All,
The upstream for the ledgersmb package [1] moved from Sourceforge to GitHub including for where new releases of the application are made available; so the debian/watch file in the package needed to be`updated for the new locations of the distribution archive and its detached`gpg file that is used for verification. Updating the watch file [2] so that uscan can see new releases was successful but the *.asc file associated with the new releases and used for the gpg verification does not seem to get referenced properly so the verification step fails. (Or the verify is happening after the repack for some reason but before renaming the archive? It's not clear...) Since the verify step is failing, the step for doing the repack of the archive does not happen. Manually downloading then verifying the archive can be done successfully although then repacking the upstream archive also has to done manually. The download, verify, and repacking was successful at the time when the watch file was pointing to the old SourceForge site.
Running, for instance, the command "uscan --force-download --verbose --rename --destdir .." results in the error "BAD signature". And indeed, checking the resulting files from that command finds that the archive does look to have been repacked (it's smaller) and so the verify fails.
The current upstream version in Debian is 1.5.21 but 1.6.3 has been released; I'll be working on upgrading the packaging for the new series.
I'd appreciate if the current version of the debain/watch file be reviewed and advice given about how it could be updated to work properly.
Robert James Clay, ..hidden.., ..hidden..
[1] https://tracker.debian.org/pkg/ledgersmb
[2] https://sources.debian.org/src/ledgersmb/1.5.21+ds-1/debian/watch/
[3] https://download.ledgersmb.org/f/Releases/
_______________________________________________ devel mailing list ..hidden.. https://lists.ledgersmb.org/mailman/listinfo/devel