Re: debuild finds no secret key after dist-upgrade

To: debian-mentors@lists.debian.org
Subject: Re: debuild finds no secret key after dist-upgrade
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Fri, 15 Sep 2017 19:42:54 +0200
Message-id: <[🔎] 24650756628002111141@scdbackup.webframe.org>
In-reply-to: <[🔎] 20170915165625.o6oijsrcgfsj7wr5@belkar.wrar.name>
References: <[🔎] 20170915165625.o6oijsrcgfsj7wr5@belkar.wrar.name>

Hi,

Andrey Rahmatullin wrote:
> Note that making a package and signing it are two separate operations (and
> you are supposed to run all build commands with -us -uc and run debsign
> explicitly).

I understand that my signature as sponsored preparer is not of interest
but rather the signature of the sponsor who uploads my files.

Currently my cheat sheet has as commands for packing up and checking
after preparing the ./debian files:

  debuild -S
  debuild -b
  cme check dpkg
  lintian -I -E --color never --show-overrides | less
  debclean

As superuser to make the binaries accessible for tests:

  dpkg -i libisofs6_1.4.8-1_amd64.deb

Can you give me a command sequence as replacement for debuild -S,
which omits the gpg part ?

> > The only file with new timestamp is the empty directory
> >   .gnupg/private-keys-v1.d
> > which according to
> >   https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring
> > is supposed to contain automatically converted secret keys.

> Then something went wrong?

Possibly. The dist-upgrade lasted longer than an hour and produced a
zillion of message lines. Unpacked software grew by 1.2 GB, plus another
1.2 GB in /var/cache/apt.
Hopefully i could roll back by a gzipped plain copy of the virtual disk.

> Do you have .gnupg/.gpg-v21-migrated? 

No.

> Are .gnupg/private-keys-v1.d perms correct?

  $ ls -ld .gnupg/private-keys-v1.d
  drwx------ 2 thomas thomas 4096 Aug 21  2015 .gnupg/private-keys-v1.d
  $ ls -lcd .gnupg/private-keys-v1.d
  drwx------ 2 thomas thomas 4096 Sep 15 17:30 .gnupg/private-keys-v1.d
  $ ls -alc .gnupg/private-keys-v1.d
  total 8
  drwx------ 2 thomas thomas 4096 Sep 15 17:30 .
  drwx------ 3 thomas thomas 4096 Sep  5  2015 ..

> Are .gnupg perms correct?

  $ ls -ld .gnupg
  drwx------ 3 thomas thomas 4096 Sep  5  2015 .gnupg
  $ ls -lcd .gnupg
  drwx------ 3 thomas thomas 4096 Sep  5  2015 .gnupg

It all worked a year ago.
So good that i cannot tell currently which GPG key i used.
(Would have to boot the old Sid to get gpg --list-secret-keys working again.)

> > Policy 5.5 says that ".changes" stems from control, changelog, or rules.
> > Do i have to edit one of them ?

> No, you need to read dpkg-source(1) about including the orig tarball sig
> into the source package.

I read about .asc there, but not about .sig.
And the instructions for .asc just say:
  "Optionally each original tarball  can  be  accompanied  by  a  detached
   upstream signature"
No clarification is to see what "accompanied" means in particular. 

Is the requirement for a .sig or .asc new since september 2016 ?
Back then i did not have an orig.tar.gz.sig on Sid while i ran debuild -S.
(Since today have orig.tar.gz.sig stored as neighbor of orig.tar.gz.
 But that did not help.)

I take instructions. They must just be tangible enough.

Have a nice day :)

Thomas

Reply to:

Follow-Ups:
- Re: debuild finds no secret key after dist-upgrade
  - From: "Thomas Schmitt" <scdbackup@gmx.net>
- Re: debuild finds no secret key after dist-upgrade
  - From: Andrey Rahmatullin <wrar@debian.org>

References:
- Re: debuild finds no secret key after dist-upgrade
  - From: Andrey Rahmatullin <wrar@debian.org>

Prev by Date: Re: debuild finds no secret key after dist-upgrade
Next by Date: Re: debuild finds no secret key after dist-upgrade
Previous by thread: Re: debuild finds no secret key after dist-upgrade
Next by thread: Re: debuild finds no secret key after dist-upgrade
Index(es):
- Date
- Thread