Bug#1108506: gpg-sq: clear-sign failed with debsign

2025-06-30 Thread Leonardo Arias Fonseca 


On 25-06-30 8:56 atm, Holger Levsen wrote:

you might get a better error message with sq directly.
can you please try 'sq sign --cleartext --signer FINGERPRINT' and post the 
output?


No error here. It asks for my password, then I type some things, ctrl+d 
and it prints the message signed.


```

❯ sq sign --cleartext --signer 814701B018F2684D4234E927C279C6A1E423C96C
Please enter the password to decrypt C279C6A1E423C96C/DC037DF130E60F07, 
Leonardo Arias Fonseca (authenticated):

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Waiting for the data to sign on stdin...
Hello
Hello

-BEGIN PGP SIGNATURE-

wsG7BAEBCgBvBYJoYyUcCRDcA33xMOYPB0cUAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmdk18/4xBM7n7nu5xQfkRPyn3bTvEXbB9i09bGwGEoC
LxYhBCZ5t/esoguHEmePJdwDffEw5g8HAAAhaRAAkb6t7cC8YZTNvu1deDcvBQnY
8LwuBSU3Q1gMJgPb3mbkI598PO0dsRDhk+FTH3wdL5u8fVV5Ll6uIpcMHoLWbpVi
VI62uuoi4N1viXRGKRA7Ktmk/H5O6aPpbAkowDflBs/XLFG1oYWhS0MDOXDqRXVy
Q6DV2DFPRTpETrdeQ8u5blOCD1H7Mq563br5kD45kiTJ7lqUHCpXKpszeN/nOJQE
deA4xkDIUIzRnIq7S+uHQ9jRzmFHx1+1aboa4J0UffKwRj8X13/bEP39g37n6ewi
+jkNas6tWPlAd8XVJjTpJ5TCGRobdxW7Uo0fyFl/MkLdtWJTyXv1g4cfNrfl75Ls
YiakXa0adlPXG/nXYmYASHMSV6C+F5/JCORpYHwHbY90C7cSM3tBWMY+CVLogaO4
rRZIhKATrZBKWSbf1BP2nJwrO11IjM6D4sf8jbgozQGAXUxP9/Za48vpKNRcpxsn
ZNHupP44uwapUqfpERSJ1EUMwK1aBHgvNd6s+IR8CCnPY5Dc9jz+jLpPacnPo/hD
yRf4WpXpk8qgHcQSqVKDU2baUdoU/gSqFCdVLv9Ci8n32byuStPd9rbVtLcQYzMP
eIodnN4aV5L2MLj9xkVUC0tsSEmnUmNkNcBgI1GHIdpP7yGnF/T4Y30TLRdXSS1m
Y5pIn0H95RABPgmEhng=
=wJwu
-END PGP SIGNATURE-
```


Also the output of 'sq inspect --cert FINGERPRINT' would be helpful.


```

❯ sq inspect --cert 814701B018F2684D4234E927C279C6A1E423C96C
OpenPGP Certificate.

  Fingerprint: 814701B018F2684D4234E927C279C6A1E423C96C
  Public-key algo: EdDSA
  Public-key size: 256 bits
    Creation time: 2025-06-13 16:24:14 UTC
  Expiration time: 2028-06-13 09:50:35 UTC (creation time + 2years 
11months 30days 9h 16m 45s)

    Key flags: certification

   Subkey: 2679B7F7ACA20B8712678F25DC037DF130E60F07
  Public-key algo: RSA
  Public-key size: 4096 bits
    Creation time: 2025-06-19 16:27:56 UTC
  Expiration time: 2028-06-19 09:54:17 UTC (creation time + 2years 
11months 30days 9h 16m 45s)

    Key flags: signing

   Subkey: 29D926181D2E328E3671EA23E97A03F0D7F99591
  Public-key algo: EdDSA
  Public-key size: 256 bits
    Creation time: 2025-06-13 16:24:14 UTC
  Expiration time: 2028-06-13 09:50:35 UTC (creation time + 2years 
11months 30days 9h 16m 45s)

    Key flags: authentication

   Subkey: D85BB376366035B4FF9EB539A159E07825CDEAC0
  Public-key algo: EdDSA
  Public-key size: 256 bits
    Creation time: 2025-06-13 16:24:14 UTC
  Expiration time: 2028-06-13 09:50:35 UTC (creation time + 2years 
11months 30days 9h 16m 45s)

    Key flags: signing

   Subkey: 26562CF08196739FA2FACAFA2F434ACFB4982E3F
  Public-key algo: ECDH
  Public-key size: 256 bits
    Creation time: 2025-06-13 16:24:14 UTC
  Expiration time: 2028-06-13 09:50:35 UTC (creation time + 2years 
11months 30days 9h 16m 45s)

    Key flags: transport encryption, data-at-rest encryption

   UserID: 

   UserID: 

   UserID: 
   Certifications: 2, use --certifications to list

   UserID: 

   UserID: Leonardo Arias Fonseca
   Certifications: 2, use --certifications to list

   UserID: debian

   UserID: github

   UserID: work
```

Bug#1108506: gpg-sq: clear-sign failed with debsign

2025-06-30 Thread Holger Levsen 
Hi Leonardo,

thanks for your bug report!

On Sun, Jun 29, 2025 at 04:57:13PM -0600, Leonardo Arias Fonseca wrote:
> I want to sign my debian package with sequoia, so I tried with gpg-sq and got 
> the error "Unusable secret key".
> 
> ```
> golang-github-offchainlabs-go-bitfield import/git20250408.ad7364d 
> ❯ debsign -k 814701B018F2684D4234E927C279C6A1E423C96C -p gpg-sq
>  signfile dsc 
> ../golang-github-offchainlabs-go-bitfield_0.0~git20250408.ad7364d-2.dsc 
> 814701B018F2684D4234E927C279C6A1E423C96C
> gpg: skipped "814701B018F2684D4234E927C279C6A1E423C96C": Unusable secret key
> gpg: 
> /tmp/debsign.JSl3QUmL/golang-github-offchainlabs-go-bitfield_0.0~git20250408.ad7364d-2.dsc:
>  clear-sign failed: Unusable secret key
> debsign: gpg-sq error occurred!  Aborting
> ```

you might get a better error message with sq directly. 
can you please try 'sq sign --cleartext --signer FINGERPRINT' and post the 
output?

Also the output of 'sq inspect --cert FINGERPRINT' would be helpful.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

🔥 - this is fine.


signature.asc
Description: PGP signature

Bug#1108506: gpg-sq: clear-sign failed with debsign

2025-06-29 Thread Leonardo Arias Fonseca 
Package: gpg-sq
Version: 0.13.1-3+b1
Severity: normal
X-Debbugs-Cc: [email protected]

Dear Maintainer,

I want to sign my debian package with sequoia, so I tried with gpg-sq and got 
the error "Unusable secret key".

```
golang-github-offchainlabs-go-bitfield import/git20250408.ad7364d 
❯ debsign -k 814701B018F2684D4234E927C279C6A1E423C96C -p gpg-sq
 signfile dsc 
../golang-github-offchainlabs-go-bitfield_0.0~git20250408.ad7364d-2.dsc 
814701B018F2684D4234E927C279C6A1E423C96C
gpg: skipped "814701B018F2684D4234E927C279C6A1E423C96C": Unusable secret key
gpg: 
/tmp/debsign.JSl3QUmL/golang-github-offchainlabs-go-bitfield_0.0~git20250408.ad7364d-2.dsc:
 clear-sign failed: Unusable secret key
debsign: gpg-sq error occurred!  Aborting
```

I am learning about all of this, so I'm not sure if I'm doing something wrong 
in this command. I'm not sure what to try next.


-- System Information:
Debian Release: 13.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: riscv64

Kernel: Linux 6.12.32-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=eo.UTF-8, LC_CTYPE=eo.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gpg-sq depends on:
ii  libbz2-1.0  1.0.8-6
ii  libc6   2.41-9
ii  libgcc-s1   14.2.0-19
ii  libgmp102:6.3.0+dfsg-3
ii  libhogweed6t64  3.10.1-1
ii  libnettle8t64   3.10.1-1
ii  libsqlite3-03.46.1-6
ii  libssl3t64  3.5.0-2

Versions of packages gpg-sq recommends:
ii  sq  1.3.1-2+b1

gpg-sq suggests no packages.

-- no debconf information