From 85c435f23718e168345ea60270b24a57061b54f4 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 25 Apr 2025 20:53:45 +0200 Subject: sqv: Warn about signatures that will be rejected by policy within a year This implements a simple check where we first run `sqv` with `--policy-as-of` 1 year in the future. If the file is validly signed one year in the future, it is validly signed now. If the file is not validly signed 1 year in the future, we check if it is validly signed now, and otherwise print an error message. The --policy-as-of feature was added in sqv 1.3.0, hence we add a version requirement to the dependency. --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debian/rules') diff --git a/debian/rules b/debian/rules index cd2370931..55d5e5eac 100755 --- a/debian/rules +++ b/debian/rules @@ -31,7 +31,7 @@ override_dh_install-arch: install -m 644 debian/apt.conf.autoremove debian/apt/etc/apt/apt.conf.d/01autoremove override_dh_gencontrol: - dh_gencontrol -- -Vapt:keyring="$(shell ./vendor/getinfo keyring-package)" -Vopenpgp:Depends=$(shell test -e /usr/bin/sqv && echo sqv || echo gpgv) + dh_gencontrol -- -Vapt:keyring="$(shell ./vendor/getinfo keyring-package)" -Vopenpgp:Depends="$(shell test -e /usr/bin/sqv && echo "sqv (>= 1.3.0)" || echo gpgv)" override_dh_installcron: dh_installcron --name=apt-compat -- cgit v1.2.3-70-g09d2