Bug#772515: /usr/bin/uscan: uscan: pgp signature verification using .asc keyring fails with gnupg in experimental
Yves-Alexis Perez
corsac at debian.org
Thu Mar 5 20:21:51 UTC 2015
On Mon, 08 Dec 2014 02:27:36 +0200 Tristan Seligmann <mithrandi at mithrandi.net> wrote:
> Package: devscripts
> Version: 2.14.11
> Severity: normal
> File: /usr/bin/uscan
>
> When attempting to use uscan with a debian/upstream/signing-key.asc keyring, I
> get a failure like this:
>
> -- Downloading updated package mutagen-1.27.tar.gz
> -- Downloading OpenPGP signature for package as mutagen-1.27.tar.gz.pgp
> -- Verifying OpenPGP signature mutagen-1.27.tar.gz.pgp for mutagen-1.27.tar.gz
> gpgv: keyblock resource `/tmp/BjrBPn_etd/pubring.gpg': file open error
> gpgv: Signature made Fri 28 Nov 2014 17:23:12 SAST using DSA key ID 0C693B8F
> gpgv: Can't check signature: public key not found
> uscan warning: OpenPGP signature did not verify.
>
> This ends up being because gpg 2.1.0 (currently in experimental) uses the new
> pubring.kbx keyring by default, rather than pubring.gpg. Unfortunately I could
> not find a way to make it write a new keyring in the old gpg keyring format, it
> always seems to use the new keybox format when creating a new keyring, which is
> not supported by gpgv.
>
I had the same problem. It seems that gpg2 / gpg (/usr/bin/gpg2 is
preferred over /usr/bin/gpg) is only needed for converting an armored
public key to binary public key for gpgv. So replacing the asc file by
a binary gpg one seems to workaround the problem here.
Regards,
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20150305/ff71b098/attachment.sig>
More information about the devscripts-devel
mailing list