the "standard" approach with one GnuPG signature per
source tarball:
- cmake releases its sources in multiple archive formats and signs
them indirectly (a text file with SHA256 hashes) [1].
- liblzf uses the BSD signify tool [2] and only GnuPG-signs the
signify key.
I don't know if any of these schemes are used elsewhere (more likely
for the CMake approach, less likely for liblzf, I'd guess), but it
would be nice if uscan offered some support for this; maybe a hook
to run the signature verification by an external script with
autopkgtest semantics (fail if output occurs on stderr the script
returns with a non-zero exit code).