Re: debian-archive-keyring, update for stretch, problem
Hi,
FWIW, I haven't touched d-a-k for a few years now, nor have I seen your
package, so I'm largely guessing based on your provided text below.
On Sat, 2022-03-12 at 21:52 +0100, Anton Gladky wrote:
> I followed the README.maintainer. Added my key into team/members.
> But then, when I just refresh the signature:
>
> make clean
> make keyrings/debian-archive-keyring.gpg
> gpg --armor --detach-sign keyrings/debian-archive-keyring.gpg
>
> The package does not build and fails with the following message:
>
> =======
> gpg --no-options --no-default-keyring --no-auto-check-trustdb
> --trustdb-name ./trustdb.gpg \
> --keyring keyrings/team-members.gpg --verify \
> keyrings/debian-archive-removed-keys.gpg.asc \
> keyrings/debian-archive-removed-keys.gpg
> gpg: Signature made Sat Mar 12 20:41:08 2022 UTC
> gpg: using RSA key
> BBBD45EA818AB86FF67E7285D3E17383CFA7FF06
> gpg: BAD signature from "Anton Gladky <gladk@debian.org>" [unknown]
>
> =======
>
> Could you please give advice, why the lately refreshed and signed
> debian-archive-removed-keys.gpg has a bad signature?
My suspicion would be that you signed the keyring before running the
build - although you only mention signing debian-archive-keyring.gpg -
but had somehow not built it correctly so, after it got rebuilt by the
makefile, your previous signature file no longer matched. (The point of
using jetring is that the result should match.)
How did you manipulate debian-archive-removed-keys.gpg? Do its contents
align with removed-keys/index, and the signature on that?
Not that it helps you directly, but I don't remember having seen such
an error when I was building the package.
Regards,
Adam
Reply to: