[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

tag2upload signing failure


I just tried to push the current version of knxd by way of git-debpush and tag2upload, but ran into a signing error I don't know what to make of.

The repository is salsa:smurf/knxd.git; the tag contains this::

$ git tag -v debian/0.14.41-1
object 632f2583dac046e3730e3ee0e0d910fe34cc7b14
type commit
tag debian/0.14.41-1
tagger Matthias Urlichs <matthias@urlichs.de> 1609609669 +0100

knxd release 0.14.41-1 for unstable

[dgit distro=debian split --quilt=baredebian]
[dgit please-upload upstream-tag=0.14.41 upstream=f23b14b361d9d465c7f105004f015f2cabe57f3c]
gpg: Signature made Sa 02 Jan 2021 18:47:49 CET
gpg:                using RSA key 37319C10BF046317A1443809F86CB26C76C1C165
gpg: Good signature from "Matthias Urlichs (primary email) <matthias@urlichs.de>" [unknown]
gpg:                 aka "Matthias Urlichs (Google Talk) <smurfix@gmail.com>" [unknown]
gpg:                 aka "Matthias Urlichs (old email) <smurf@smurf.noris.de>" [unknown]
gpg:                 aka "Matthias Urlichs (noris network AG) <smurf@noris.net>" [unknown]
gpg:                 aka "Matthias Urlichs (Verwaltung) <matthias.urlichs@venoris.de>" [unknown]
gpg:                 aka "[jpeg image of size 3608]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: AFD7 9782 F3BA EC02 0B28  A19F 72CF 8E5E 25B4 C293
     Subkey fingerprint: 3731 9C10 BF04 6317 A144  3809 F86C B26C 76C1 C165

My subsequent command

$ DGIT_DRS_EMAIL_NOREPLY=smurf@debian.org dgit-repos-server debian . /usr/share/keyrings/debian-keyring.gpg,a --tag2upload https://salsa.debian.org/smurf/knxd.git debian/0.14.41-1

resulted in a "push-to-upload failed" email that ends with

dpkg-source: warning: extracting unsigned source package (/tmp/fileX2LZaA/work/../bpd/knxd_0.14.41-1.dsc)
dpkg-source: info: extracting knxd in knxd-0.14.41
dpkg-source: info: unpacking knxd_0.14.41.orig.tar.xz
dpkg-source: info: unpacking knxd_0.14.41-1.debian.tar.xz
../bpd/knxd_0.14.41-1_source.changes already has appropriate .orig(s) (if any)
gpg: skipped "Matthias Urlichs <matthias@urlichs.de>": Unusable secret key
gpg: signing failed: Unusable secret key
dgit: failed command: gpg --detach-sign --armor -u 'Matthias Urlichs <matthias@urlichs.de>' /tmp/fileX2LZaA/work/.git/dgit/tag.tmp

dgit: error: subprocess failed with error exit status 2

which is strange because why would the server try to sign anything with my personal key?

dgit-infrastructure is uptodate, 9.12.

Helpful ideas appreciated.

NB: happy new year everybody. :-)

-- Matthias Urlichs

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to: