Re: tag2upload signing failure
Hello Matthias,
On Sat 02 Jan 2021 at 07:04PM +01, Matthias Urlichs wrote:
> My subsequent command
>
> $ DGIT_DRS_EMAIL_NOREPLY=smurf@debian.org dgit-repos-server debian . /usr/share/keyrings/debian-keyring.gpg,a --tag2upload https://salsa.debian.org/smurf/knxd.git debian/0.14.41-1
>
> resulted in a "push-to-upload failed" email that ends with
>
> dpkg-source: warning: extracting unsigned source package (/tmp/fileX2LZaA/work/../bpd/knxd_0.14.41-1.dsc)
> dpkg-source: info: extracting knxd in knxd-0.14.41
> dpkg-source: info: unpacking knxd_0.14.41.orig.tar.xz
> dpkg-source: info: unpacking knxd_0.14.41-1.debian.tar.xz
> ../bpd/knxd_0.14.41-1_source.changes already has appropriate .orig(s) (if any)
> gpg: skipped "Matthias Urlichs<matthias@urlichs.de>": Unusable secret key
> gpg: signing failed: Unusable secret key
> dgit: failed command: gpg --detach-sign --armor -u 'Matthias Urlichs<matthias@urlichs.de>'/tmp/fileX2LZaA/work/.git/dgit/tag.tmp
>
> dgit: error: subprocess failed with error exit status 2
>
> which is strange because why would the server try to sign anything with
> my personal key?
It's trying to use your personal key because what you are using is a
local demo of tag2upload. The real thing would have its own key with
upload rights. Are you doing something to prevent tag2upload from
making use of your personal key?
--
Sean Whitton
Reply to: