[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian derivatives census: dpkg vendor information

If /etc/dpkg/origins/default does not include "Vendor: Debian", apt-get
source verification breaks when running "apt-get source package".

gpgv: Can't check signature: public key not found

(Full output of an example run is attached below. [1])

Can this be fixed? Is this a bug or missing feature?

I think it might be caused by dpkg. [2]

apt-get source pidgin
Reading package lists... Done
Building dependency tree
Reading state information... Done
NOTICE: 'pidgin' packaging is maintained in the 'Git' version control
system at:
Need to get 10.1 MB of source archives.
Get:1 http://ftp.us.debian.org/debian/ testing/main pidgin 2.10.7-2
(dsc) [2764 B]
Get:2 http://ftp.us.debian.org/debian/ testing/main pidgin 2.10.7-2
(tar) [10.1 MB]
Get:3 http://ftp.us.debian.org/debian/ testing/main pidgin 2.10.7-2
(diff) [58.9 kB]
Fetched 10.1 MB in 2min 47s (60.4 kB/s)

gpgv: keyblock resource `/home/user/.gnupg/trustedkeys.gpg': file open error
gpgv: Signature made Sun Feb 24 16:28:50 2013 UTC using RSA key ID 7E798989
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./pidgin_2.10.7-2.dsc
dpkg-source: info: extracting pidgin in pidgin-2.10.7
dpkg-source: info: unpacking pidgin_2.10.7.orig.tar.bz2
dpkg-source: info: unpacking pidgin_2.10.7-2.debian.tar.gz
dpkg-source: info: applying irc-linking.patch
dpkg-source: info: applying cap-crash.patch

[2] In file dpkg-1.16.10/scripts/Dpkg/Vendor.pm in function
get_vendor_object. [3]
[3] Function check_signature in
dpkg-1.16.10/scripts/Dpkg/Source/Package.pm  check_signature uses the
get_vendor_object function.

Reply to: