[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

uscan die: OpenPGP signature did not verify. at /usr/share/perl5/Devscripts/Uscan/Output.pm line 58.

Hi there,

Here is what I see when I try to update libkcapi upstream package
(Debian/buster):

$ uscan --verbose --force-download --rename
[...]
uscan info: Downloading OpenPGP signature from
   http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz.asc (pgpsigurlmangled)
   as libkcapi-1.1.5.tar.xz.asc
uscan info: Requesting URL:
   http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz.asc
uscan info: Verifying OpenPGP signature ../libkcapi-1.1.5.tar.xz.asc
for ../libkcapi-1.1.5.tar.xz
uscan info: Execute: gpgv --homedir /dev/null --keyring
/tmp/VZrTWy04zw/trustedkeys.gpg ../libkcapi-1.1.5.tar.xz.asc
../libkcapi-1.1.5.tar.xz...
gpgv: Signature made Wed 31 Jul 2019 10:01:53 AM CEST
gpgv:                using RSA key 3BCC43D4D2C87D1784B69EE4421EE936326AC15B
gpgv: Can't check signature: No public key
uscan die: OpenPGP signature did not verify. at
/usr/share/perl5/Devscripts/Uscan/Output.pm line 58.

Indeed there something that has changed with gpg:

$ wget http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz.asc
$ wget http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz
$ gpg --verify libkcapi-1.1.5.tar.xz.asc
gpg: assuming signed data in 'libkcapi-1.1.5.tar.xz'
gpg: Signature made Wed 31 Jul 2019 10:01:53 AM CEST
gpg:                using RSA key 3BCC43D4D2C87D1784B69EE4421EE936326AC15B
gpg: Can't check signature: No public key

$ gpg --show-key libkcapi-1.1.5.tar.xz.asc
gpg: no valid OpenPGP data found.

Where:

$ file libkcapi-1.1.5.tar.xz.asc
libkcapi-1.1.5.tar.xz.asc: PGP signature Signature (old)

I have not been able to find much help from the uscan documentation:

https://wiki.debian.org/debian/watch#pgpsigurlmangle

What did I miss ?

Thanks for pointers,

-M
Reply to: