[pacman-dev] [PATCH] makepkg: split source elements when looking for sigs

Allan McRae allan at archlinux.org
Sun Dec 11 00:24:07 EST 2011


On 11/12/11 14:53, Eric Bélanger wrote:
> On Sat, Dec 10, 2011 at 11:45 PM, Allan McRae <allan at archlinux.org> wrote:
>> On 11/12/11 14:10, Dave Reisner wrote:
>>> Allows renamed .asc/.sig files to be still discovered by makepkg. This
>>> is needed for a package such as PuTTY, which provides abnormally named
>>> sig files (.DSA and .RSA) which are valid input for gpg --verify.
>>
>> Just to clarify...  Are they valid input as in "gpg --verify foo.DSA"
>> works or do you need to use "gpg --verify foo.DSA source.file" (or
>> whatever the correct command syntax is)?
>>
> 
> You need to specify the source tarball filename:
> 
> $ gpg --verify putty-0.62.tar.gz.DSA
> gpg: no signed data
> gpg: can't hash datafile: file open error
> 
> $ gpg --verify putty-0.62.tar.gz.DSA putty-0.62.tar.gz
> gpg: Signature made Sat 10 Dec 2011 08:34:11 AM EST using DSA key ID 08B0A90B
> gpg: Good signature from "PuTTY Releases (DSA) <putty-bugs at lists.tartarus.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 00B1 1009 38E6 9800 6518  F0AB FECD 6F3F 08B0 A90B
> 

OK.  That is what I had thought...   I had gone through the gnupg source
code and checked what valid extensions were and thought I had missed some.

Allan


More information about the pacman-dev mailing list