From 85c435f23718e168345ea60270b24a57061b54f4 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 25 Apr 2025 20:53:45 +0200 Subject: sqv: Warn about signatures that will be rejected by policy within a year This implements a simple check where we first run `sqv` with `--policy-as-of` 1 year in the future. If the file is validly signed one year in the future, it is validly signed now. If the file is not validly signed 1 year in the future, we check if it is validly signed now, and otherwise print an error message. The --policy-as-of feature was added in sqv 1.3.0, hence we add a version requirement to the dependency. --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debian/control') diff --git a/debian/control b/debian/control index 157ca079e..a3e4c45df 100644 --- a/debian/control +++ b/debian/control @@ -28,7 +28,7 @@ Build-Depends: dpkg-dev (>= 1.22.5) , ninja-build, pkg-config, po4a (>= 0.34-2) , - sqv [amd64 arm64 armel armhf i386 mips64el ppc64el riscv64 s390x hurd-amd64 hurd-i386 loong64 powerpc ppc64 sparc64] | gpgv, + sqv (>= 1.3.0) [amd64 arm64 armel armhf i386 mips64el ppc64el riscv64 s390x hurd-amd64 hurd-i386 loong64 powerpc ppc64 sparc64] | gpgv, triehash, xsltproc , zlib1g-dev -- cgit v1.2.3-70-g09d2