XPost: linux.debian.devel.release
To: 1104823@bugs.debian.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------DywMvbUJo5ehOoU09C20InN0
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SGkgR3VpbGxlbSwNCg0KT24gMDctMDUtMjAyNSAwMjoyOCwgR3VpbGxlbSBKb3ZlciB3cm90 ZToNCj4gUGxlYXNlIHByZS1hcHByb3ZlL3VuYmxvY2sgcGFja2FnZSBkcGtnLg0KDQoNCkFj aywgYnV0IHBsZWFzZSAoZm9yIGF2b2lkYW5jZSBvZiBhbnkgdHJvdWJsZSkgb25seSB1cGxv YWQgYWZ0ZXIgdGhlIA0KZGViaWFuLWluc3RhbGxlciBSQzEgaGFzIGJlZW4gcmVsZWFzZWQs IHdoaWNoIHdpbGwgYmUgYW5ub3VuY2VkIG9uIGQtZC1hLg0KDQo+ICAgIC0gVHJhbnNsYXRp b24gdXBkYXRlcy4NCj4gICAgLSBBbGxvY2F0aW9uIGZhaWx1cmUgZml4ZXMuDQo+ICAgIC0g U3VwcG9ydCBmb3IgdGhlIHRhZzJ1cGxvYWQgT3BlblBHUCBrZXlyaW5nLg0KPiAgICAtIE5l dyBQdXJlT1MgUGVybCB2ZW5kb3IgbW9kdWxlIChub3QgYWZmZWN0aW5nIERlYmlhbiwgYnV0 IHJlbW92ZXMNCj4gICAgICB0aGUgb25seSBkZWx0YSB0aGV5IGNhcnJ5IGFyb3VuZCwgQUZB SVIpLg0KPiAgICAtIEZpeGVzIGZvciB0aGUgT3BlblBHUCBiYWNrZW5kIGNvbW1hbmRzIHRl c3RzLg0KPiAgICAtIFN1cHBvcnQgZm9yIE9wZW5QR1AgdmVyaWZpY2F0aW9uLW9ubHkgY29t bWFuZCBzcXYgKGVxdWl2YWxlbnQgdG8NCj4gICAgICBncGd2KSwgc28gdGhhdCBmb3IgZXhh bXBsZSBkcGtnLXNvdXJjZSBjYW4gdmVyaWZ5ICh1cHN0cmVhbSwgYW5kDQo+ICAgICAgLmRz YykgYWdhaW4gb24gYSBtaW5pbWFsIHN5c3RlbSAoYWZ0ZXIgYXB0IHN3aXRjaGVkIGZyb20g Z3BndiB0bw0KPiAgICAgIHNxdikuDQoNCg0KV2hpbGUgcmV2aWV3aW5nIEkgc3BvdHRlZCB0 aGUgZm9sbG93aW5nLCBpdCBzZWVtcyBsaWtlIHRoaXMgbWlnaHQgbm93IGJlIA0Kb2Jzb2xl dGUgaW4gdGhlIEJyZWFrczoNCiAgIyBVc2VzIG5ldyBzcSBmZWF0dXJlcywgdy9vIHJlcXVp cmluZyBhIGhhcmQgZGVwZW5kZW5jeSBvbiBzcS4NCiAgIHNxICg8PCAwLjQwLjB+KSwNCg0K UGF1bA0K

--------------DywMvbUJo5ehOoU09C20InN0--

-----BEGIN PGP SIGNATURE-----

wsC7BAABCABvBYJoJf1PCRCcXJnrBb11CkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmdISyPc/hEbW+NqDrikmQPn6DGjf4QqfokKlblez9N8 gRYhBFi2bUhza+k7BS3mcpxcmesFvXUKAAAzBwf+MdxBuvasuc3nifeHBHcROSHK PproLi0cv+U+TL7Wk01BBcmGZ+lU3Q5s6fAwRT4DM/0NwMqP6SCPxHeW+JBLG1AN LFucLAc/Y3wFgrqc0MZOvlEJF3xHRuZ+s6Ql9SWdK38IxOcj5Dl/7jCrH1LB+bo2 YwLHIgdl6NzHN2D/+XT+9FLdiG2B15hx/Lqy94Dft4rnMuYysTsonejLtUM0VyZm 0nC+WuJJT3hVGjESvNX+ktKTgBCuY1rT5yTaNXJ48/P9zCxh+zh6D0HLQxzma02j xOuoMRyBJz9K7xlI7z73ROgJnzMIWo3qmBB5OD7IDuiFmjVKcX9W+60pIlmSow==
=d2FG
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.release

Hi!

On Thu, 2025-05-15 at 16:42:23 +0200, Paul Gevers wrote:

On 07-05-2025 02:28, Guillem Jover wrote:

Please pre-approve/unblock package dpkg.

Ack, but please (for avoidance of any trouble) only upload after the debian-installer RC1 has been released, which will be announced on
d-d-a.

Perfect thanks! Ah, and also thanks for the explicit note, it was not
entirely clear to me from the announcement, as that only mentioned udeb-producing packages, which dpkg is not. I'll wait until the
release has happened.

- Translation updates.
- Allocation failure fixes.
- Support for the tag2upload OpenPGP keyring.
- New PureOS Perl vendor module (not affecting Debian, but removes
the only delta they carry around, AFAIR).
- Fixes for the OpenPGP backend commands tests.
- Support for OpenPGP verification-only command sqv (equivalent to
gpgv), so that for example dpkg-source can verify (upstream, and
.dsc) again on a minimal system (after apt switched from gpgv to
sqv).

A new translation update came through, and had pending sending a note
about that, so here it is. :) I suppose it's no problem to include that
and any other translation updates that might come before the upload
happens?

(I'll cherry-pick these changes into git main, except for the release
stuff, which I'll hold off until immediately before the upload.)

While reviewing I spotted the following, it seems like this might
now be obsolete in the Breaks:
# Uses new sq features, w/o requiring a hard dependency on sq.
sq (<< 0.40.0~),

In stable/bookworm sq is currently at 0.27.0-2+b1, so to avoid
breakage during partial upgrades it seems to me that's still relevant,
but perhaps you were thinking about sqv which in stable/bookworm
is currently at 1.1.0-1+b5? Or perhaps something else?

Regards,
Guillem

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.release
Copy: 1104823@bugs.debian.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------3b2qgGd5Qzrs93WsRsqOyp59
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SGkgR3VpbGxlbSwNCg0KT24gMTUtMDUtMjAyNSAxOTowMCwgR3VpbGxlbSBKb3ZlciB3cm90 ZToNCj4+IEFjaywgYnV0IHBsZWFzZSAoZm9yIGF2b2lkYW5jZSBvZiBhbnkgdHJvdWJsZSkg b25seSB1cGxvYWQgYWZ0ZXIgdGhlDQo+PiBkZWJpYW4taW5zdGFsbGVyIFJDMSBoYXMgYmVl biByZWxlYXNlZCwgd2hpY2ggd2lsbCBiZSBhbm5vdW5jZWQgb24NCj4+IGQtZC1hLg0KPiAN Cj4gUGVyZmVjdCB0aGFua3MhIEFoLCBhbmQgYWxzbyB0aGFua3MgZm9yIHRoZSBleHBsaWNp dCBub3RlLCBpdCB3YXMgbm90DQo+IGVudGlyZWx5IGNsZWFyIHRvIG1lIGZyb20gdGhlIGFu bm91bmNlbWVudCwgYXMgdGhhdCBvbmx5IG1lbnRpb25lZA0KPiB1ZGViLXByb2R1Y2luZyBw YWNrYWdlcywgd2hpY2ggZHBrZyBpcyBub3QuIEknbGwgd2FpdCB1bnRpbCB0aGUNCj4gcmVs ZWFzZSBoYXMgaGFwcGVuZWQuDQoNCg0KSSBkb24ndCB0aGluayBkcGtnIGlzIGludm9sdmVk LCBidXQgSSdkIHJhdGhlciBiZSBzYWZlIHRoZW4gc29ycnkuDQoNCj4gQSBuZXcgdHJhbnNs YXRpb24gdXBkYXRlIGNhbWUgdGhyb3VnaCwgYW5kIGhhZCBwZW5kaW5nIHNlbmRpbmcgYSBu b3RlDQo+IGFib3V0IHRoYXQsIHNvIGhlcmUgaXQgaXMuIDopIEkgc3VwcG9zZSBpdCdzIG5v IHByb2JsZW0gdG8gaW5jbHVkZSB0aGF0DQo+IGFuZCBhbnkgb3RoZXIgdHJhbnNsYXRpb24g dXBkYXRlcyB0aGF0IG1pZ2h0IGNvbWUgYmVmb3JlIHRoZSB1cGxvYWQNCj4gaGFwcGVucz8N Cg0KDQpJbmRlZWQsIHRyYW5zbGF0aW9uIHVwZGF0ZXMgYXJlIGZpbmUuDQoNCj4+IFdoaWxl IHJldmlld2luZyBJIHNwb3R0ZWQgdGhlIGZvbGxvd2luZywgaXQgc2VlbXMgbGlrZSB0aGlz IG1pZ2h0DQo+PiBub3cgYmUgb2Jzb2xldGUgaW4gdGhlIEJyZWFrczoNCj4+ICAgIyBVc2Vz IG5ldyBzcSBmZWF0dXJlcywgdy9vIHJlcXVpcmluZyBhIGhhcmQgZGVwZW5kZW5jeSBvbiBz cS4NCj4+ICAgIHNxICg8PCAwLjQwLjB+KSwNCj4gDQo+IEluIHN0YWJsZS9ib29rd29ybSBz cSBpcyBjdXJyZW50bHkgYXQgMC4yNy4wLTIrYjEsIHNvIHRvIGF2b2lkDQo+IGJyZWFrYWdl IGR1cmluZyBwYXJ0aWFsIHVwZ3JhZGVzIGl0IHNlZW1zIHRvIG1lIHRoYXQncyBzdGlsbCBy ZWxldmFudCwNCj4gYnV0IHBlcmhhcHMgeW91IHdlcmUgdGhpbmtpbmcgYWJvdXQgc3F2IHdo aWNoIGluIHN0YWJsZS9ib29rd29ybQ0KPiBpcyBjdXJyZW50bHkgYXQgMS4xLjAtMStiNT8g T3IgcGVyaGFwcyBzb21ldGhpbmcgZWxzZT8NCg0KDQpJIHdhcyBtb3JlIHRoaW5raW5nIHRo YXQgZHBrZyBub3cgZG9lc24ndCBkcml2ZSBzcSBhbnltb3JlIChhcyBpdCdzIG5vdCANCmlu IHRoZSBsaXN0IG9mIERlcGVuZHMpIHNvIEknZCBleHBlY3QgYW4gb2xkZXIgdmVyc2lvbiBv ZiB0aGF0IHdvdWxkbid0IA0KbWF0dGVyLiBCdXQgcmVhZGluZyB0aGUgZGlmZiBhZ2Fpbiwg SSBzZWUgdGhhdCBgREVGQVVMVF9DTURgIHN0aWxsIA0KcG9pbnRzIGF0IHNxLCBzbyBJIGd1 ZXNzIHRoZSBjb2RlIHRvIGRyaXZlIHNxIGlzIHN0aWxsIHRoZXJlLiBPciBkaWQgSSANCnN0 aWxsIG1pc3JlYWQgdGhlIGRpZmY/IE9yIHBlcmhhcHMgc29tZXRoaW5nIGVsc2U/DQoNClBh dWwNCg0K

--------------3b2qgGd5Qzrs93WsRsqOyp59--

-----BEGIN PGP SIGNATURE-----

wsC7BAABCABvBYJoJjiiCRCcXJnrBb11CkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmfwpnTspxpIdTl6B9iUvOUGtchz6h+Qd8Yx8YPphnN0 wRYhBFi2bUhza+k7BS3mcpxcmesFvXUKAAC+iwf+LsVYnjnlJJDl+RWhOPTblutv kpfbuSE1Zo9VRvmeREc/1M3b/1B7HEUTycMuaI5SG4n7AJBAABS19iumytKQWCfw ch9IINexMK5O9wDyuP7d3fbneF7TL3QCLSpjUIBgn+VpbicNaKq1EVZY7gNHLC7B 0JfLdR2J2qL2gaOly/+vltl5qV4GdspAJYDZ7mBrNSHjH3lg931lNfD5Vpz+OBBr /5VXrvxZL2oycBcjJU5MeFqGw1v2HFf1wzp9c3IrOT5g2iKQLXTgCPwPR0TKbzaT ARQ+i7RbaAm4ziGfIjXMXwf8AoCtUq8k0fr1q7Pk47AmNqF0yLvzMxMIznq1tw==
=cP/9
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.release

Hi!

On Thu, 2025-05-15 at 20:55:30 +0200, Paul Gevers wrote:

On 15-05-2025 19:00, Guillem Jover wrote:

Ack, but please (for avoidance of any trouble) only upload after the debian-installer RC1 has been released, which will be announced on
d-d-a.

Perfect thanks! Ah, and also thanks for the explicit note, it was not entirely clear to me from the announcement, as that only mentioned udeb-producing packages, which dpkg is not. I'll wait until the
release has happened.

I don't think dpkg is involved, but I'd rather be safe then sorry.

Sure, no problem.

While reviewing I spotted the following, it seems like this might
now be obsolete in the Breaks:
# Uses new sq features, w/o requiring a hard dependency on sq.
sq (<< 0.40.0~),

In stable/bookworm sq is currently at 0.27.0-2+b1, so to avoid
breakage during partial upgrades it seems to me that's still relevant,
but perhaps you were thinking about sqv which in stable/bookworm
is currently at 1.1.0-1+b5? Or perhaps something else?

I was more thinking that dpkg now doesn't drive sq anymore (as it's
not in the list of Depends) so I'd expect an older version of that
wouldn't matter. But reading the diff again, I see that
`DEFAULT_CMD` still points at sq, so I guess the code to drive sq is
still there. Or did I still misread the diff? Or perhaps something
else?

Ah. The OpenPGP backends can support a "full" (in terms of what dpkg
needs) OpenPGP implementation that can sign, verify, etc, (for the Sequoia backend that would be «sq»), or a "verification-only" implementation
(for the Sequoia backend that would now be «sqv»). The users of the
API can request whether the latter is enough for their use (such as dpkg-source), and then the auto-detection code will try to find a
backend that has a suitable command available.

sq is still in the list of Recommends/Suggests for the "full"
implementation alternatives. sqv is now in the alternatives for the "verification-only" implementations (where in case an implementation
does not have a matching "verification-only" command the one providing
the "full" one is listed instead).

Hope that clarifies. :)

Thanks,
Guillem

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.release

Hi!

On Thu, 2025-05-15 at 23:02:56 +0200, Guillem Jover wrote:

On Thu, 2025-05-15 at 20:55:30 +0200, Paul Gevers wrote:

On 15-05-2025 19:00, Guillem Jover wrote:

Ack, but please (for avoidance of any trouble) only upload after the debian-installer RC1 has been released, which will be announced on d-d-a.

Perfect thanks! Ah, and also thanks for the explicit note, it was not entirely clear to me from the announcement, as that only mentioned udeb-producing packages, which dpkg is not. I'll wait until the
release has happened.

I don't think dpkg is involved, but I'd rather be safe then sorry.

Sure, no problem.

I've just uploaded it now.

While reviewing I spotted the following, it seems like this might
now be obsolete in the Breaks:
# Uses new sq features, w/o requiring a hard dependency on sq.
sq (<< 0.40.0~),

In stable/bookworm sq is currently at 0.27.0-2+b1, so to avoid
breakage during partial upgrades it seems to me that's still relevant, but perhaps you were thinking about sqv which in stable/bookworm
is currently at 1.1.0-1+b5? Or perhaps something else?

I was more thinking that dpkg now doesn't drive sq anymore (as it's
not in the list of Depends) so I'd expect an older version of that
wouldn't matter. But reading the diff again, I see that
`DEFAULT_CMD` still points at sq, so I guess the code to drive sq is
still there. Or did I still misread the diff? Or perhaps something
else?

Ah. The OpenPGP backends can support a "full" (in terms of what dpkg
needs) OpenPGP implementation that can sign, verify, etc, (for the Sequoia backend that would be «sq»), or a "verification-only" implementation
(for the Sequoia backend that would now be «sqv»). The users of the
API can request whether the latter is enough for their use (such as dpkg-source), and then the auto-detection code will try to find a
backend that has a suitable command available.

sq is still in the list of Recommends/Suggests for the "full"
implementation alternatives. sqv is now in the alternatives for the "verification-only" implementations (where in case an implementation
does not have a matching "verification-only" command the one providing
the "full" one is listed instead).

Hope that clarifies. :)

I took the liberty (given the nature of the change) and ended up adding
a couple of comments trying to clarify the above in the debian/control
file, patch attached, hope that's fine!

Thanks,
Guillem

From f089a3c89956e5a1ff2b96361c4e0201c27d598b Mon Sep 17 00:00:00 2001
From: Guillem Jover <guillem@debian.org>
Date: Sun, 18 May 2025 23:33:30 +0200
Subject: [PATCH] debian: Document OpenPGP implementation dependencies

Clarify that the ones are for full implementations, and the others are
for at least verification-only implementations.

Prompted-by: Paul Gevers <elbrus@debian.org>
---
debian/control | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/debian/control b/debian/control
index 429a438e6..9e15c9bb4 100644
--- a/debian/control
+++ b/debian/control
@@ -131,7 +131,9 @@ Recommends:
build-essential,
gcc | c-compiler,
fakeroot,
+# OpenPGP implementations providing full support.
sq | sqop | rsop | gosop | pgpainless-cli | gpg-sq | gnupg,
+# OpenPGP implementations providing at least verification-only support.
sqv | sqopv | rsopv | sopv | gosop | pgpainless-cli | gpgv-sq | gpgv,
# Used by dpkg-mergechangelogs.
libalgorithm-merge-perl,
@@ -185,7 +187,9 @@ Recommends:
Suggests:
debian-keyring,
debian-tag2upload-keyring,
+# OpenPGP implementations providing full support.
sq | sqop | rsop | gosop | pgpainless-cli | gpg-sq | gnupg,
+# OpenPGP implementations providing at least verification-only support.
sqv | sqopv | rsopv | sopv | gosop | pgpainless-cli | gpgv-sq | gpgv,
gcc | c-compiler,
binutils,
--
2.49.0

--- SoupGate-Win