control: reopen -1

Hi,

On 2023-12-22 12:16, Guillem Jover wrote:
> Hi!
> 
> On Fri, 2023-12-22 at 10:53:18 +0100, Christian Marillat wrote:
> > Package: dupload
> > Version: 2.10.4
> > Severity: grave
> 
> > This version fail to check a signature. Work fine with 2.10.3
> > 
> > ,----
> > | $ debrelease 
> > | dupload note: no announcement will be sent.
> > | Checking OpenPGP signatures before upload...gpgv: Signature made Fri Dec 
> > 22 10:50:05 2023 CET
> > | gpgv:                using RSA key 
> > A401FF99368FA1F98152DE755C808C2B65558117
> > | gpgv:                issuer "maril...@deb-multimedia.org"
> > | gpgv: Can't check signature: No public key
> > | openpgp-check: error: cannot verify inline signature for 
> > ../gerbera-dmo_1.12.1-dmo5_amd64.changes: no acceptable signature found
> > | 
> > | dupload: error: Pre-upload '/usr/share/dupload/openpgp-check %1' failed 
> > for ../gerbera-dmo_1.12.1-dmo5_amd64.changes
> > `----

This also causes issues on the riscv64 build daemons running sid:

| dupload exit status 9/0
| Removed  to reupload later.
| 
| Complete output from dupload:
| 
| dupload note: no announcement will be sent.
| Checking OpenPGP signatures before upload...gpgv: Signature made Fri Dec 22 
18:06:16 2023 UTC
| gpgv:                using RSA key 670D3AC041E218107D0DE6F9339F749981589F2F
| gpgv: Can't check signature: No public key
| openpgp-check: error: cannot verify inline signature for 
emmax_0~beta.20100307-4_riscv64-buildd.changes: no acceptable signature found
| 
| dupload: error: Pre-upload '/usr/share/dupload/openpgp-check %1' failed for 
emmax_0~beta.20100307-4_riscv64-buildd.changes

> Just to understand what is going wrong, I assume you don't have the
> debian-keyring package installed (where the signing certificate could
> be found in the debian-keyring.gpg keyring), nor the certificate for
> A401FF99368FA1F98152DE755C808C2B65558117 in ~/.gnupg/trustedkeys.gpg?

For debian build daemons, it is not expected to have the keys in the
debian-keyring.gpg file. The file ~/.gnupg/trustedkeys.gpg does not
exist.

> But gpg has it in its certificate store?

Yes:

buildd@rv-manda-01:~/.gnupg$ gpg -K
/home/buildd/.gnupg/pubring.kbx
-------------------------------
sec   rsa4096 2023-12-08 [SC] [expire : 2024-12-07]
      670D3AC041E218107D0DE6F9339F749981589F2F
uid          [  ultime ] buildd autosigning key rv-manda-01 
<buildd_riscv64-rv-manda...@buildd.debian.org>

Thanks
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurel...@aurel32.net                     http://aurel32.net

Reply via email to