On Wed, Dec 28, 2016 at 12:21 AM, Ben Finney <[email protected]> wrote: > On 27-Dec-2016, Elías Alejandro <[email protected]> wrote: > >> Recently I wanted to sign my package with debsign and then upload to >> debian mentors but I got an error, the steps was the following: > > Thank you for providing the files needed to do the same checks. > > I get different results; the error message you report doesn't appear > when I try. > > The message from ‘dput’ implies that it does not recognise the result > from GPGME about the signature. So this is a valuable test case, thank > you for reporting it. > > > So I need to know more details about the key and signature. > Especially, I need to know what GnuPG itself says about that > signature. > > Can you try to reproduce this session, in a clean chroot (so no > keyring with the public key yet) and show what results you get? > > ===== > Script started on Wed 28 Dec 2016 13:56:00 AEDT > > $ gpg1 --version > gpg (GnuPG) 1.4.21 > Copyright (C) 2015 Free Software Foundation, Inc. > […] > > $ gpg1 --list-key C9F1CBF56351F719 > gpg: error reading key: public key not found > > $ gpg1 --verify ./gpick/gpick_0.2.5+git20161221-1_i386.changes > gpg: Signature made Wed 28 Dec 2016 08:44:36 AEDT using RSA key ID 6351F719 > gpg: Can't check signature: public key not found > > $ gpg1 --import ./bug-849455.pubkey.asc > gpg: keyring `/home/bignose/.gnupg/pubring.gpg' created > gpg: key 6351F719: public key "Elías Alejandro Año Mendoza > <[email protected]>" imported > gpg: Total number processed: 1 > gpg: imported: 1 (RSA: 1) > > $ gpg1 --verify ./gpick/gpick_0.2.5+git20161221-1_i386.changes > gpg: Signature made Wed 28 Dec 2016 08:44:36 AEDT using RSA key ID 6351F719 > gpg: Good signature from "Elías Alejandro Año Mendoza <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 64CF 7C59 E56B 38F0 4CA6 F861 C9F1 CBF5 6351 F719 > > > $ gpg2 --version > gpg (GnuPG) 2.1.16 > libgcrypt 1.7.3-beta > Copyright (C) 2016 Free Software Foundation, Inc. > […] > > $ gpg2 --list-key C9F1CBF56351F719 > gpg: error reading key: No public key > > $ gpg2 --verify ./gpick/gpick_0.2.5+git20161221-1_i386.changes > gpg: Signature made Wed 28 Dec 2016 08:44:36 AEDT > gpg: using RSA key C9F1CBF56351F719 > gpg: Can't check signature: No public key > > $ gpg2 --import ./bug-849455.pubkey.asc > gpg: key C9F1CBF56351F719: "Elías Alejandro Año Mendoza <[email protected]>" > not changed > gpg: Total number processed: 1 > gpg: unchanged: 1 > > $ gpg2 --verify ./gpick/gpick_0.2.5+git20161221-1_i386.changes > gpg: Signature made Wed 28 Dec 2016 08:44:36 AEDT > gpg: using RSA key C9F1CBF56351F719 > gpg: Good signature from "Elías Alejandro Año Mendoza <[email protected]>" > [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 64CF 7C59 E56B 38F0 4CA6 F861 C9F1 CBF5 6351 F719 > > > $ exit Ok. I've just noticed my gnupg version was older (stable version) and I think it was the problem: $ gpg --version gpg (GnuPG) 1.4.18
I've upgraded gnupg to the last version (2.1.17-2) and dput 0.11.0 works. summary: gnupg (last version) works with dput 0.11.0 gnupg (stable version) works with dput 0.11.1 Best regards, Elías Alejandro
