Bug#901417: marked as done (debian-archive-keyring: http://ftp.us.debian.org/debian/dists/buster/Release.gpg has no public key)

Tue, 12 Jun 2018 14:57:32 -0700 

Your message dated Tue, 12 Jun 2018 22:54:12 +0100
with message-id <1528840452.2806.44.ca...@adam-barratt.org.uk>
and subject line Re: Bug#901417: debian-archive-keyring: 
http://ftp.us.debian.org/debian/dists/buster/Release.gpg has no public key
has caused the Debian Bug report #901417,
regarding debian-archive-keyring: 
http://ftp.us.debian.org/debian/dists/buster/Release.gpg has no public key
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
901417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901417
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: debian-archive-keyring
Version: Unknown
Severity: normal

While trying to sign a chromium package I get an error:

gpgv: Can't check signature: public key not found


I tracked it down and found the buster Release.gpg key indeed doesn't
appear to have a valid public key:

[user@host Downloads]$ wget
http://ftp.us.debian.org/debian/dists/buster/Release.gpg
--2018-06-12 17:36:18--
http://ftp.us.debian.org/debian/dists/buster/Release.gpg
Resolving ftp.us.debian.org (ftp.us.debian.org)... 208.80.154.15,
128.30.2.26, 128.61.240.89, ...
Connecting to ftp.us.debian.org (ftp.us.debian.org)|208.80.154.15|:80...
connected.
HTTP request sent, awaiting response... 200 OK
Length: 2365 (2.3K) [application/octet-stream]
Saving to: ‘Release.gpg’

Release.gpg
100%[=======================================================================================================>]
 2.31K  --.-KB/s    in 0s

2018-06-12 17:36:18 (96.0 MB/s) - ‘Release.gpg’ saved [2365/2365]

[user@host Downloads]$ gpg --list-keys Release.gpg
gpg: error reading key: public key not found


Thanks for your assistance.
-Matt

--- End Message ---
--- Begin Message --- 
On Tue, 2018-06-12 at 17:38 -0400, Matt Bacchi wrote:
> Package: debian-archive-keyring
> Version: Unknown
> Severity: normal
> 
> While trying to sign a chromium package I get an error: 
> 

How are you trying to sign it? gpgv is used for *verifying* signatures,
not creating them.

> gpgv: Can't check signature: public key not found
> 
> I tracked it down and found the buster Release.gpg key indeed doesn't
> appear to have a valid public key:

That doesn't make sense. The key used to sign the Release files is used
just for that. It has nothing to do with building individual packages.

> [user@host Downloads]$ wget
> http://ftp.us.debian.org/debian/dists/buster/Release.gpg
> --2018-06-12 17:36:18--  http://ftp.us.debian.org/debian/dists/buster
> /Release.gpg
> Resolving ftp.us.debian.org (ftp.us.debian.org)... 208.80.154.15,
> 128.30.2.26, 128.61.240.89, ...
> Connecting to ftp.us.debian.org
> (ftp.us.debian.org)|208.80.154.15|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 2365 (2.3K) [application/octet-stream]
> Saving to: ‘Release.gpg’
> 
> Release.gpg                                     
> 100%[================================================================
> =======================================>]   2.31K  --.-KB/s    in 0s 
>     
> 
> 2018-06-12 17:36:18 (96.0 MB/s) - ‘Release.gpg’ saved [2365/2365]
> 
> [user@host Downloads]$ gpg --list-keys Release.gpg 
> gpg: error reading key: public key not found
> 

All that you've proved here is that you don't have a public key
containing the string "Release.gpg" in one of its user IDs. That's not
particularly surprising.

$ gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg --list-keys 
stretch
pub   rsa4096 2017-05-20 [SC] [expires: 2025-05-18]
      067E3C456BAE240ACEE88F6FEF0F382A1A7B6500
uid           [ unknown] Debian Stable Release Key (9/stretch) 
<debian-rele...@lists.debian.org>

pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF20DDFFE4B89E802658F1E0B11894F66AEC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) 
<ftpmas...@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      6ED6F5CB5FA6FB2F460AE88EEDA0D2388AE22BA9
uid           [ unknown] Debian Security Archive Automatic Signing Key 
(9/stretch) <ftpmas...@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

adam@jacala:~$ wget http://ftp.us.debian.org/debian/dists/buster/Release.gpg
--2018-06-12 22:52:20--  
http://ftp.us.debian.org/debian/dists/buster/Release.gpg
Resolving ftp.us.debian.org (ftp.us.debian.org)... 208.80.154.15, 128.30.2.26, 
128.61.240.89, ...
Connecting to ftp.us.debian.org (ftp.us.debian.org)|208.80.154.15|:80... 
connected.
HTTP request sent, awaiting response... 200 OK
Length: 2365 (2.3K) [application/octet-stream]
Saving to: ‘Release.gpg.1’

Release.gpg.1                                    
100%[=======================================================================================================>]
   2.31K  --.-KB/s    in 0s      

2018-06-12 22:52:20 (46.5 MB/s) - ‘Release.gpg.1’ saved [2365/2365]

adam@jacala:~$ wget http://ftp.us.debian.org/debian/dists/buster/Release
--2018-06-12 22:52:36--  http://ftp.us.debian.org/debian/dists/buster/Release
Resolving ftp.us.debian.org (ftp.us.debian.org)... 208.80.154.15, 
128.61.240.89, 128.30.2.26, ...
Connecting to ftp.us.debian.org (ftp.us.debian.org)|208.80.154.15|:80... 
connected.
HTTP request sent, awaiting response... 200 OK
Length: 147114 (144K) [application/octet-stream]
Saving to: ‘Release.1’

Release.1                                        
100%[=======================================================================================================>]
 143.67K   438KB/s    in 0.3s    

2018-06-12 22:52:37 (438 KB/s) - ‘Release.1’ saved [147114/147114]

adam@jacala:~$ gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg 
--verify Release.gpg.1 Release.1
gpg: Signature made Tue 12 Jun 2018 21:31:01 BST
gpg:                using RSA key A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553
gpg: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy) 
<ftpmas...@debian.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: A1BD 8E9D 78F7 FE5C 3E65  D8AF 8B48 AD62 4692 5553
gpg: Signature made Tue 12 Jun 2018 21:31:01 BST
gpg:                using RSA key 126C0D24BD8A2942CC7DF8AC7638D0442B90D010
gpg: Good signature from "Debian Archive Automatic Signing Key (8/jessie) 
<ftpmas...@debian.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
gpg: Signature made Tue 12 Jun 2018 21:31:01 BST
gpg:                using RSA key 16E90B3FDF65EDE3AA7F323C04EE7237B7D453EC
gpg: Good signature from "Debian Archive Automatic Signing Key (9/stretch) 
<ftpmas...@debian.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
     Subkey fingerprint: 16E9 0B3F DF65 EDE3 AA7F  323C 04EE 7237 B7D4 53EC


I'm closing this bug report, as I'm not sure that there's an actual
issue here in any package. Please ask for help on a user support
focused forum, for example debian-u...@lists.debian.org or #debian on
irc.debian.org.

Regards,

Adam

--- End Message ---

Reply via email to