Package: ftp.debian.org X-Debbugs-Cc: Tobias Erichsen <[email protected]>, [email protected] Control: Affects -1 simple-cdd
On 2017-06-15, Tobias Erichsen wrote: > I have just tried to run simple-cdd for the first time on Stretch RC5 and > encountered the following error: > > 2017-06-16 08:03:40 ERROR verify gpg signature exited with code 2 > 2017-06-16 08:03:40 ERROR Last 3 lines of standard error: > 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: Signature made Fri 16 > Jun 2017 04:56:35 AM CEST > 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: using RSA > key AED4B06F473041FA > 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: Can't check signature: > No public key Thanks for pointing the issue out, Tobias! Apparently, http://deb.debian.org/debian/extrafiles is still signed with the now deprecated squeeze release key, which is only present in debian-keyring's debian-archive-removed-keys.gpg. jcristau pointed out where this is happening: https://anonscm.debian.org/git/mirror/dak.git/tree/config/debian/dinstall.functions#n693 It would be really nice to get this fixed before stretch release! For simple-cdd, you can work around the issue by specifying both old and new keyrings: simple-cdd --keyring=/usr/share/keyrings/debian-archive-keyring.gpg,/usr/share/keyrings/debian-archive-removed-keys.gpg live well, vagrant
signature.asc
Description: PGP signature
