On 2023-12-22 19:23, Aurelien Jarno wrote: > control: reopen -1 > > Hi, > > On 2023-12-22 12:16, Guillem Jover wrote: > > Hi! > > > > On Fri, 2023-12-22 at 10:53:18 +0100, Christian Marillat wrote: > > > Package: dupload > > > Version: 2.10.4 > > > Severity: grave > > > > > This version fail to check a signature. Work fine with 2.10.3 > > > > > > ,---- > > > | $ debrelease > > > | dupload note: no announcement will be sent. > > > | Checking OpenPGP signatures before upload...gpgv: Signature made Fri > > > Dec 22 10:50:05 2023 CET > > > | gpgv: using RSA key > > > A401FF99368FA1F98152DE755C808C2B65558117 > > > | gpgv: issuer "maril...@deb-multimedia.org" > > > | gpgv: Can't check signature: No public key > > > | openpgp-check: error: cannot verify inline signature for > > > ../gerbera-dmo_1.12.1-dmo5_amd64.changes: no acceptable signature found > > > | > > > | dupload: error: Pre-upload '/usr/share/dupload/openpgp-check %1' failed > > > for ../gerbera-dmo_1.12.1-dmo5_amd64.changes > > > `---- > > This also causes issues on the riscv64 build daemons running sid: > > | dupload exit status 9/0 > | Removed to reupload later. > | > | Complete output from dupload: > | > | dupload note: no announcement will be sent. > | Checking OpenPGP signatures before upload...gpgv: Signature made Fri Dec 22 > 18:06:16 2023 UTC > | gpgv: using RSA key 670D3AC041E218107D0DE6F9339F749981589F2F > | gpgv: Can't check signature: No public key > | openpgp-check: error: cannot verify inline signature for > emmax_0~beta.20100307-4_riscv64-buildd.changes: no acceptable signature found > | > | dupload: error: Pre-upload '/usr/share/dupload/openpgp-check %1' failed for > emmax_0~beta.20100307-4_riscv64-buildd.changes > > > Just to understand what is going wrong, I assume you don't have the > > debian-keyring package installed (where the signing certificate could > > be found in the debian-keyring.gpg keyring), nor the certificate for > > A401FF99368FA1F98152DE755C808C2B65558117 in ~/.gnupg/trustedkeys.gpg? > > For debian build daemons, it is not expected to have the keys in the > debian-keyring.gpg file. The file ~/.gnupg/trustedkeys.gpg does not > exist. > > > But gpg has it in its certificate store? > > Yes: > > buildd@rv-manda-01:~/.gnupg$ gpg -K > /home/buildd/.gnupg/pubring.kbx > ------------------------------- > sec rsa4096 2023-12-08 [SC] [expire : 2024-12-07] > 670D3AC041E218107D0DE6F9339F749981589F2F > uid [ ultime ] buildd autosigning key rv-manda-01 > <buildd_riscv64-rv-manda...@buildd.debian.org>
It seems the decision to trust the key comes from ~/.gnupg/trustdb.gpg, not from ~/.gnupg/trustedkeys.gpg. Cheers Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://aurel32.net