On 22 déc. 2023 12:16, Guillem Jover <guil...@debian.org> wrote:
[...] >> ,---- >> | $ debrelease >> | dupload note: no announcement will be sent. >> | Checking OpenPGP signatures before upload...gpgv: Signature made >> | Fri Dec 22 10:50:05 2023 CET >> | gpgv: using RSA key A401FF99368FA1F98152DE755C808C2B65558117 >> | gpgv: issuer "maril...@deb-multimedia.org" >> | gpgv: Can't check signature: No public key >> | openpgp-check: error: cannot verify inline signature for >> | ../gerbera-dmo_1.12.1-dmo5_amd64.changes: no acceptable signature >> | found >> | >> | dupload: error: Pre-upload '/usr/share/dupload/openpgp-check %1' >> | failed for ../gerbera-dmo_1.12.1-dmo5_amd64.changes >> `---- > > Just to understand what is going wrong, I assume you don't have the > debian-keyring package installed (where the signing certificate could > be found in the debian-keyring.gpg keyring), nor the certificate for > A401FF99368FA1F98152DE755C808C2B65558117 in ~/.gnupg/trustedkeys.gpg? > > But gpg has it in its certificate store? This key is also my debian key. > (Also wondering whether dpkg-source can verify the source for that, > as it is using the same logic as the rewritten hook is using now?) I don't see a problem with dpkg-source : ,---- | $ dpkg-source -x /srv/dak/ftp/pool/main/g/gerbera-dmo/gerbera-dmo_1.12.1-dmo5.dsc | gpgv: Signature made Fri Dec 22 10:50:05 2023 CET | gpgv: using RSA key A401FF99368FA1F98152DE755C808C2B65558117 | gpgv: issuer "maril...@deb-multimedia.org" | gpgv: Can't check signature: No public key | dpkg-source: warning: cannot verify inline signature for /srv/dak/ftp/pool/main/g/gerbera-dmo/gerbera-dmo_1.12.1-dmo5.dsc: no acceptable signature found | dpkg-source: info: extracting gerbera-dmo in gerbera-dmo-1.12.1 | dpkg-source: info: unpacking gerbera-dmo_1.12.1.orig.tar.gz | dpkg-source: info: unpacking gerbera-dmo_1.12.1-dmo5.debian.tar.xz | dpkg-source: info: using patch list from debian/patches/series | dpkg-source: info: applying 01_debian-cutomization.patch `---- Christian