Giovanni 'ItachiSan' Santini <itachi.sama.amaterasu@xxxxxxxxx> on Mon, 2016/07/04 11:58: > Il 03/07/2016 23:50, Christian Hesse ha scritto: > > > > The db file is just a simple tar archive, compressed with gzip. Unzip it > > and you will find a directory for every package. Every directory contains > > the file 'desc' at least. Within the file you should find a line > > '%PGPSIG%', followed by a single line containing the signature. > > Looks like the build service breaks this line, which confuses pacman. > > > > I've opened an issue and created a pull request, as I made some > experiments with perl in order to have the script working; the issue > (now closed) is here: > https://github.com/openSUSE/open-build-service/issues/1907 > > Now, pacman recognises the key and accepts the package, but it still > complains a little, saying that the signature format is unsupported: > > --- Terminal output starts here > $ LANG=C sudo pacman -Sy dpkg > :: Synchronizing package databases... > ... sync stuff here ... > resolving dependencies... > looking for conflicting packages... > > Packages (1) dpkg-1.17.25-1 > > Total Download Size: 1.46 MiB > Total Installed Size: 9.20 MiB > > :: Proceed with installation? [Y/n] > :: Retrieving packages... > dpkg-1.17.25-1-x86_64 1492.1 KiB $speed 00:00 [--------------] 100% > (1/1) checking keys in keyring [--------------] 100% > error: dpkg: unsupported signature format(0/1) > checking package integrity [co o o o o o > (1/1) checking package integrity [--------------] 100% > (1/1) loading package files [--------------] 100% > ... installation stuff here ... > --- Terminal output ends here > > Why does pacman give that error? > As it marks it as an error, but it install the package anyways...! We have three places where this can come from... https://git.archlinux.org/pacman.git/tree/lib/libalpm/signing.c#n1008 https://git.archlinux.org/pacman.git/tree/lib/libalpm/signing.c#n1038 https://git.archlinux.org/pacman.git/tree/lib/libalpm/signing.c#n1045 Not sure what goes wrong here. Is source of the build service available? How do they sign the packages? -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];) putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);}
Attachment:
pgp4BdRq25QqU.pgp
Description: OpenPGP digital signature
