If you're just looking to understand the source of the calculator, then the only file you need to review in depth is gnome-calculator_3.8.1.orig.tar.xz
.
What's the dsc file?
The .dsc
file is a Debian Source package description file. See the man page for dpkg-source
and How *.dsc files are related to *.deb and source code files.
It's an ASCII file and you can use cat
to view it. It should have a bunch of information that will be familiar to you if you've looked at the package in aptitude
, or used apt-cache show gnome-calculator
or similar.
Some specific things it does is list the files that are applicable, and their checksums. It also has a PGP signature that is used to verify the validity of the package (see discussion below).
You probably don't have much to do with this unless you're learning about packaging up the software again, or just curious.
Why are two tar files retrieved, and why is the "orig" one much larger?
The .orig.tar.xz
file is the original source from the original project (external to Ubuntu). This will be a particular version of the code that was selected by Ubuntu to be the one included in the distribution. It should be a complete source tree, and should, theoretically, compile to a working (although possibly not optimal for your distro) application.
The -0ubuntu1.debian.tar.gz
file is for packaging and any customisations applied to make it part of the distro. It can include patches and code modifications. In the case of the gnome-calculator code I've just downloaded, there is no additional code, or patches, so you needn't spend long looking at it.
If you're interested in the packaging process, you could have a look at the Ubuntu packaging guide.
Why does the error "gpgv: Can't check signature: public key not found" happen and how can I resolve it?
The Cannot verify signature
message arises because in the .dsc
file there's a signature. Apt tries to verify the signature (and hence the package). This is a pretty important step to make sure the code that you've got is what the Ubuntu team wanted you to get, and hasn't been mucked around with in any way. In your case it's not able to do this validation because it can't find the public key that applies.
I can't reproduce the issue, but I'd suggest these two links will help.