Bug#736711: lintian: false positive: debian-watch-file-pubkey-file-is-missing, newly allowed path
Package: lintian
Version: 2.5.21
Severity: minor
Tags: patch
Hello.
Uscan now allows two more paths for upstream signing keys.
It recommends an armored key in debian/upstream/signing-key.asc.
The attached patch should update lintian for both changes.
diff --git a/checks/watch-file.desc b/checks/watch-file.desc
index 0ef6106..d2bb6bb 100644
--- a/checks/watch-file.desc
+++ b/checks/watch-file.desc
@@ -149,7 +149,7 @@ Info: This watch file does not include a means to verify
use the pgpsigurlmangle options in this watch file's
opts= to generate the URL of an upstream GPG signature.
This signature is automatically downloaded and verified
- against a keyring stored in debian/upstream-signing-key.pgp
+ against an armored key stored in debian/upstream/signing-key.asc.
.
Of course, not all upstreams provide such signatures, but
you could request them as a way of verifying that no third
@@ -166,7 +166,7 @@ Ref: uscan(1)
Info: This watch file verifies a cryptographic signature but
the upstream public key is missing.
.
- Please add upstream public keys in debian/upstream-signing-key.pgp.
+ Please add upstream public key in debian/upstream/signing-key.asc.
Tag: debian-watch-contains-dh_make-template
Severity: wishlist
diff --git a/checks/watch-file.pm b/checks/watch-file.pm
index daa0692..036bcdb 100644
--- a/checks/watch-file.pm
+++ b/checks/watch-file.pm
@@ -179,13 +179,13 @@ sub run {
close($fd);
tag 'debian-watch-contains-dh_make-template' if ($template);
- tag 'debian-watch-may-check-gpg-signature' unless ($withgpgverification);
- if ($withgpgverification) {
- my $pgpfile = $info->debfiles('upstream-signing-key.pgp');
- if (!-f $pgpfile) {
- tag 'debian-watch-file-pubkey-file-is-missing';
- }
+ if (not $withgpgverification) {
+ tag 'debian-watch-may-check-gpg-signature';
+ } elsif (not ( -f $info->debfiles('upstream/signing-key.asc')
+ or -f $info->debfiles('upstream/signing-key.pgp')
+ or -f $info->debfiles('upstream-signing-key.pgp'))) {
+ tag 'debian-watch-file-pubkey-file-is-missing';
}
my $changes = $info->changelog;
Reply to: