• Re: Bug#1104823: pre-approval/unblock: dpkg/1.22.19

    From Paul Gevers@21:1/5 to Guillem Jover on Thu May 15 16:50:02 2025
    XPost: linux.debian.devel.release
    To: 1104823@bugs.debian.org

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------DywMvbUJo5ehOoU09C20InN0
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    SGkgR3VpbGxlbSwNCg0KT24gMDctMDUtMjAyNSAwMjoyOCwgR3VpbGxlbSBKb3ZlciB3cm90 ZToNCj4gUGxlYXNlIHByZS1hcHByb3ZlL3VuYmxvY2sgcGFja2FnZSBkcGtnLg0KDQoNCkFj aywgYnV0IHBsZWFzZSAoZm9yIGF2b2lkYW5jZSBvZiBhbnkgdHJvdWJsZSkgb25seSB1cGxv YWQgYWZ0ZXIgdGhlIA0KZGViaWFuLWluc3RhbGxlciBSQzEgaGFzIGJlZW4gcmVsZWFzZWQs IHdoaWNoIHdpbGwgYmUgYW5ub3VuY2VkIG9uIGQtZC1hLg0KDQo+ICAgIC0gVHJhbnNsYXRp b24gdXBkYXRlcy4NCj4gICAgLSBBbGxvY2F0aW9uIGZhaWx1cmUgZml4ZXMuDQo+ICAgIC0g U3VwcG9ydCBmb3IgdGhlIHRhZzJ1cGxvYWQgT3BlblBHUCBrZXlyaW5nLg0KPiAgICAtIE5l dyBQdXJlT1MgUGVybCB2ZW5kb3IgbW9kdWxlIChub3QgYWZmZWN0aW5nIERlYmlhbiwgYnV0 IHJlbW92ZXMNCj4gICAgICB0aGUgb25seSBkZWx0YSB0aGV5IGNhcnJ5IGFyb3VuZCwgQUZB SVIpLg0KPiAgICAtIEZpeGVzIGZvciB0aGUgT3BlblBHUCBiYWNrZW5kIGNvbW1hbmRzIHRl c3RzLg0KPiAgICAtIFN1cHBvcnQgZm9yIE9wZW5QR1AgdmVyaWZpY2F0aW9uLW9ubHkgY29t bWFuZCBzcXYgKGVxdWl2YWxlbnQgdG8NCj4gICAgICBncGd2KSwgc28gdGhhdCBmb3IgZXhh bXBsZSBkcGtnLXNvdXJjZSBjYW4gdmVyaWZ5ICh1cHN0cmVhbSwgYW5kDQo+ICAgICAgLmRz YykgYWdhaW4gb24gYSBtaW5pbWFsIHN5c3RlbSAoYWZ0ZXIgYXB0IHN3aXRjaGVkIGZyb20g Z3BndiB0bw0KPiAgICAgIHNxdikuDQoNCg0KV2hpbGUgcmV2aWV3aW5nIEkgc3BvdHRlZCB0 aGUgZm9sbG93aW5nLCBpdCBzZWVtcyBsaWtlIHRoaXMgbWlnaHQgbm93IGJlIA0Kb2Jzb2xl dGUgaW4gdGhlIEJyZWFrczoNCiAgIyBVc2VzIG5ldyBzcSBmZWF0dXJlcywgdy9vIHJlcXVp cmluZyBhIGhhcmQgZGVwZW5kZW5jeSBvbiBzcS4NCiAgIHNxICg8PCAwLjQwLjB+KSwNCg0K UGF1bA0K

    --------------DywMvbUJo5ehOoU09C20InN0--

    -----BEGIN PGP SIGNATURE-----

    wsC7BAABCABvBYJoJf1PCRCcXJnrBb11CkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmdISyPc/hEbW+NqDrikmQPn6DGjf4QqfokKlblez9N8 gRYhBFi2bUhza+k7BS3mcpxcmesFvXUKAAAzBwf+MdxBuvasuc3nifeHBHcROSHK PproLi0cv+U+TL7Wk01BBcmGZ+lU3Q5s6fAwRT4DM/0NwMqP6SCPxHeW+JBLG1AN LFucLAc/Y3wFgrqc0MZOvlEJF3xHRuZ+s6Ql9SWdK38IxOcj5Dl/7jCrH1LB+bo2 YwLHIgdl6NzHN2D/+XT+9FLdiG2B15hx/Lqy94Dft4rnMuYysTsonejLtUM0VyZm 0nC+WuJJT3hVGjESvNX+ktKTgBCuY1rT5yTaNXJ48/P9zCxh+zh6D0HLQxzma02j xOuoMRyBJz9K7xlI7z73ROgJnzMIWo3qmBB5OD7IDuiFmjVKcX9W+60pIlmSow==
    =d2FG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Guillem Jover@21:1/5 to Paul Gevers on Thu May 15 19:10:01 2025
    XPost: linux.debian.devel.release

    Hi!

    On Thu, 2025-05-15 at 16:42:23 +0200, Paul Gevers wrote:
    On 07-05-2025 02:28, Guillem Jover wrote:
    Please pre-approve/unblock package dpkg.

    Ack, but please (for avoidance of any trouble) only upload after the debian-installer RC1 has been released, which will be announced on
    d-d-a.

    Perfect thanks! Ah, and also thanks for the explicit note, it was not
    entirely clear to me from the announcement, as that only mentioned udeb-producing packages, which dpkg is not. I'll wait until the
    release has happened.

    - Translation updates.
    - Allocation failure fixes.
    - Support for the tag2upload OpenPGP keyring.
    - New PureOS Perl vendor module (not affecting Debian, but removes
    the only delta they carry around, AFAIR).
    - Fixes for the OpenPGP backend commands tests.
    - Support for OpenPGP verification-only command sqv (equivalent to
    gpgv), so that for example dpkg-source can verify (upstream, and
    .dsc) again on a minimal system (after apt switched from gpgv to
    sqv).

    A new translation update came through, and had pending sending a note
    about that, so here it is. :) I suppose it's no problem to include that
    and any other translation updates that might come before the upload
    happens?

    (I'll cherry-pick these changes into git main, except for the release
    stuff, which I'll hold off until immediately before the upload.)

    While reviewing I spotted the following, it seems like this might
    now be obsolete in the Breaks:
    # Uses new sq features, w/o requiring a hard dependency on sq.
    sq (<< 0.40.0~),

    In stable/bookworm sq is currently at 0.27.0-2+b1, so to avoid
    breakage during partial upgrades it seems to me that's still relevant,
    but perhaps you were thinking about sqv which in stable/bookworm
    is currently at 1.1.0-1+b5? Or perhaps something else?

    Regards,
    Guillem

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Paul Gevers@21:1/5 to Guillem Jover on Thu May 15 21:00:01 2025
    XPost: linux.debian.devel.release
    Copy: 1104823@bugs.debian.org

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------3b2qgGd5Qzrs93WsRsqOyp59
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    SGkgR3VpbGxlbSwNCg0KT24gMTUtMDUtMjAyNSAxOTowMCwgR3VpbGxlbSBKb3ZlciB3cm90 ZToNCj4+IEFjaywgYnV0IHBsZWFzZSAoZm9yIGF2b2lkYW5jZSBvZiBhbnkgdHJvdWJsZSkg b25seSB1cGxvYWQgYWZ0ZXIgdGhlDQo+PiBkZWJpYW4taW5zdGFsbGVyIFJDMSBoYXMgYmVl biByZWxlYXNlZCwgd2hpY2ggd2lsbCBiZSBhbm5vdW5jZWQgb24NCj4+IGQtZC1hLg0KPiAN Cj4gUGVyZmVjdCB0aGFua3MhIEFoLCBhbmQgYWxzbyB0aGFua3MgZm9yIHRoZSBleHBsaWNp dCBub3RlLCBpdCB3YXMgbm90DQo+IGVudGlyZWx5IGNsZWFyIHRvIG1lIGZyb20gdGhlIGFu bm91bmNlbWVudCwgYXMgdGhhdCBvbmx5IG1lbnRpb25lZA0KPiB1ZGViLXByb2R1Y2luZyBw YWNrYWdlcywgd2hpY2ggZHBrZyBpcyBub3QuIEknbGwgd2FpdCB1bnRpbCB0aGUNCj4gcmVs ZWFzZSBoYXMgaGFwcGVuZWQuDQoNCg0KSSBkb24ndCB0aGluayBkcGtnIGlzIGludm9sdmVk LCBidXQgSSdkIHJhdGhlciBiZSBzYWZlIHRoZW4gc29ycnkuDQoNCj4gQSBuZXcgdHJhbnNs YXRpb24gdXBkYXRlIGNhbWUgdGhyb3VnaCwgYW5kIGhhZCBwZW5kaW5nIHNlbmRpbmcgYSBu b3RlDQo+IGFib3V0IHRoYXQsIHNvIGhlcmUgaXQgaXMuIDopIEkgc3VwcG9zZSBpdCdzIG5v IHByb2JsZW0gdG8gaW5jbHVkZSB0aGF0DQo+IGFuZCBhbnkgb3RoZXIgdHJhbnNsYXRpb24g dXBkYXRlcyB0aGF0IG1pZ2h0IGNvbWUgYmVmb3JlIHRoZSB1cGxvYWQNCj4gaGFwcGVucz8N Cg0KDQpJbmRlZWQsIHRyYW5zbGF0aW9uIHVwZGF0ZXMgYXJlIGZpbmUuDQoNCj4+IFdoaWxl IHJldmlld2luZyBJIHNwb3R0ZWQgdGhlIGZvbGxvd2luZywgaXQgc2VlbXMgbGlrZSB0aGlz IG1pZ2h0DQo+PiBub3cgYmUgb2Jzb2xldGUgaW4gdGhlIEJyZWFrczoNCj4+ICAgIyBVc2Vz IG5ldyBzcSBmZWF0dXJlcywgdy9vIHJlcXVpcmluZyBhIGhhcmQgZGVwZW5kZW5jeSBvbiBz cS4NCj4+ICAgIHNxICg8PCAwLjQwLjB+KSwNCj4gDQo+IEluIHN0YWJsZS9ib29rd29ybSBz cSBpcyBjdXJyZW50bHkgYXQgMC4yNy4wLTIrYjEsIHNvIHRvIGF2b2lkDQo+IGJyZWFrYWdl IGR1cmluZyBwYXJ0aWFsIHVwZ3JhZGVzIGl0IHNlZW1zIHRvIG1lIHRoYXQncyBzdGlsbCBy ZWxldmFudCwNCj4gYnV0IHBlcmhhcHMgeW91IHdlcmUgdGhpbmtpbmcgYWJvdXQgc3F2IHdo aWNoIGluIHN0YWJsZS9ib29rd29ybQ0KPiBpcyBjdXJyZW50bHkgYXQgMS4xLjAtMStiNT8g T3IgcGVyaGFwcyBzb21ldGhpbmcgZWxzZT8NCg0KDQpJIHdhcyBtb3JlIHRoaW5raW5nIHRo YXQgZHBrZyBub3cgZG9lc24ndCBkcml2ZSBzcSBhbnltb3JlIChhcyBpdCdzIG5vdCANCmlu IHRoZSBsaXN0IG9mIERlcGVuZHMpIHNvIEknZCBleHBlY3QgYW4gb2xkZXIgdmVyc2lvbiBv ZiB0aGF0IHdvdWxkbid0IA0KbWF0dGVyLiBCdXQgcmVhZGluZyB0aGUgZGlmZiBhZ2Fpbiwg SSBzZWUgdGhhdCBgREVGQVVMVF9DTURgIHN0aWxsIA0KcG9pbnRzIGF0IHNxLCBzbyBJIGd1 ZXNzIHRoZSBjb2RlIHRvIGRyaXZlIHNxIGlzIHN0aWxsIHRoZXJlLiBPciBkaWQgSSANCnN0 aWxsIG1pc3JlYWQgdGhlIGRpZmY/IE9yIHBlcmhhcHMgc29tZXRoaW5nIGVsc2U/DQoNClBh dWwNCg0K

    --------------3b2qgGd5Qzrs93WsRsqOyp59--

    -----BEGIN PGP SIGNATURE-----

    wsC7BAABCABvBYJoJjiiCRCcXJnrBb11CkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmfwpnTspxpIdTl6B9iUvOUGtchz6h+Qd8Yx8YPphnN0 wRYhBFi2bUhza+k7BS3mcpxcmesFvXUKAAC+iwf+LsVYnjnlJJDl+RWhOPTblutv kpfbuSE1Zo9VRvmeREc/1M3b/1B7HEUTycMuaI5SG4n7AJBAABS19iumytKQWCfw ch9IINexMK5O9wDyuP7d3fbneF7TL3QCLSpjUIBgn+VpbicNaKq1EVZY7gNHLC7B 0JfLdR2J2qL2gaOly/+vltl5qV4GdspAJYDZ7mBrNSHjH3lg931lNfD5Vpz+OBBr /5VXrvxZL2oycBcjJU5MeFqGw1v2HFf1wzp9c3IrOT5g2iKQLXTgCPwPR0TKbzaT ARQ+i7RbaAm4ziGfIjXMXwf8AoCtUq8k0fr1q7Pk47AmNqF0yLvzMxMIznq1tw==
    =cP/9
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Guillem Jover@21:1/5 to Paul Gevers on Thu May 15 23:10:01 2025
    XPost: linux.debian.devel.release

    Hi!

    On Thu, 2025-05-15 at 20:55:30 +0200, Paul Gevers wrote:
    On 15-05-2025 19:00, Guillem Jover wrote:
    Ack, but please (for avoidance of any trouble) only upload after the debian-installer RC1 has been released, which will be announced on
    d-d-a.

    Perfect thanks! Ah, and also thanks for the explicit note, it was not entirely clear to me from the announcement, as that only mentioned udeb-producing packages, which dpkg is not. I'll wait until the
    release has happened.

    I don't think dpkg is involved, but I'd rather be safe then sorry.

    Sure, no problem.

    While reviewing I spotted the following, it seems like this might
    now be obsolete in the Breaks:
    # Uses new sq features, w/o requiring a hard dependency on sq.
    sq (<< 0.40.0~),

    In stable/bookworm sq is currently at 0.27.0-2+b1, so to avoid
    breakage during partial upgrades it seems to me that's still relevant,
    but perhaps you were thinking about sqv which in stable/bookworm
    is currently at 1.1.0-1+b5? Or perhaps something else?

    I was more thinking that dpkg now doesn't drive sq anymore (as it's
    not in the list of Depends) so I'd expect an older version of that
    wouldn't matter. But reading the diff again, I see that
    `DEFAULT_CMD` still points at sq, so I guess the code to drive sq is
    still there. Or did I still misread the diff? Or perhaps something
    else?

    Ah. The OpenPGP backends can support a "full" (in terms of what dpkg
    needs) OpenPGP implementation that can sign, verify, etc, (for the Sequoia backend that would be «sq»), or a "verification-only" implementation
    (for the Sequoia backend that would now be «sqv»). The users of the
    API can request whether the latter is enough for their use (such as dpkg-source), and then the auto-detection code will try to find a
    backend that has a suitable command available.

    sq is still in the list of Recommends/Suggests for the "full"
    implementation alternatives. sqv is now in the alternatives for the "verification-only" implementations (where in case an implementation
    does not have a matching "verification-only" command the one providing
    the "full" one is listed instead).

    Hope that clarifies. :)

    Thanks,
    Guillem

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Guillem Jover@21:1/5 to Guillem Jover on Mon May 19 01:40:01 2025
    XPost: linux.debian.devel.release

    Hi!

    On Thu, 2025-05-15 at 23:02:56 +0200, Guillem Jover wrote:
    On Thu, 2025-05-15 at 20:55:30 +0200, Paul Gevers wrote:
    On 15-05-2025 19:00, Guillem Jover wrote:
    Ack, but please (for avoidance of any trouble) only upload after the debian-installer RC1 has been released, which will be announced on d-d-a.

    Perfect thanks! Ah, and also thanks for the explicit note, it was not entirely clear to me from the announcement, as that only mentioned udeb-producing packages, which dpkg is not. I'll wait until the
    release has happened.

    I don't think dpkg is involved, but I'd rather be safe then sorry.

    Sure, no problem.

    I've just uploaded it now.

    While reviewing I spotted the following, it seems like this might
    now be obsolete in the Breaks:
    # Uses new sq features, w/o requiring a hard dependency on sq.
    sq (<< 0.40.0~),

    In stable/bookworm sq is currently at 0.27.0-2+b1, so to avoid
    breakage during partial upgrades it seems to me that's still relevant, but perhaps you were thinking about sqv which in stable/bookworm
    is currently at 1.1.0-1+b5? Or perhaps something else?

    I was more thinking that dpkg now doesn't drive sq anymore (as it's
    not in the list of Depends) so I'd expect an older version of that
    wouldn't matter. But reading the diff again, I see that
    `DEFAULT_CMD` still points at sq, so I guess the code to drive sq is
    still there. Or did I still misread the diff? Or perhaps something
    else?

    Ah. The OpenPGP backends can support a "full" (in terms of what dpkg
    needs) OpenPGP implementation that can sign, verify, etc, (for the Sequoia backend that would be «sq»), or a "verification-only" implementation
    (for the Sequoia backend that would now be «sqv»). The users of the
    API can request whether the latter is enough for their use (such as dpkg-source), and then the auto-detection code will try to find a
    backend that has a suitable command available.

    sq is still in the list of Recommends/Suggests for the "full"
    implementation alternatives. sqv is now in the alternatives for the "verification-only" implementations (where in case an implementation
    does not have a matching "verification-only" command the one providing
    the "full" one is listed instead).

    Hope that clarifies. :)

    I took the liberty (given the nature of the change) and ended up adding
    a couple of comments trying to clarify the above in the debian/control
    file, patch attached, hope that's fine!

    Thanks,
    Guillem

    From f089a3c89956e5a1ff2b96361c4e0201c27d598b Mon Sep 17 00:00:00 2001
    From: Guillem Jover <guillem@debian.org>
    Date: Sun, 18 May 2025 23:33:30 +0200
    Subject: [PATCH] debian: Document OpenPGP implementation dependencies

    Clarify that the ones are for full implementations, and the others are
    for at least verification-only implementations.

    Prompted-by: Paul Gevers <elbrus@debian.org>
    ---
    debian/control | 4 ++++
    1 file changed, 4 insertions(+)

    diff --git a/debian/control b/debian/control
    index 429a438e6..9e15c9bb4 100644
    --- a/debian/control
    +++ b/debian/control
    @@ -131,7 +131,9 @@ Recommends:
    build-essential,
    gcc | c-compiler,
    fakeroot,
    +# OpenPGP implementations providing full support.
    sq | sqop | rsop | gosop | pgpainless-cli | gpg-sq | gnupg,
    +# OpenPGP implementations providing at least verification-only support.
    sqv | sqopv | rsopv | sopv | gosop | pgpainless-cli | gpgv-sq | gpgv,
    # Used by dpkg-mergechangelogs.
    libalgorithm-merge-perl,
    @@ -185,7 +187,9 @@ Recommends:
    Suggests:
    debian-keyring,
    debian-tag2upload-keyring,
    +# OpenPGP implementations providing full support.
    sq | sqop | rsop | gosop | pgpainless-cli | gpg-sq | gnupg,
    +# OpenPGP implementations providing at least verification-only support.
    sqv | sqopv | rsopv | sopv | gosop | pgpainless-cli | gpgv-sq | gpgv,
    gcc | c-compiler,
    binutils,
    --
    2.49.0

    --- SoupGate-Win
  • From Guillem Jover@21:1/5 to Guillem Jover on Wed May 21 10:40:01 2025
    XPost: linux.debian.devel.release

    Hi!

    On Mon, 2025-05-19 at 01:26:59 +0200, Guillem Jover wrote:
    I've just uploaded it now.

    So, a new bug report just came in yesterday, that through the new sqv
    support revealed a pre-existing problem with the Sequoia handling on verification, where the code was calling sq (and now possibly sqv)
    with no keyrings if they are not present on disk (which will be the
    case on a true minimal installation w/o debian-keyring installed), and
    where sq used to give a rather verbose output that can be confusing,
    and sqv now gives an apparently alarming error message as it expects
    at least one keyring option to be passed. :/

    In focusing on testing verification, I completely missed checking the
    scenario with no keyrings, sorry about that! :'(

    Something like this, for sqv:

    ,---
    $ dpkg-source -x *.dsc
    error: the following required arguments were not provided:
    --keyring <FILE>

    Usage: sqv --keyring <FILE> --cleartext --output <FILE> <FILE>

    For more information, try '--help'.
    dpkg-source: warning: cannot verify inline signature for ./upgrade-system_1.9.8.dsc: no acceptable signature found
    dpkg-source: info: extracting upgrade-system in upgrade-system-1.9.8
    dpkg-source: info: unpacking upgrade-system_1.9.8.tar.xz
    `---

    And this for sq:

    ,---
    $ dpkg-source -x *.dsc
    Can't authenticate signature allegedly made by C89002C77A8BEC6A4E6D7390AE1F8277C4B4D7B6: missing certificate.

    Hint: Consider searching for the certificate using:

    $ sq network search C89002C77A8BEC6A4E6D7390AE1F8277C4B4D7B6
    0 authenticated signatures, 1 uncheckable signature.

    Error: Verification failed: could not authenticate any signatures
    dpkg-source: warning: cannot verify inline signature for ./upgrade-system_1.9.8.dsc: no acceptable signature found
    dpkg-source: info: extracting upgrade-system in upgrade-system-1.9.8
    dpkg-source: info: unpacking upgrade-system_1.9.8.tar.xz
    `---

    In my view these make the UI rather confusing, but have no functional
    effect, because by default they are warnings and do not prevent
    extraction, and even with --require-valid-signature, they'd fail as
    well given that the keyrings are not installed.

    While this was brought up in the upstream Sequoia IRC channel, Neal
    asked whether the sq command was being run in stateless mode, which is
    the assumed running context for all other OpenPGP backends (from GnuPG
    to SOP), which can be done (and should have been done) by passing
    --home=none to sq invocations (but not sqv).

    So, I'd like to prepare a dpkg 1.22.20 release with the two attached
    patches (and some further translation updates), but would probably wait
    a few more days in case there's anything else that pops up, then can
    update this bug metadata, and provide a proper debdiff if so.

    Thanks,
    Guillem

    From dcc392e9b5785c96930a6ba0d1dc316cc5764a78 Mon Sep 17 00:00:00 2001
    From: Guillem Jover <guillem@debian.org>
    Date: Wed, 21 May 2025 09:50:56 +0200
    Subject: [PATCH 1/2] Dpkg::OpenPGP::Backend::Sequoia: Do not run sq/sqv to
    verify with no keyrings

    Both sq and sqv support expect a keyring to be able to verify the
    signatures, and produce rather confusing and alarming diagnostics,
    which by default are emitted as warnings.

    In case we have no keyrings to pass (because they are not present on
    disk for example), skip the commands invocation, and return an error
    to the effect that no valid signatures could be found. In the future
    we should instead print the keyrings that we are using and the ones we
    are skipping, and print a specific error message for this condition,
    to make the error condition more clear, but for now this is the minimal
    change that gives a less confusing UI.

    Closes: #1106148
    ---
    scripts/Dpkg/OpenPGP/Backend/Sequoia.pm | 2 ++
    1 file changed, 2 insertions(+)

    diff --git a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm
    index 2d50b0921..09b3ec88b 100644
    --- a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm
    +++ b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm
    @@ -123,6 +123,7 @@ sub inline_verify
    my ($self, $inlinesigned, $data, @certs) = @_;

    return OPENPGP_MISSING_CMD unless ($self->{cmdv} || $self->{cmd});
    + return OPENPGP_NO_SIG if @certs == 0;

    # XXX: sqv does not support --signer-file. See:
    # <https://gitlab.com/sequoia-pgp/sequoia-sqv/-/issues/11>.
    @@ -164,6 +165,7 @@ sub verify
    my ($self, $data, $sig, @certs) = @_;

    return OPENPGP_MISSING_CMD unless ($self->{cmdv} || $self->{cmd});
    + return OPENPGP_NO_SIG if @certs == 0;

    # XXX: sqv does not support --signer-file. See:
    # <https://gitlab.com/sequoia-pgp/sequoia-sqv/-/issues/11>.
    --
    2.49.0


    From 96b9d6b20362f96f8fc9b5e35e6ea
  • From Paul Gevers@21:1/5 to Guillem Jover on Sat May 24 12:20:01 2025
    XPost: linux.debian.devel.release
    Copy: 1104823@bugs.debian.org

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------SSK5jhCI0vXy8drHCqUZHHxJ
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    SGksDQoNCk9uIDIxLTA1LTIwMjUgMTA6MzQsIEd1aWxsZW0gSm92ZXIgd3JvdGU6DQo+IFNv LCBJJ2QgbGlrZSB0byBwcmVwYXJlIGEgZHBrZyAxLjIyLjIwIHJlbGVhc2Ugd2l0aCB0aGUg dHdvIGF0dGFjaGVkDQo+IHBhdGNoZXMgKGFuZCBzb21lIGZ1cnRoZXIgdHJhbnNsYXRpb24g dXBkYXRlcykNCg0KDQpUaGlzIGxvb2tzIE9LLg0KDQpQYXVsDQoNCg==

    --------------SSK5jhCI0vXy8drHCqUZHHxJ--

    -----BEGIN PGP SIGNATURE-----

    wsC7BAABCABvBYJoMZs0CRCcXJnrBb11CkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmc/Ndhspeslo8/VxhPIlva6FeAlZVEsbzRP9WuJpS2l 4RYhBFi2bUhza+k7BS3mcpxcmesFvXUKAADnKAf9Hk1TUy5pRAFcSPy6xeYzsNtj YSuu3KVPh9/E67uFfUomYMis3nK2Jut04OVsQS0NpdBxMwLJ2DYhRxtTkjZlB5O6 7+psjwGJSW9VyLYIlDjgDl5g2v8dXtNkH4z9Jy7Il1kqTQNGeaJycb5TnYntaN/T vSeGX2StvI20z9VVeAqZ4h/1kDrB1Tf53fRl3T2xnw8w99E96VoZ1Ic9ZIsZEI3v +eWCmkSIFE66sgK/2ZmqTWfGSzUxsGe5oUG+Ia8pglVOsnnVOH6AbsFLpPDkT5di 9TblvcjVjcuuxO6QUKv3ODjrXy+C2u6rDKvyYCBrzO2ug0dBL4TETF9HFRJ3iA==
    =pPhK
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)