Package: mini-buildd Version: 1.0.41 Severity: minor Hi,
when some archive signing keys have changed, mini-buildd just says "GnuPG authorization failed" without giving any information about the reasons to fail. When I start the daemon with --foreground --verbose --verbose --debug=exception,http,webapp, the log tells me which actual files were downloaded. I then can download those myself (since mini-buildd removes them immediately after failing the check) and manually run gpgv on it, giving the keys that the Release file was signed with. And finally, I can download the missing keys. Is it really necessary that mini-buildd verifies _all_ signatures on Release files? I don't know too much about that, but wouldn't it be enough to have one verified signature for the Release file to be genuine? Any why does it need to be so hard to find out what's going wrong? Wouldn't it be possible to emit something like "release file http://path.to.release.file/debian/dists/stretch/Release signed with untrusted key 16E90B3FDF65EDE3AA7F323C04EE7237B7D453EC" without having to hike up the debug level, maybe even in the web interface? Greetings Marc -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.1.16-zgsrv20080 (SMP w/6 CPU cores; PREEMPT) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mini-buildd depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.72 ii debootstrap 1.0.114 ii devscripts 2.19.5 ii dirmngr 2.2.13-2 ii dpkg-dev 1.19.7 ii gnupg 2.2.13-2 ii libjs-jquery 3.3.1~dfsg-3 ii libjs-sphinxdoc 1.8.4-1 ii lintian 2.15.0 ii lsb-base 10.2019051400 ii mini-buildd-common 1.0.41 ii python 2.7.16-1 ii python-cherrypy3 8.9.1-2 ii python-daemon 2.2.3-1 ii python-mini-buildd 1.0.41 ii python-pyftpdlib 1.5.4-1 ii reprepro 5.3.0-1 ii sbuild 0.78.1-2 ii schroot 1.6.10-6+b1 ii sudo 1.8.27-1 Versions of packages mini-buildd recommends: ii python-apt 1.8.4 Versions of packages mini-buildd suggests: pn binfmt-support <none> pn btrfs-progs <none> ii debian-archive-keyring 2019.1 ii haveged 1.9.1-7 ii lvm2 2.03.02-3 pn qemu-user-static <none> pn ubuntu-keyring <none> -- Configuration Files: /etc/default/mini-buildd changed [not included] /etc/schroot/setup.d/15mini-buildd-workarounds changed [not included] /etc/sudoers.d/mini-buildd-sudoers [Errno 13] Permission denied: '/etc/sudoers.d/mini-buildd-sudoers' -- debconf information excluded
