Your message dated Sun, 24 Aug 2014 13:14:03 +0200 with message-id <53F9C8FB.3000500@thykier.net> and subject line Re: Bug#758054: [lintian] dpkg-sig signed package triggering misplaced-extra-member-in-deb error has caused the Debian Bug report #758054, regarding [lintian] dpkg-sig signed package triggering misplaced-extra-member-in-deb error to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 758054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758054 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: [lintian] dpkg-sig signed package triggering misplaced-extra-member-in-deb error
- From: OmegaPhil <OmegaPhil00@startmail.com>
- Date: Wed, 13 Aug 2014 20:37:52 +0100
- Message-id: <[🔎] 53EBBE90.3000408@startmail.com>
Package: lintian Version: 2.5.25 Severity: normal I'm investigating signing Debian archives with dpkg-sig (available in the repos) - after modifying an archive with a signature, lintian reports the following warning: ================================================================= misplaced-extra-member-in-deb _gpgbuilder (unexpected member at position 3) ================================================================= While dpkg-sig is not widespread, presumably its official enough not to trigger an error? For testing, get the name of your gpg key, export DEBSIGN_MAINT="<name>", then: ================================ dpkg-sig --sign "builder" *.deb ================================ To verify a signature: ======================== dpkg-sig --verify *.deb ======================== --- System information. --- Architecture: amd64 Kernel: Linux 3.14-2-amd64 Debian Release: jessie/sid 990 testing 10.1.0.3 500 unstable 10.1.0.3 500 quodlibet-unstable 10.1.0.3 1 experimental 10.1.0.3 --- Package information. --- Depends (Version) | Installed ============================================-+-=========== binutils | 2.24.51.20140727-1 bzip2 | 1.0.6-7 diffstat | 1.58-1 file | 1:5.19-1 gettext | 0.19.2-1 hardening-includes | 2.5 intltool-debian | 0.35.0+20060710.1 libapt-pkg-perl | 0.1.29+b1 libarchive-zip-perl | 1.37-2 libclass-accessor-perl | 0.34-1 libclone-perl | 0.37-1 libdigest-sha-perl | libdpkg-perl | 1.17.10 libemail-valid-perl | 1.194-1 libfile-basedir-perl | 0.03-1 libipc-run-perl | 0.92-1 liblist-moreutils-perl | 0.33-2 libparse-debianchangelog-perl | 1.2.0-1 libtext-levenshtein-perl | 0.09-1 libtimedate-perl | 2.3000-2 liburi-perl | 1.64-1 man-db | 2.6.7.1-1 patchutils | 0.3.3-1 perl | 5.18.2-7 t1utils | 1.37-2 Recommends (Version) | Installed ==================================-+-=========== libautodie-perl (>= 2.18) | 2.25-1 libperlio-gzip-perl | 0.18-3 Suggests (Version) | Installed ====================================-+-=========== binutils-multiarch | dpkg-dev | 1.17.10 libhtml-parser-perl | 3.71-1+b1 libtext-template-perl | libyaml-perl | 0.98-1 xz-utils | 5.1.1alpha+20120614-2Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: OmegaPhil <OmegaPhil00@startmail.com>, 758054-done@bugs.debian.org
- Subject: Re: Bug#758054: [lintian] dpkg-sig signed package triggering misplaced-extra-member-in-deb error
- From: Niels Thykier <niels@thykier.net>
- Date: Sun, 24 Aug 2014 13:14:03 +0200
- Message-id: <53F9C8FB.3000500@thykier.net>
- In-reply-to: <[🔎] 53EBBE90.3000408@startmail.com>
- References: <[🔎] 53EBBE90.3000408@startmail.com>
Control: tags -1 wontfix On 2014-08-13 21:37, OmegaPhil wrote: > Package: lintian > Version: 2.5.25 > Severity: normal > > I'm investigating signing Debian archives with dpkg-sig (available in > the repos) - after modifying an archive with a signature, lintian > reports the following warning: > > ================================================================= > > misplaced-extra-member-in-deb _gpgbuilder (unexpected member at position 3) > > ================================================================= > > While dpkg-sig is not widespread, presumably its official enough not to > trigger an error? > > [...] Thanks for taking the time to report the bug. Unfortunately, these methods of signing debs are not official and are not even permitted in uploads. Until there is an officially sanctioned method for signing debs, I will be tagging this wontfix. ~Niels
--- End Message ---