uscan die: OpenPGP signature did not verify. at /usr/share/perl5/Devscripts/Uscan/Output.pm line 58.
Hi there,
Here is what I see when I try to update libkcapi upstream package
(Debian/buster):
$ uscan --verbose --force-download --rename
[...]
uscan info: Downloading OpenPGP signature from
http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz.asc (pgpsigurlmangled)
as libkcapi-1.1.5.tar.xz.asc
uscan info: Requesting URL:
http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz.asc
uscan info: Verifying OpenPGP signature ../libkcapi-1.1.5.tar.xz.asc
for ../libkcapi-1.1.5.tar.xz
uscan info: Execute: gpgv --homedir /dev/null --keyring
/tmp/VZrTWy04zw/trustedkeys.gpg ../libkcapi-1.1.5.tar.xz.asc
../libkcapi-1.1.5.tar.xz...
gpgv: Signature made Wed 31 Jul 2019 10:01:53 AM CEST
gpgv: using RSA key 3BCC43D4D2C87D1784B69EE4421EE936326AC15B
gpgv: Can't check signature: No public key
uscan die: OpenPGP signature did not verify. at
/usr/share/perl5/Devscripts/Uscan/Output.pm line 58.
Indeed there something that has changed with gpg:
$ wget http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz.asc
$ wget http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz
$ gpg --verify libkcapi-1.1.5.tar.xz.asc
gpg: assuming signed data in 'libkcapi-1.1.5.tar.xz'
gpg: Signature made Wed 31 Jul 2019 10:01:53 AM CEST
gpg: using RSA key 3BCC43D4D2C87D1784B69EE4421EE936326AC15B
gpg: Can't check signature: No public key
$ gpg --show-key libkcapi-1.1.5.tar.xz.asc
gpg: no valid OpenPGP data found.
Where:
$ file libkcapi-1.1.5.tar.xz.asc
libkcapi-1.1.5.tar.xz.asc: PGP signature Signature (old)
I have not been able to find much help from the uscan documentation:
https://wiki.debian.org/debian/watch#pgpsigurlmangle
What did I miss ?
Thanks for pointers,
-M
Reply to: