Also update getBinaries() to allow retreival by binary name
This significantly speeds up binary file lookup for non-published
package versions, since we can get the list of binary urls, but
then have to look up the BPPH for each of those urls, which is slow.
If the user only wants a specific binary package and/or arch, this
speeds up getting that, especially for packages with a lot of binary
files (like the kernel).
Change dsc verification to fail only if the public key was available, but
signature verification failed. If no public key is available for the dsc,
print warning only. (LP: #1700846)
Also add pull-* parameter --no-verify-signature to manually prevent failure
when signature verification fails.
rename only with no content changes, so next commit shows code
changes converting script pull-pkg to module pullpkg.py
This also changes the file mode from 755 to 644, since we're changing
an executable script into a module.
look in its PPA for its SPPHs
look up the development (latest) UCA release if not specified
use the 'series' param as the UCA release, instead of 'uca_release' param
instead of a function that calls the system program rmadison, use
a fully-functional class to interface with the madison api, as well
as the debian snapshot api
Allow specifying series instead of version, to find the latest
version in that series; or only specify package name, to get the
latest version in the devel series
verify it can parse/load DSC when created
throw PackageNotFoundException from lp_spph if can't find package
update test case expected order of url processing
instead of debian.debian_support.Version, use ubuntutools version,
which extends it and adds the strip_epoch() function which is
needed to convert full version string to version used in filenames
Ubuntu doesn't have a unified keyring of developers like Debian has, so
it is not feasible to check for the dsc signatures.
Signed-off-by: Mattia Rizzolo <mattia@debian.org>
Using pull-debian-source fails on some very old packages such as on
texinfo 4.8.dfsg.1-4. I have hand-verified that the signature is good
(though with no trust path), so presumably this is because the signature
has rotated out of debian-keyring.
Add a --no-verify-signature option so that developers can still make use
of the find-and-download functionality of this tool, albeit without
signture verification.
