On Fri, Sep 15, 2017 at 06:44:49PM +0200, Thomas Schmitt wrote: > I read on > https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration.html > that since GnuPG 2.1 the file > ~/.gnupg/secring.gpg > is not used any more. > It still exists, but gpg --version now says "2.2.0". It's fine if still exists. > Alternatively: Would it be ok to make my packages with a backup of my > Sid which is still in the state before today's dist-upgrade ? Note that making a package and signing it are two separate operations (and you are supposed to run all build commands with -us -uc and run debsign explicitly). > Further problem: > lintian says Standards-Version: is 4.0.0, > upgrading-checklist.txt says it is 4.1.0. It's not a problem, lintian isn't always up-to-date. > My $HOME on Sid has a .gnupg directory with files which, except one, > are unchanged since two years, when i began to prepare Debian packages. > Last year they did suffice. > The only file with new timestamp is the empty directory > .gnupg/private-keys-v1.d > which according to > https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring > is supposed to contain automatically converted secret keys. Then something went wrong? Do you have .gnupg/.gpg-v21-migrated? Are .gnupg/private-keys-v1.d perms correct? Are .gnupg perms correct? > The lintian error is documented as > The packaging includes an upstream signing key but the corresponding > .asc signature for one or more source tarballs are not included in your > .changes file. > Policy 5.5 says that ".changes" stems from control, changelog, or rules. > Do i have to edit one of them ? No, you need to read dpkg-source(1) about including the orig tarball sig into the source package. -- WBR, wRAR
Attachment:
signature.asc
Description: PGP signature