On 27-Dec-2016, Elías Alejandro <[email protected]> wrote: > Recently I wanted to sign my package with debsign and then upload to > debian mentors but I got an error, the steps was the following:
Thank you for providing the files needed to do the same checks. I get different results; the error message you report doesn't appear when I try. The message from ‘dput’ implies that it does not recognise the result from GPGME about the signature. So this is a valuable test case, thank you for reporting it. So I need to know more details about the key and signature. Especially, I need to know what GnuPG itself says about that signature. Can you try to reproduce this session, in a clean chroot (so no keyring with the public key yet) and show what results you get? ===== Script started on Wed 28 Dec 2016 13:56:00 AEDT $ gpg1 --version gpg (GnuPG) 1.4.21 Copyright (C) 2015 Free Software Foundation, Inc. […] $ gpg1 --list-key C9F1CBF56351F719 gpg: error reading key: public key not found $ gpg1 --verify ./gpick/gpick_0.2.5+git20161221-1_i386.changes gpg: Signature made Wed 28 Dec 2016 08:44:36 AEDT using RSA key ID 6351F719 gpg: Can't check signature: public key not found $ gpg1 --import ./bug-849455.pubkey.asc gpg: keyring `/home/bignose/.gnupg/pubring.gpg' created gpg: key 6351F719: public key "Elías Alejandro Año Mendoza <[email protected]>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) $ gpg1 --verify ./gpick/gpick_0.2.5+git20161221-1_i386.changes gpg: Signature made Wed 28 Dec 2016 08:44:36 AEDT using RSA key ID 6351F719 gpg: Good signature from "Elías Alejandro Año Mendoza <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 64CF 7C59 E56B 38F0 4CA6 F861 C9F1 CBF5 6351 F719 $ gpg2 --version gpg (GnuPG) 2.1.16 libgcrypt 1.7.3-beta Copyright (C) 2016 Free Software Foundation, Inc. […] $ gpg2 --list-key C9F1CBF56351F719 gpg: error reading key: No public key $ gpg2 --verify ./gpick/gpick_0.2.5+git20161221-1_i386.changes gpg: Signature made Wed 28 Dec 2016 08:44:36 AEDT gpg: using RSA key C9F1CBF56351F719 gpg: Can't check signature: No public key $ gpg2 --import ./bug-849455.pubkey.asc gpg: key C9F1CBF56351F719: "Elías Alejandro Año Mendoza <[email protected]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 $ gpg2 --verify ./gpick/gpick_0.2.5+git20161221-1_i386.changes gpg: Signature made Wed 28 Dec 2016 08:44:36 AEDT gpg: using RSA key C9F1CBF56351F719 gpg: Good signature from "Elías Alejandro Año Mendoza <[email protected]>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 64CF 7C59 E56B 38F0 4CA6 F861 C9F1 CBF5 6351 F719 $ exit Script done on Wed 28 Dec 2016 14:00:39 AEDT ===== So in either case there is a clear answer: the public key is not found, or (when the public key is in the keyring) the signature is good. I don't know how to get the result you showed. -- \ “Leave nothing to chance. Overlook nothing. Combine | `\ contradictory observations. Allow yourself enough time.” | _o__) —Hippocrates | Ben Finney <[email protected]>
signature.asc
Description: PGP signature
