This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=d231432f71925be6c6b31f47c397c6d2a8ac9f1d commit d231432f71925be6c6b31f47c397c6d2a8ac9f1d Author: Guillem Jover <[email protected]> AuthorDate: Thu Feb 20 03:44:43 2025 +0100 Dpkg::OpenPGP::Backend::Sequoia: Add a hint about authorizing own keys These would ideally be emitted by sq itself, but for now this hint is better than nothing, and might direct users to a solution that might not be obvious. --- scripts/Dpkg/OpenPGP/Backend/Sequoia.pm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm index 27422c8f6..cc01516f7 100644 --- a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm +++ b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm @@ -144,7 +144,13 @@ sub inline_sign push @opts, '--output', $inlinesigned; my $rc = $self->_sq_exec('sign', @opts, $data); - return OPENPGP_KEY_CANNOT_SIGN if $rc; + if ($rc) { + # XXX: Ideally sq would emit this kind of hint itself when it knows it + # might apply, but for now this is probably better than nothing. + hint(g_('imported own keys might be missing ownership information, try:')); + hint(g_(' sq pki link authorize --cert FINGERPRINT --all --unconstrained')); + return OPENPGP_KEY_CANNOT_SIGN; + } return OPENPGP_OK; } -- Dpkg.Org's dpkg
