Re: tag2upload signing failure
On 02.01.21 22:12, Sean Whitton wrote: gpg's command line syntax and configuration makes this hard. It is documented[1] as using "your default PGP key" which doesn't help if it gets passed an explicit "-u WHATEVER" argument. However, the call uses dgit's options, thus $ git config --global --add dgit-distro.debian.keyid ABCD1234DEADBEEF actually works. Next time I'll wait for the remainder of my migraine headache to go away before asking questions I should have been able to figure out myself; sorry about the noise. -- -- Matthias Urlichs OpenPGP_signature Description: OpenPGP digital signature
Re: tag2upload signing failure
On 02.01.21 21:28, Sean Whitton wrote: It's trying to use your personal key because what you are using is a local demo of tag2upload. The real thing would have its own key with upload rights. Owch. I should have noticed it's local. Any idea how I tell it which key to use? -- -- Matthias Urlichs OpenPGP_signature Description: OpenPGP digital signature
Re: tag2upload signing failure
Hello, On Sat 02 Jan 2021 at 09:50PM +01, Matthias Urlichs wrote: > On 02.01.21 21:28, Sean Whitton wrote: >> It's trying to use your personal key because what you are using is a >> local demo of tag2upload. The real thing would have its own key with >> upload rights. > > Owch. I should have noticed it's local. > > Any idea how I tell it which key to use? gpg's command line syntax and configuration makes this hard. It is documented[1] as using "your default PGP key" so it ought to just use whatever you'd use if you type `gpg --clearsign` and type a message. In my ~/.gnupg/gpg.conf I have this line default-key 8DC2487E51ABDD90B5C4753F0F56D0553B6D411B so you could try setting that to your own fingerprint. [1] https://spwhitton.name/blog/entry/tag2upload/ -- Sean Whitton signature.asc Description: PGP signature
Re: tag2upload signing failure
Hello Matthias, On Sat 02 Jan 2021 at 07:04PM +01, Matthias Urlichs wrote: > My subsequent command > > $ DGIT_DRS_EMAIL_NOREPLY=sm...@debian.org dgit-repos-server debian . > /usr/share/keyrings/debian-keyring.gpg,a --tag2upload > https://salsa.debian.org/smurf/knxd.git debian/0.14.41-1 > > resulted in a "push-to-upload failed" email that ends with > > dpkg-source: warning: extracting unsigned source package > (/tmp/fileX2LZaA/work/../bpd/knxd_0.14.41-1.dsc) > dpkg-source: info: extracting knxd in knxd-0.14.41 > dpkg-source: info: unpacking knxd_0.14.41.orig.tar.xz > dpkg-source: info: unpacking knxd_0.14.41-1.debian.tar.xz > ../bpd/knxd_0.14.41-1_source.changes already has appropriate .orig(s) (if any) > gpg: skipped "Matthias Urlichs": Unusable secret key > gpg: signing failed: Unusable secret key > dgit: failed command: gpg --detach-sign --armor -u 'Matthias > Urlichs'/tmp/fileX2LZaA/work/.git/dgit/tag.tmp > > dgit: error: subprocess failed with error exit status 2 > > which is strange because why would the server try to sign anything with > my personal key? It's trying to use your personal key because what you are using is a local demo of tag2upload. The real thing would have its own key with upload rights. Are you doing something to prevent tag2upload from making use of your personal key? -- Sean Whitton
