Hi Jonathan,
On Wed, Aug 25, 2021 at 11:27 PM Raphael Hertzog <
hertzog@debian.org> wrote:
> it would be nice if we could get an update of debian-archive-keyring
> in stretch to add the bullseye key just like it has been done in buster a
> while ago:
>
https://tracker.debian.org/news/1236764/accepted-debian-archive-keyring-20191deb10u1-source-all-into-proposed-updates-stable-new-proposed-updates/Whilst prepping an update for stretch, I cherry-picked the following
commits from the salsa repository w cross-checking the update
as proposed via #985371:
464dc87f2dc7d5ef84150a1fe5b326ba9bb5174e -> Add automatic
signing keys for bullseye.
379aebbdf44d2fa9bde4eb5904c9e860cd13eb28 -> Add Debian
Stable Release Key (11/bullseye).
74d1b0366c01b1b4653b5eba24f751655c25bb96 -> Refresh
signatures over keyrings/debian-archive-keyring.gpg (and not
keyrings/debian-archive-removed-keys.gpg since I'm not
removing any keys in this update).
With these 3 commits, I tried to build the package and it failed
with the following error:
8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<
gpg --no-options --no-default-keyring --no-auto-check-trustdb --trustdb-name ./trustdb.gpg \
--keyring keyrings/team-members.gpg \
--verify active-keys/index.gpg active-keys/index
gpg: Signature made Wed Feb 24 20:38:18 2021 UTC
gpg: using RSA key 0032DDC8B18C9DE1989FC76D44D32AB5FA26F8C9
gpg: ./trustdb.gpg: trustdb created
gpg: BAD signature from "Jonathan Wiltshire <
jmw@debian.org>" [expired]
Makefile:9: recipe for target 'verify-indices' failed
8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<
I then also cherry-picked 0b6a54a5302793954af9659a399e76169281b98b,
that is, updating your key. But it still failed with the same
error. I am not sure what's up? Do you have an idea what's
happening? TIA!
- u