Re: debian-archive-keyring, update for stretch, problem

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: debian-release@lists.debian.org
Subject: Re: debian-archive-keyring, update for stretch, problem
From: Anton Gladky <gladky.anton@gmail.com>
Date: Sat, 12 Mar 2022 23:27:01 +0100
Message-id: <[🔎] CALF6qJkPdskYbhPe3YPv3RBchO_9UU6MH-azvXbsm+JNoNnCag@mail.gmail.com>
In-reply-to: <[🔎] 56aadebb0740ca858f00b0c91f3efd366bafa5c1.camel@adam-barratt.org.uk>
References: <[🔎] CALF6qJn06nWwC69RDbhsujKb0y_gJDFQf_Bnq_dh1=uFgbjr8A@mail.gmail.com> <[🔎] 56aadebb0740ca858f00b0c91f3efd366bafa5c1.camel@adam-barratt.org.uk>

Hi Adam,

thanks for your reply!

I have found the reason. I generated the signature using
Debian/Testing (Bookworm), but the signature should be
generated in the same environment, where it will
be used (in this case Stretch).

I regenerated signatures under stretch and everything works fine.

Best regards

Anton

Am Sa., 12. März 2022 um 22:24 Uhr schrieb Adam D. Barratt
<adam@adam-barratt.org.uk>:


>
> Hi,
>
> FWIW, I haven't touched d-a-k for a few years now, nor have I seen your
> package, so I'm largely guessing based on your provided text below.
>
> On Sat, 2022-03-12 at 21:52 +0100, Anton Gladky wrote:
> > I followed the README.maintainer. Added my key into team/members.
> > But then, when I just refresh the signature:
> >
> > make clean
> > make keyrings/debian-archive-keyring.gpg
> > gpg --armor --detach-sign keyrings/debian-archive-keyring.gpg
> >
> > The package does not build and fails with the following message:
> >
> > =======
> > gpg --no-options --no-default-keyring --no-auto-check-trustdb
> > --trustdb-name ./trustdb.gpg \
> > --keyring keyrings/team-members.gpg --verify \
> > keyrings/debian-archive-removed-keys.gpg.asc \
> > keyrings/debian-archive-removed-keys.gpg
> > gpg: Signature made Sat Mar 12 20:41:08 2022 UTC
> > gpg:                using RSA key
> > BBBD45EA818AB86FF67E7285D3E17383CFA7FF06
> > gpg: BAD signature from "Anton Gladky <gladk@debian.org>" [unknown]
> >
> > =======
> >
> > Could you please give advice, why the lately refreshed and signed
> > debian-archive-removed-keys.gpg has a bad signature?
>
> My suspicion would be that you signed the keyring before running the
> build - although you only mention signing debian-archive-keyring.gpg -
> but had somehow not built it correctly so, after it got rebuilt by the
> makefile, your previous signature file no longer matched. (The point of
> using jetring is that the result should match.)
>
> How did you manipulate debian-archive-removed-keys.gpg? Do its contents
> align with removed-keys/index, and the signature on that?
>
> Not that it helps you directly, but I don't remember having seen such
> an error when I was building the package.
>
> Regards,
>
> Adam
>

Reply to:

References:
- debian-archive-keyring, update for stretch, problem
  - From: Anton Gladky <gladky.anton@gmail.com>
- Re: debian-archive-keyring, update for stretch, problem
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: debian-archive-keyring, update for stretch, problem
Next by Date: Bug#1007181: marked as done (bullseye-pu: package libphp-adodb/5.20.19-1)
Previous by thread: Re: debian-archive-keyring, update for stretch, problem
Next by thread: Processed: golang-openldap: openldap 2.5 transition
Index(es):
- Date
- Thread