FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 12-11-2011, 03:45 AM
Allan McRae
 
Default makepkg: split source elements when looking for sigs

On 11/12/11 14:10, Dave Reisner wrote:
> Allows renamed .asc/.sig files to be still discovered by makepkg. This
> is needed for a package such as PuTTY, which provides abnormally named
> sig files (.DSA and .RSA) which are valid input for gpg --verify.

Just to clarify... Are they valid input as in "gpg --verify foo.DSA"
works or do you need to use "gpg --verify foo.DSA source.file" (or
whatever the correct command syntax is)?

Allan
 
Old 12-11-2011, 03:53 AM
Eric Bélanger
 
Default makepkg: split source elements when looking for sigs

On Sat, Dec 10, 2011 at 11:45 PM, Allan McRae <allan@archlinux.org> wrote:
> On 11/12/11 14:10, Dave Reisner wrote:
>> Allows renamed .asc/.sig files to be still discovered by makepkg. This
>> is needed for a package such as PuTTY, which provides abnormally named
>> sig files (.DSA and .RSA) which are valid input for gpg --verify.
>
> Just to clarify... *Are they valid input as in "gpg --verify foo.DSA"
> works or do you need to use "gpg --verify foo.DSA source.file" (or
> whatever the correct command syntax is)?
>

You need to specify the source tarball filename:

$ gpg --verify putty-0.62.tar.gz.DSA
gpg: no signed data
gpg: can't hash datafile: file open error

$ gpg --verify putty-0.62.tar.gz.DSA putty-0.62.tar.gz
gpg: Signature made Sat 10 Dec 2011 08:34:11 AM EST using DSA key ID 08B0A90B
gpg: Good signature from "PuTTY Releases (DSA) <putty-bugs@lists.tartarus.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 00B1 1009 38E6 9800 6518 F0AB FECD 6F3F 08B0 A90B




> Allan
>
>
 
Old 12-11-2011, 04:24 AM
Allan McRae
 
Default makepkg: split source elements when looking for sigs

On 11/12/11 14:53, Eric Bélanger wrote:
> On Sat, Dec 10, 2011 at 11:45 PM, Allan McRae <allan@archlinux.org> wrote:
>> On 11/12/11 14:10, Dave Reisner wrote:
>>> Allows renamed .asc/.sig files to be still discovered by makepkg. This
>>> is needed for a package such as PuTTY, which provides abnormally named
>>> sig files (.DSA and .RSA) which are valid input for gpg --verify.
>>
>> Just to clarify... Are they valid input as in "gpg --verify foo.DSA"
>> works or do you need to use "gpg --verify foo.DSA source.file" (or
>> whatever the correct command syntax is)?
>>
>
> You need to specify the source tarball filename:
>
> $ gpg --verify putty-0.62.tar.gz.DSA
> gpg: no signed data
> gpg: can't hash datafile: file open error
>
> $ gpg --verify putty-0.62.tar.gz.DSA putty-0.62.tar.gz
> gpg: Signature made Sat 10 Dec 2011 08:34:11 AM EST using DSA key ID 08B0A90B
> gpg: Good signature from "PuTTY Releases (DSA) <putty-bugs@lists.tartarus.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 00B1 1009 38E6 9800 6518 F0AB FECD 6F3F 08B0 A90B
>

OK. That is what I had thought... I had gone through the gnupg source
code and checked what valid extensions were and thought I had missed some.

Allan
 
Old 12-11-2011, 09:26 AM
Allan McRae
 
Default makepkg: split source elements when looking for sigs

On 11/12/11 14:10, Dave Reisner wrote:
> Allows renamed .asc/.sig files to be still discovered by makepkg. This
> is needed for a package such as PuTTY, which provides abnormally named
> sig files (.DSA and .RSA) which are valid input for gpg --verify.
>
> Signed-off-by: Dave Reisner <dreisner@archlinux.org>

Signed-off-by: Allan

> ---
> Related: do we want to natively support .SIG and .ASC as well? Or would we be
> content with this patch as a workaround for "abnormal" sig files like that?

I am happy with this patch. We should only natively support what gnupg
supports.

Allan
 

Thread Tools




All times are GMT. The time now is 06:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org