Hi, the --verify option of dpkg-sig does not recognize .zst compression
of control and data files. So the verification of a signature fails,
even though the signature is okay.
The problem seems to be in this code in /usr/bin/dpkg-sig:
return "FORCE_BAD" unless ($seen_files{'debian-binary'} &&
($seen_files{'control.tar'} ||
$seen_files{'control.tar.gz'} || $seen_files{'control.tar.xz'}) &&
($seen_files{'data.tar'} || $seen_files{'data.tar.gz'} ||
$seen_files{'data.tar.xz'} || $seen_files{'data.tar.bz2'} ||
$seen_files{'data.tar.lzma'}));
It doesn't account for control.tar.zst and data.tar.zst, which in dpkg
1.21.1 is the default compression method.
If I use in debian/rules:
override_dh_builddeb:
dh_builddeb -- -Zxz
Then it works fine because it forces dbkg-deb to not use zstd. However
then lintian complains:
debian-rules-should-not-use-custom-compression-settings
and then I have to suppress this.
I guess my question is if this is a bug, or if my solution here is
acceptable.
Best,
Sergio
