[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tag2upload signing failure

Hello Matthias,

On Sat 02 Jan 2021 at 07:04PM +01, Matthias Urlichs wrote:

> My subsequent command
> $ DGIT_DRS_EMAIL_NOREPLY=smurf@debian.org dgit-repos-server debian . /usr/share/keyrings/debian-keyring.gpg,a --tag2upload https://salsa.debian.org/smurf/knxd.git debian/0.14.41-1
> resulted in a "push-to-upload failed" email that ends with
> dpkg-source: warning: extracting unsigned source package (/tmp/fileX2LZaA/work/../bpd/knxd_0.14.41-1.dsc)
> dpkg-source: info: extracting knxd in knxd-0.14.41
> dpkg-source: info: unpacking knxd_0.14.41.orig.tar.xz
> dpkg-source: info: unpacking knxd_0.14.41-1.debian.tar.xz
> ../bpd/knxd_0.14.41-1_source.changes already has appropriate .orig(s) (if any)
> gpg: skipped "Matthias Urlichs<matthias@urlichs.de>": Unusable secret key
> gpg: signing failed: Unusable secret key
> dgit: failed command: gpg --detach-sign --armor -u 'Matthias Urlichs<matthias@urlichs.de>'/tmp/fileX2LZaA/work/.git/dgit/tag.tmp
> dgit: error: subprocess failed with error exit status 2
> which is strange because why would the server try to sign anything with 
> my personal key?

It's trying to use your personal key because what you are using is a
local demo of tag2upload.  The real thing would have its own key with
upload rights.  Are you doing something to prevent tag2upload from
making use of your personal key?

Sean Whitton

Reply to: